[martin1981]

Good morning Maliprog,

junk.txt zipped is attached below.

Before I disable all non-Microsoft additions to Explorer (there are exactly 50 of them), I would like to know if, after rebooting, I will be able to re-enable them without problems? I remember spending all last Sunday struggling with sound and video programs...
To be on the safe side before I do anything I might regret, I have extracted the 50 with their details in shellexview.txt zipped attached.

Best regards

Martin

Attached Files

•  shellexview.zip   5.11KB   151 downloads
•  junk.zip   5.08KB   165 downloads

[Advertisements]

I just tried shexview and disabled all non-Microsoft extensions, rebooted and re-enabled all without any problems. I had 30 of them. Every system is different but you shouldn't have any problems with this step.

Just let me know results please.

[maliprog]

I just tried shexview and disabled all non-Microsoft extensions, rebooted and re-enabled all without any problems. I had 30 of them. Every system is different but you shouldn't have any problems with this step.

Just let me know results please.

[martin1981]

Thanks for pointed out it's safe.

Disabled as instructed, rebooted, same attempted redirects as before
Screendump malware18012012.pdf attached.

Did the procmon log reveal anything useful?

Best regards

Martin

Attached Files

•  malware 18012012.pdf   121.12KB   279 downloads

[maliprog]

Actually it did. It point us to connection string used

UNIX.lan:1383 -> jav75-1-78-192-70-254.fbxo.proxad.net:3128

Because of it we ask you to do registry dump in last .BAT file. Looks like there is more info about this connection. This is what I can see on first look.

More details will come after experts take a look at this log. Please stay with us until we resolve this.

[maliprog]

Time to try a fix. Let's remove these setting and hopefully fix your issue.

Step 1

Please start Notepad
Copy and paste these lines in Notepad

proxycfg > C:\reset.txt
proxycfg -d >> C:\reset.txt

Save file as reset.bat on your desktop
Double click to run it

You need to restart your system now.

Step 2

Please start Notepad
Copy and paste these lines in Notepad

proxycfg >> C:\reset.txt

Save file as reset2.bat on your desktop
Double click to run it
Attach or Zip and Attach the file C:\reset.txt

Any changes?

[martin1981]

Good evening Maliprog,

Well, it seems to have taken care of it. Reset.txt attached.
No attempted redirects for the first time in nearly a year.
Many thanks for your help and your patience!

Is there anything else I should do to clear remnants of the malware?

Best regards

Martin

Attached Files

•  reset.txt   993bytes   123 downloads

[maliprog]

Hi martin1981,

I'm glad to hear that. I don't think there is malware left on yur PC. This was only bad value in your connections settings. Probably left over from some earlier infection.

Your logs and system are clean now. I'm glad we fix up your computer. We need to clean up your PC from programs we used.

Step 1

Please start OTL one more time and click CleanUp button. OTL will restart your system at the end. Remove all other application we used to clean your PC.

General recommendations

Here are some recommendations you should follow to minimize infection risk in the future:

1. Enable Windows Update

• Click Start, click Run, type sysdm.cpl, and then press ENTER.
• Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them option.
• Click OK button

2. Delete Temp files

Download TFC to your desktop

• Open the file and close any other windows.
• It will close all programs itself when run, make sure to let it run uninterrupted.
• Click the Start button to begin the process. The program should not take long to finish its job
• Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

3. Make Backups of Important Files

Please read this article Home Computer Data Backup.


4. Regularly update your software

To eliminate design flaws and security vulnerabilities, all software needs to be updated to the latest version or the vendor’s patch installed.

You should download Update Checker from here. The program will automaticly check for newer version of software installed on your system.

[martin1981]

Good afternoon Maliprog,

It's cured, you can add "SOLVED" on the subject.
I tried lots of .exe files which would trigger the attempted redirect until yesterday, and all worked without interference.


Many, many thanks!

All the best

Martin.

[maliprog]

Glad we helped you!

Goodbye and stay safe

[maliprog]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.