Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Yahoo Re-direct / Scan keeps finding Troj/JSRedirect-O


  • Please log in to reply

#16
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello ascollick,

The options you picked are the right ones, for the instructions, please print them out or write them down so you can use them in safe mode. :)
  • 0

Advertisements


#17
ascollick

ascollick

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Hi Jimmy :)

Ok that scan took 16 hours ; ( I scanned my C Drive I am not sure if that was one you wanted or not but I think that is what took so long )

It did not detect anything :)

Thanks ! Amber
  • 0

#18
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello ascollick,

Could you please give me a update on how your computer is running now.
  • 0

#19
ascollick

ascollick

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Hi Jimmy,

I have not been using it because I am worried about transferring my info everywhere ???

Just now I did some google and yahoo searches and I was not re-directed ; but that happened once before and then it started again ?

I also just got a message from my Webroot program it said

APP/PS-Exec-Gen ( Hacker Tool ) found and quaratined

It is running somewhat slow ; but that may be from everything I have downloaded ? and I still have those security messages.

Thanks for your help ! Amber
  • 0

#20
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello ascollick,

APP/PS-Exec-Gen ( Hacker Tool ) found and quaratined

Where was this found?

It is running somewhat slow

After we try to make sure the malware is gone, we can try a few things to help speed it up. :)

and I still have those security messages.

The ones you get from some websites where you need to login?
  • 0

#21
ascollick

ascollick

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Hi Jimmy,

I did not realize I could see the areas in Webroot ;

It shows these two locations for the Hacker Tool ;

c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}-rp1250\a9088955.exe
c:\32788r22fwjfw\psexec.cfexe

Also here is where that Trojan Re-direct was found in thse locations;

document and settings\ amber scollick\local settings\temporary internet files\content.ie5\0t1ccmf3\beana-ring[1].htm
document and settings\ amber scollick\local settings\temporary internet files\content.ie5.uvvh7ry1\beana-ring[1].htm
document and settings\ amber scollick\local settings\temporary internet files\content.ie5\mix29uci\jquery[2].js
document and settings\ amber scollick\local settings\temporary internet files\content.ie5\zuy2z214\jquery[1].js

One more I thought I should show you ??
App/NewDotNet-G

document and settings\ amber scollick\local settings\temporary internet files\content.ie5\w9qvgtuz\upgrade[1].cab

Yes still the same security messages on sites that require login ; I just wanted to be sure you knew that was still happening :)

THANKS !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! ( Please see below )

Hey Jimmy :) My webroot just ran its daily scan and it added this location to the Hacker Tool locations

c:\documents and settings\amber scollick\desktop\combofix.exe ( that might be normal ?? I just wanted to show you that )

Also dont know if it is relevant but everytime I run my scan it turns up between 20-25 Spy Cookies ?

Thanks again !

Edited by ascollick, 28 April 2009 - 08:59 AM.

  • 0

#22
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello ascollick,

c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}-rp1250\a9088955.exe
c:\32788r22fwjfw\psexec.cfexe

Those look to be false alerts.

Also here is where that Trojan Re-direct was found in thse locations;

Those are in the temp folders, please use the following program to help clean out the temp folders.



Please download ATF Cleaner by Atribune.

Caution: This program is for Windows 2000, XP and Vista only
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Yes still the same security messages on sites that require login ; I just wanted to be sure you knew that was still happening

That sounds normal. :)

c:\documents and settings\amber scollick\desktop\combofix.exe ( that might be normal ?? I just wanted to show you that )

That is a false alert.

Also dont know if it is relevant but everytime I run my scan it turns up between 20-25 Spy Cookies ?

Those are normal, they are nothing to worry about. :)
  • 0

#23
ascollick

ascollick

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Hi Jimmy :)

Done :)

One other strange thing..when I go to www.steelers.com ( my computer freezes up ) every time. I normally look at this site often. But a message pops up that says You are about to leave a secure internet connection ; it will be possible for others to view...( even if I click ok ) it locks up.

I have to Control Alt Delete to get out of it ; then when I do it closes down all my programs ; it does not let me just choose that one ?

Thanks ! Amber

Edited by ascollick, 28 April 2009 - 08:28 PM.

  • 0

#24
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello ascollick,

Is that the only website it does this at? What web browser does it do this in?
  • 0

#25
ascollick

ascollick

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Hi JImmy,

So far that is the only one I have noticed it doing it in. I am using Internet Explorer 8 and I do most my searches thru yahoo.

Thanks ! Amber
  • 0

Advertisements


#26
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello ascollick,

Could you please try to add www.steelers.com to your trusted zone and see if that helps. If you need any help doing this please let me know.
  • 0

#27
ascollick

ascollick

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Hi Jimmy :)

Ok that worked.

Another thing..my personal website is called www.beanababy.com ; whenever I go to my site ( which is also all saved on C drive ) I get a message from my webroot which says they quarantined an unwanted program ??

It says Trojan-Re-direct-O on every single page of my site ???

This has never happened before ??

Do you think I still have a virus etc ?

Thanks so much for all your help ! Amber
  • 0

#28
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello ascollick,

Not sure on that, please check the programing on your website and make sure you don't have anything strange in it.

Do you think I still have a virus etc ?

I don't think you do.
  • 0

#29
ascollick

ascollick

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Hey Jimmy,

I cant seem to find anything..I have never had any problems like this before ??

When I go to the site ( or any pages within the site ) this pops up

Detected MAL-OBFJS-BT ( it rates it as a level 4 virus ) ??

Thanks ! Amber

Edited by ascollick, 30 April 2009 - 09:41 PM.

  • 0

#30
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello ascollick,


Where is it finding this malware at?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP