Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google redirection [Solved]

Started by aznfeat , Apr 25 2009 11:21 PM

  • This topic is locked This topic is locked

#16
handhfan
Posted 12 May 2009 - 07:29 PM

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Upgrading Java:
  • Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 13.
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u13-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u13-windows-i586-p.exe and select "Run as an Administrator.")

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

Java™ 6 Update 11
J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7

Please do an online scan with Kaspersky WebScanner

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure the following is checked.
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.

  • 0

Advertisements

#17
aznfeat
Posted 13 May 2009 - 10:18 AM

aznfeat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Thanks for the reply!
Here is my Kaspersky log:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Wednesday, May 13, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Wednesday, May 13, 2009 04:26:30
Records in database: 2170757
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 119909
Threat name: 37
Infected objects: 82
Suspicious objects: 0
Duration of the scan: 04:20:38


File name / Threat name / Threats count
C:\Qoobox\Quarantine\C\WINDOWS\svcho.exe.vir Infected: Trojan-Downloader.Win32.FraudLoad.vncv 1
C:\Qoobox\Quarantine\C\WINDOWS\syssvc.exe.vir Infected: Trojan-Downloader.Win32.FraudLoad.vncv 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\cirnlyvv.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.hut 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\UACdldlhyfk.sys.vir Infected: Rootkit.Win32.Agent.ity 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\gyhqky.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.hut 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\jjvzzi.dll.vir Infected: Trojan.Win32.Monder.autr 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\kpopfc.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.hqn 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\mbekkvhx.dll.vir Infected: Trojan.Win32.Monder.autr 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\mcenspc.dll.vir Infected: Trojan.Win32.Agent.bsuy 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\rgnyioyu.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.hqn 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACcwrjkcgd.dll.vir Infected: Packed.Win32.Tdss.h 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACdmttimpp.dll.vir Infected: Packed.Win32.Tdss.h 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACpxypxkfr.dll.vir Infected: Packed.Win32.Tdss.f 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACtjdhrbay.dll.vir Infected: Packed.Win32.Tdss.h 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACukympabg.dll.vir Infected: Packed.Win32.Tdss.h 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACutkyboxy.dll.vir Infected: Packed.Win32.Tdss.h 1
C:\Qoobox\Quarantine\[4]-SUBMIT_2009-05-12_17.40.07.ZIP Infected: Trojan.Win32.Monder.avat 1
C:\Qoobox\Quarantine\[4]-SUBMIT_2009-05-12_17.40.07.ZIP Infected: Trojan.Win32.Monder.avba 1
C:\Qoobox\Quarantine\[4]-SUBMIT_2009-05-12_17.40.07.ZIP Infected: Trojan.Win32.Monder.aswr 1
C:\Qoobox\Quarantine\[4]-SUBMIT_2009-05-12_17.40.07.ZIP Infected: Trojan.Win32.Monder.atxk 1
C:\Qoobox\Quarantine\[4]-SUBMIT_2009-05-12_17.40.07.ZIP Infected: Trojan.Win32.Monder.avas 1
C:\Qoobox\Quarantine\[4]-SUBMIT_2009-05-12_17.40.07.ZIP Infected: Trojan.Win32.Monder.avay 2
C:\Qoobox\Quarantine\[4]-SUBMIT_2009-05-12_17.40.07.ZIP Infected: not-a-virus:AdWare.Win32.SuperJuan.jgc 1
C:\Qoobox\Quarantine\[4]-SUBMIT_2009-05-12_17.40.07.ZIP Infected: Trojan.Win32.Monder.avau 1
C:\Qoobox\Quarantine\[4]-SUBMIT_2009-05-12_17.40.07.ZIP Infected: not-a-virus:AdWare.Win32.SuperJuan.hrf 1
C:\Qoobox\Quarantine\[4]-SUBMIT_2009-05-12_17.40.07.ZIP Infected: not-a-virus:AdWare.Win32.SuperJuan.jts 1
C:\Qoobox\Quarantine\[4]-SUBMIT_2009-05-12_17.40.07.ZIP Infected: Trojan.Win32.Monder.avbn 1
C:\Qoobox\Quarantine\[4]-SUBMIT_2009-05-12_17.40.07.ZIP Infected: Trojan.Win32.Monder.avbb 1
C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP652\A0134253.exe Infected: Trojan-Downloader.Win32.FraudLoad.veke 1
C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP652\A0134254.sys Infected: Backdoor.Win32.UltimateDefender.a 1
C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP655\A0134349.exe Infected: Trojan-Downloader.Win32.FraudLoad.veke 1
C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP655\A0134354.exe Infected: Trojan-Downloader.Win32.FraudLoad.veke 1
C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP655\A0134355.exe Infected: Trojan-Downloader.Win32.Agent.aqfu 1
C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP655\A0134366.exe Infected: Trojan-GameThief.Win32.OnLineGames.tuun 1
C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP655\A0134405.sys Infected: Backdoor.Win32.UltimateDefender.a 1
C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP655\A0134406.sys Infected: Backdoor.Win32.UltimateDefender.a 1
C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP655\A0134407.exe Infected: Trojan-GameThief.Win32.OnLineGames.tuun 1
C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP678\A0140782.exe Infected: Trojan.Win32.Agent.axoc 1
C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP694\A0142145.dll Infected: Trojan.Win32.Monder.awgj 1
C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP696\A0143223.dll Infected: Trojan.Win32.Monder.bmfi 1
C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP696\A0143279.dll Infected: Trojan.Win32.Monder.atdt 1
C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP697\A0143411.dll Infected: Trojan.Win32.Monder.asrf 1
C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP697\A0145568.dll Infected: Trojan.Win32.Monder.avhg 1
C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP701\A0145839.dll Infected: Trojan.Win32.Monder.avqn 1
C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP702\A0148089.dll Infected: Trojan.Win32.Monder.bdvo 1
C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP703\A0148120.dll Infected: Trojan.Win32.Monder.avwo 1
C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP703\A0148121.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.hxl 1
C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP703\A0148122.dll Infected: Trojan.Win32.Monder.avav 1
C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP703\A0148152.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.hxl 1
C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP706\A0149411.sys Infected: Rootkit.Win32.Agent.ity 1
C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP706\A0149412.dll Infected: Packed.Win32.Tdss.h 1
C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP706\A0149413.dll Infected: Packed.Win32.Tdss.h 1
C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP706\A0149414.dll Infected: Packed.Win32.Tdss.h 1
C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP706\A0149415.dll Infected: Packed.Win32.Tdss.f 1
C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP706\A0149416.dll Infected: Packed.Win32.Tdss.h 1
C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP706\A0149417.dll Infected: Packed.Win32.Tdss.h 1
C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP706\A0149437.exe Infected: Trojan-Downloader.Win32.FraudLoad.vncv 1
C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP706\A0149438.exe Infected: Trojan-Downloader.Win32.FraudLoad.vncv 1
C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP706\A0149439.dll Infected: Trojan.Win32.Agent.bsuy 1
C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP707\A0149532.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.hut 1
C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP707\A0149534.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.hut 1
C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP707\A0149535.dll Infected: Trojan.Win32.Monder.autr 1
C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP707\A0149536.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.hqn 1
C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP707\A0149537.dll Infected: Trojan.Win32.Monder.autr 1
C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP707\A0149538.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.hqn 1
C:\_OTListIt\MovedFiles\05072009_223833\WINDOWS\System32\hlpcvq.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.hrf 1
C:\_OTListIt\MovedFiles\05072009_223833\WINDOWS\System32\hzoagn.dll Infected: Trojan.Win32.Monder.avas 1
C:\_OTListIt\MovedFiles\05072009_223833\WINDOWS\System32\ihidbr.dll Infected: Trojan.Win32.Monder.atxk 1
C:\_OTListIt\MovedFiles\05072009_223833\WINDOWS\System32\jjevlt.dll Infected: Trojan.Win32.Monder.avay 1
C:\_OTListIt\MovedFiles\05072009_223833\WINDOWS\System32\jzdtmc.dll Infected: Trojan.Win32.Monder.aswr 1
C:\_OTListIt\MovedFiles\05072009_223833\WINDOWS\System32\lkqrhx.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.ftp 1
C:\_OTListIt\MovedFiles\05072009_223833\WINDOWS\System32\mkbsbo.dll Infected: Trojan.Win32.Monder.avbn 1
C:\_OTListIt\MovedFiles\05072009_223833\WINDOWS\System32\mqrgdm.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.jts 1
C:\_OTListIt\MovedFiles\05072009_223833\WINDOWS\System32\nmktce.dll Infected: Trojan.Win32.Monder.avba 1
C:\_OTListIt\MovedFiles\05072009_223833\WINDOWS\System32\okylju.dll Infected: Trojan.Win32.Monder.avat 1
C:\_OTListIt\MovedFiles\05072009_223833\WINDOWS\System32\qbquqagf.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.ftp 1
C:\_OTListIt\MovedFiles\05072009_223833\WINDOWS\System32\vnwsqs.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.jgc 1
C:\_OTListIt\MovedFiles\05072009_223833\WINDOWS\System32\wbrtqd.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.fpx 1
C:\_OTListIt\MovedFiles\05072009_223833\WINDOWS\System32\wgoqsogo.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.fpx 1
C:\_OTListIt\MovedFiles\05072009_223833\WINDOWS\System32\wsklws.dll Infected: Trojan.Win32.Monder.avau 1
C:\_OTListIt\MovedFiles\05072009_223833\WINDOWS\System32\wupqza.dll Infected: Trojan.Win32.Monder.avbb 1

The selected area was scanned.
  • 0

#18
handhfan
Posted 13 May 2009 - 10:33 AM

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
Your logs look clean. There is only a bit of cleanup that we will deal with in this post, as well as prevention from future infections. If you have any questions or other problems, please let me know. Other than that, and the steps below, you should be all set. :)

Follow these steps to uninstall Combofix and tools used in the removal of malware
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    Posted Image

  • Make sure you have an Internet Connection.
  • Download OTCleanIt to your desktop and run it
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTCleanUp to reach the Internet, please allow the application to do so.
  • Click Yes to beging the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

Please update Adobe Reader, by downloading and installing Adobe Reader 9.1.

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:
  • SpywareBlaster to help prevent spyware from installing in the first place.
  • SpywareGuard gives you realtime protection from spyware.
  • Super Antispyware OR Malwarebytes' Anti-Malware to help remove any spyware that may have gotten on your computer.
  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites.
  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed.
  • Recent trends appear to indicate that future infections will include attacks to the boot sector of the computer. The installation of the Recovery Console in the computer will be our only defense against this threat. For more information and steps to install the Recovery Console see this article. Should you need assistance in installing the Recovery Console, please do not hesitate to ask.

To keep your operating system up to date visit Microsoft Windows Update monthly. Remember to be aware of what emails you open and websites you visit.

Have a safe and happy computing day!
  • 0

#19
aznfeat
Posted 13 May 2009 - 04:20 PM

aznfeat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Thank you so much for helping me out with this situation! I really appreciate it :)! Everything seems to be working well now. Thanks so much again!
  • 0

#20
handhfan
Posted 13 May 2009 - 09:02 PM

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP