Win32 Olmarik.ALJ Trojan Win 7 x64

[Mike65]

I downloaded a file infected with a trojan called Olmarik.ALJ on the MBR sector of 0 physical disk as reported by Eset nod32 & it couldn't be removed

My pc went blank immediately after executing the file and after rebooting, windows tried to fix the startup problem.

Windows could not fix it and the report said the CI.dll was corrupted.

I ran NTBR_CD and got it to boot again.

I ran dds.scr & posted reports.

I ran rkill,& tdsskiller.

I downloaded MB 7 ran a quick scan and found 7 infections which were removed successfully.

My browser gets redirected.

Microsoft security essentials will not run nor windows defender.

Attach.txt

DDS.txt

rkill.log

mbam-log-2011-06-06 (14-09-32).txt

[Kruis]

Please Malwarebytes' Anti-Malware 1.46 upgrade 1.51.0.1200

and Not quick scan .Please Full Scanner.

[Mike65]

I ran a full scan with MBAM see log mbam-log-2011-06-06 (15-07-00).txt

[Mike65]

Please Malwarebytes' Anti-Malware 1.46 upgrade 1.51.0.1200

and Not quick scan .Please Full Scanner.

I must have been reading your mind, I posted the log 1 min after yours.

I ran MBAM again with no infections & I also ran eset online scanner & got rid of 2 threats. 1 in user/appdata/local/temp & 1 in temp internet files; nothing to really worry about. I didn't see where I could get a log though. Right now, my browser still gets redirected to different locations each time. Acts like adware.

mbam-log-2011-06-06 (15-50-55).txt

[Mike65]

I looked through my programs & features & found Conduit Engine which I uninstalled.

After rebooting, still being redirected.

In search engines I found people posting that the toolbar is in IE & is removed when uninstalled, in firefox remove the ad-on which I don't have.

Just a guess, but I looked in my firefox profile & found a folder called FVD Single which contains the file I attached supported_sites.txt

I also have a Cashe & startupCashe folders which are not default firefox folders.

[Kruis]

Okay.

1)

Download : http://housecall.trendmicro.com/

Please Results Screen

2 ) http://www.trendmicro.com/ftp/products/hijackthis/HijackThis.exe Please Hijackthis report .

[Mike65]

Okay.

1)

Download : http://housecall.trendmicro.com/

Please Results Screen ** I didn't see a log for this, but removed 2 viruses (I will rescan & send screen shot.)

2 ) http://www.trendmicro.com/ftp/products/hijackthis/HijackThis.exe Please Hijackthis report .

hijackthis.log

I recently installed a program to get my mce remote to work with Vuze: mceRemote2vlc (i see in the hijackthis report that there is a R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\ program. Is this a legit program or part of my problem?

[Mike65]

hijackthis.log

I recently installed a program to get my mce remote to work with Vuze: mceRemote2vlc (i see in the hijackthis report that there is a R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\ program. Is this a legit program or part of my problem?

Here are the screen shots from housecall

[screen317]

Everyone who is not Mike65, stop posting in this thread.

Mike65, do not follow the advice of anyone who is not an authorized staff member.

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

[screen317]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!