[amm007]

ow! redirection is present at this point.will reformatting remove this thing?

[Advertisements]

On what computers is the redirection present?

[kahdah]

On what computers is the redirection present?

[amm007]

1 and 2

[kahdah]

Only stick to computer one with this tool then we will move on to the rest.

Please download Navilog1 by IL-MAFIOSO:
http://pagesperso-or...ix/Navilog1.exe
(*Alternate download location Here)

* Save it to your Desktop.
* Double-click on Navilog1.exe to install the program.
* When the installation is complete, the tool will start automatically.
* If it doesn't start automatically, please double-click on the Navilog1 shortcut on your Desktop to run it.
* Press E for English from the language Menu.
* Type 1 in the next Menu to select Search and press Enter.
* Wait for the Scan to finish (It may take a reasonable amount of time).
* Press any key as requested .
* A new document will be produced: fixnavi.txt.
* Please copy/paste the contents of this report in your next reply.

The report is also saved in the root of the directory, "%SystemDrive%\fixnavi.txt". (usually C:\fixnavi.txt)

[amm007]

Search Navipromo version 3.6.3 began on Fri 08/15/2008 at 18:34:43.50

!!! Warning, this report may include legitimate files/programs !!!
!!! Post this report on the forum you are being helped !!!
!!! Don't continue with removal unless instructed by an authorized helper !!!
Fix running from C:\Program Files\navilog1
Actual User Account : "Adrian"

Updated on 09.08.2008 at 18h00 by IL-MAFIOSO


Microsoft Windows XP [Version 5.1.2600]
Version Internet Explorer : 7.0.5730.13
Filesystem type : NTFS

Search done in normal mode

*** Searching for installed Software ***


*** Search folders in "C:\WINDOWS" ***


*** Search folders in "C:\Program Files" ***


*** Search folders in "C:\Documents and Settings\All Users\startm~1\programs" ***


*** Search folders in "C:\Documents and Settings\All Users\startm~1" ***


*** Search folders in "c:\docume~1\alluse~1\applic~1" ***


*** Search folders in "C:\Documents and Settings\Adrian\applic~1" ***


*** Search folders in "C:\DOCUME~1\ADMINI~1\applic~1" ***


*** Search folders in "C:\Documents and Settings\Adrian\locals~1\applic~1" ***


*** Search folders in "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" ***


*** Search folders in "C:\Documents and Settings\Adrian\startm~1\programs" ***


*** Search folders in "C:\DOCUME~1\ADMINI~1\startm~1\programs" ***


*** Search with Catchme-rootkit/stealth malware detector by gmer ***
for more info : http://www.gmer.net



*** Search with GenericNaviSearch ***
!!! Possibility of legitimate files in the result !!!
!!! Must always be checked before manually deleting !!!

* Scan in "C:\WINDOWS\system32" *

* Scan in "C:\Documents and Settings\Adrian\locals~1\applic~1" *

* Scan in "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *



*** Search files ***



*** Search specific Registry keys ***


*** Complementary Search ***
(Search specific files)

1)Search new Instant Access files :


2)Heuristic Search :

* In "C:\WINDOWS\system32" :


* In "C:\Documents and Settings\Adrian\locals~1\applic~1" :


* In "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" :


3)Certificates Search :

Egroup certificate not found !
Electronic-Group certificate not found !
Montorgueil certificate not found !
OOO-Favorit certificate not found !
Sunny-Day-Design-Ltd certificate not found !

4)Search known files :



*** Search completed on Fri 08/15/2008 at 18:41:13.87 ***

[kahdah]

Hmm still nothing.

Let's try this.

Go to Start > Run type in Cmd then hit ok
At the command prompt which will be this C:|WIndows\system32 type in this > ipconfig /flushdns then hit enter.
You should get this message > Successfully flushed the DNS Resolver Cache.

AFter thta reboot and tell me if the redirects are still present?

[amm007]

Its still present. Ill just try to back-up format the disk and then i will get back here to repost logs. Let me know if there is still traces of virus from my backup scheme. Thanks!

[kahdah]

Ok.

[amm007]

I have just finished reformatting my PC. What scanner log do I post? site redirection became present in my browser. i suspect its because of my removable hard drive. i havent plugged any usb disk other than that. i plan to format that drive too after some back-ups and use it on computer 2 to format and back up again. thanks!

[kahdah]

You didn't do a repair install did you?

[amm007]

what do you mean by repair install?

[kahdah]

That means that you did not format the drive just put in the disk and chose R for repair to repair the files.
You should not have redirects if you did it as format (Wiping the drive clean then re-installing Windows.)

[amm007]

No i did not. i formatted the whole drive c. But I cant let go of my files so i backed it up in the removable hard disk (which seems infected). I opened it using the run prompt for security purposes but still it infected my computer with the link redirection...looks like we just have to wipe clean this thing..

[kahdah]

Yes if you don't you will end up in the same place as before.

[amm007]

Okay. But i guess this minimized the rate of resiliency. Shall we proceed to completely cleaning the newly formatted computer 1? afterwards, i'll format computer 2 and use the removable hard disk to back up files at the same time cleaning all other flash disks i have. then lastly, format my removable hard disk. then, we reinspect logs and check if virus symptoms are now gone and is not resilient. is this scheme practical? thanks again for helping this far.