Google Search Redirect Virus
#16
Posted 02 August 2010 - 07:27 PM
#17
Posted 02 August 2010 - 07:34 PM
#18
Posted 02 August 2010 - 10:02 PM
#19
Posted 03 August 2010 - 07:55 AM
#20
Posted 03 August 2010 - 06:01 PM
#21
Posted 04 August 2010 - 11:04 AM
#22
Posted 04 August 2010 - 07:01 PM
Here's my KasReport.txt:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Wednesday, August 4, 2010
Operating system: Microsoft (build 7600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, August 04, 2010 14:04:17
Records in database: 4147125
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - My Computer:
C:\
D:\
Scan statistics:
Objects scanned: 258575
Threats found: 2
Infected objects found: 3
Suspicious objects found: 0
Scan duration: 04:18:37
File name / Threat / Threats count
C:\Users\Josephine\AppData\Local\Temp\jar_cache1455006413742045285.tmp Infected: Exploit.Java.Agent.a 1
C:\Users\Josephine\AppData\Local\Temp\jar_cache1455006413742045285.tmp Infected: Exploit.Java.Agent.f 1
C:\Users\Josephine\AppData\Local\Temp\jar_cache2439893436766712565.tmp Infected: Exploit.Java.Agent.f 1
Selected area has been scanned.
#23
Posted 04 August 2010 - 07:08 PM
How are things running?
OTL Fix
We need to run an OTL Fix
- Please reopen on your desktop.
- Copy and Paste the following code into the textbox. Do not include the word "Code"
:Services :OTL :Reg :Files C:\Users\Josephine\AppData\Local\Temp\jar_cache1455006413742045285.tmp C:\Users\Josephine\AppData\Local\Temp\jar_cache1455006413742045285.tmp C:\Users\Josephine\AppData\Local\Temp\jar_cache2439893436766712565.tmp :Commands [purity] [resethosts] [CreateRestorePoint] [emptytemp] [EMPTYFLASH] [Reboot]
- Push
- OTL may ask to reboot the machine. Please do so if asked.
- Click .
- A report will open. Copy and Paste that report in your next reply.
- If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
#24
Posted 04 August 2010 - 07:27 PM
Here's the OTL log. Thanks!
All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
========== REGISTRY ==========
========== FILES ==========
C:\Users\Josephine\AppData\Local\Temp\jar_cache1455006413742045285.tmp moved successfully.
File\Folder C:\Users\Josephine\AppData\Local\Temp\jar_cache1455006413742045285.tmp not found.
C:\Users\Josephine\AppData\Local\Temp\jar_cache2439893436766712565.tmp moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Josephine
->Temp folder emptied: 229332536 bytes
->Temporary Internet Files folder emptied: 19193814 bytes
->Java cache emptied: 640084 bytes
->FireFox cache emptied: 72750055 bytes
->Apple Safari cache emptied: 135374848 bytes
->Flash cache emptied: 209701 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 253293569 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50467 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
RecycleBin emptied: 6407305 bytes
Total Files Cleaned = 684.00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: Josephine
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0.00 mb
OTL by OldTimer - Version 3.2.9.1 log created on 08042010_181735
Files\Folders moved on Reboot...
C:\Users\Josephine\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.
File\Folder C:\Windows\temp\mcafee_FWVRYQUoj8Kr9xl not found!
File\Folder C:\Windows\temp\mcmsc_6RgS3kHLiHMPg9y not found!
File\Folder C:\Windows\temp\mcmsc_Ac3l4FbqFlqTcF4 not found!
File\Folder C:\Windows\temp\mcmsc_vblATUXn19wklLK not found!
File\Folder C:\Windows\temp\sqlite_1LNJ8oEJTnTobcD not found!
File\Folder C:\Windows\temp\sqlite_4mAEpgiEBrt48Po not found!
File\Folder C:\Windows\temp\sqlite_pC9Ona1heKt56HJ not found!
File\Folder C:\Windows\temp\sqlite_rXBtKbFUe81BtZQ not found!
Registry entries deleted on Reboot...
#25
Posted 04 August 2010 - 07:33 PM
Your logs appear to be clean, so if you have no further issues with your computer, then please proceed with the following housekeeping procedures outlined below.
NEXT:
OTL Clean-Up
We Need to Clean Up our Mess
Our work on your machine has left considerable leftovers on your box. Let's clean those up real quick:
- Reopen on your desktop.
- Click on
- You will be prompted to reboot your system. Please do so.
NEXT:
Now you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.
The easiest and safest way to do this is:
- Go to Start > Programs > Accessories > System Tools and click "System Restore".
- Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
- Then use Disk Cleanup to remove all but the most recently created Restore Point.
- Go to Start > Run and type: Cleanmgr
- Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
- Click the "More Options" tab, then click the "Clean up" button under System Restore.
- Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
- Click Yes, then click Ok.
- Click Yes again when prompted with "Are you sure you want to perform these actions?"
- Disk Cleanup will remove the files and close automatically.
NEXT:
All Clean Speech
===> Make sure you've re-enabled any Security Programs that we may have disabled during the malware removal process. <===
Below I have included a number of recommendations for how to protect your computer against malware infections.- It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
Strong passwords: How to create and use them then consider a password keeper, to keep all your passwords safe.
- Keep Windows updated by regularly checking their website at: http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.
- FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.
- SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.
- SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.
- Make Internet Explorer more secure
- Click Start > Run
- Type Inetcpl.cpl & click OK
- Click on the Security tab
- Click Reset all zones to default level
- Make sure the Internet Zone is selected & Click Custom level
- In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
- Next Click OK, then Apply button and then OK to exit the Internet Properties page.
- ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
- WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
- Green to go
- Yellow for caution
- Red to stop
- Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from Here
- If you choose to use Firefox, I highly recommend this add-on to keep your PC even more secure.
- NoScript - for blocking ads and other potential website attacks
- If you choose to use Firefox, I highly recommend this add-on to keep your PC even more secure.
- Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
- ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
- In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
Think Prevention.
PC Safety and Security--What Do I Need?.
Thank you for your patience, and performing all of the procedures requested.
Please respond one last time so we can consider the thread resolved and close it, thank-you.
Cheers,
SweetTech.
#26
Posted 04 August 2010 - 08:26 PM
Hello,
Your logs appear to be clean, so if you have no further issues with your computer, then please proceed with the following housekeeping procedures outlined below.
NEXT:
OTL Clean-Up
We Need to Clean Up our Mess
Our work on your machine has left considerable leftovers on your box. Let's clean those up real quick:If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.
- Reopen on your desktop.
- Click on
- You will be prompted to reboot your system. Please do so.
NEXT:
Now you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.
The easiest and safest way to do this is:
- Go to Start > Programs > Accessories > System Tools and click "System Restore".
- Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
Vista and Windows 7 users can refer to these links: Create a New Restore Point in Vista or Windows 7 and Disk Cleanup in Vista.
- Then use Disk Cleanup to remove all but the most recently created Restore Point.
- Go to Start > Run and type: Cleanmgr
- Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
- Click the "More Options" tab, then click the "Clean up" button under System Restore.
- Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
- Click Yes, then click Ok.
- Click Yes again when prompted with "Are you sure you want to perform these actions?"
- Disk Cleanup will remove the files and close automatically.
NEXT:
All Clean Speech===> Make sure you've re-enabled any Security Programs that we may have disabled during the malware removal process. <===
Below I have included a number of recommendations for how to protect your computer against malware infections.**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.
- It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
Strong passwords: How to create and use them then consider a password keeper, to keep all your passwords safe.
- Keep Windows updated by regularly checking their website at: http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.
- FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.
- SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.
- SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.
- Make Internet Explorer more secure
- Click Start > Run
- Type Inetcpl.cpl & click OK
- Click on the Security tab
- Click Reset all zones to default level
- Make sure the Internet Zone is selected & Click Custom level
- In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
- Next Click OK, then Apply button and then OK to exit the Internet Properties page.
- ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
- WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
WOT has an addon available for both Firefox and IE
- Green to go
- Yellow for caution
- Red to stop
- Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from Here
- If you choose to use Firefox, I highly recommend this add-on to keep your PC even more secure.
- NoScript - for blocking ads and other potential website attacks
- Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
- ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
- In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
Think Prevention.
PC Safety and Security--What Do I Need?.
Thank you for your patience, and performing all of the procedures requested.
Please respond one last time so we can consider the thread resolved and close it, thank-you.
Cheers,
SweetTech.
#27
Posted 05 August 2010 - 07:10 AM
Take Care.
Cheers,
SweetTech.
#28
Posted 05 August 2010 - 07:11 AM
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users