Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Attempted redirect to 78.192.70.254 whenever I click on a .exe file [S


  • This topic is locked This topic is locked

#31
martin1981

martin1981

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Good morning Maliprog,

junk.txt zipped is attached below.

Before I disable all non-Microsoft additions to Explorer (there are exactly 50 of them), I would like to know if, after rebooting, I will be able to re-enable them without problems? I remember spending all last Sunday struggling with sound and video programs...
To be on the safe side before I do anything I might regret, I have extracted the 50 with their details in shellexview.txt zipped attached.

Best regards

Martin

Attached Files


  • 0

Advertisements


#32
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
I just tried shexview and disabled all non-Microsoft extensions, rebooted and re-enabled all without any problems. I had 30 of them. Every system is different but you shouldn't have any problems with this step.

Just let me know results please.
  • 0

#33
martin1981

martin1981

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Thanks for pointed out it's safe.

Disabled as instructed, rebooted, same attempted redirects as before
Screendump malware18012012.pdf attached.

Did the procmon log reveal anything useful?

Best regards

Martin

Attached Files


  • 0

#34
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Actually it did. It point us to connection string used

UNIX.lan:1383 -> jav75-1-78-192-70-254.fbxo.proxad.net:3128

Because of it we ask you to do registry dump in last .BAT file. Looks like there is more info about this connection. This is what I can see on first look.

More details will come after experts take a look at this log. Please stay with us until we resolve this.
  • 0

#35
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Time to try a fix. Let's remove these setting and hopefully fix your issue.

Step 1

Please start Notepad
Copy and paste these lines in Notepad

proxycfg > C:\reset.txt
proxycfg -d >> C:\reset.txt

Save file as reset.bat on your desktop
Double click to run it

You need to restart your system now.

Step 2

Please start Notepad
Copy and paste these lines in Notepad

proxycfg >> C:\reset.txt

Save file as reset2.bat on your desktop
Double click to run it
Attach or Zip and Attach the file C:\reset.txt

Any changes?
  • 0

#36
martin1981

martin1981

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Good evening Maliprog,

Well, it seems to have taken care of it. Reset.txt attached.
No attempted redirects for the first time in nearly a year.
Many thanks for your help and your patience!

Is there anything else I should do to clear remnants of the malware?

Best regards

Martin

Attached Files


  • 0

#37
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi martin1981,

I'm glad to hear that. I don't think there is malware left on yur PC. This was only bad value in your connections settings. Probably left over from some earlier infection.

Your logs and system are clean now. I'm glad we fix up your computer. We need to clean up your PC from programs we used.

Step 1

Please start OTL one more time and click CleanUp button. OTL will restart your system at the end. Remove all other application we used to clean your PC.

General recommendations

Here are some recommendations you should follow to minimize infection risk in the future:

1. Enable Windows Update
  • Click Start, click Run, type sysdm.cpl, and then press ENTER.
  • Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them option.
  • Click OK button

2. Delete Temp files

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

3. Make Backups of Important Files

Please read this article Home Computer Data Backup.


4. Regularly update your software

To eliminate design flaws and security vulnerabilities, all software needs to be updated to the latest version or the vendor’s patch installed.

You should download Update Checker from here. The program will automaticly check for newer version of software installed on your system.
  • 0

#38
martin1981

martin1981

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Good afternoon Maliprog,

It's cured, you can add "SOLVED" on the subject.
I tried lots of .exe files which would trigger the attempted redirect until yesterday, and all worked without interference.
:thumbsup: :thumbsup: :thumbsup: :thumbsup:

Many, many thanks!

All the best

Martin.
  • 0

#39
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Glad we helped you!

Goodbye and stay safe :thumbsup:
  • 0

#40
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP