Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google Redirect Virus again


  • Please log in to reply

#16
Strike Martel

Strike Martel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 70 posts
GooredFix v1.92 by jpshortstuff
Log created at 13:47 on 20/05/2009 running Option #2 (Ryan Preston)
Firefox version 3.0.10 (en-GB)

=====Goored Deletions=====
C:\Program Files\Mozilla Firefox\extensions\{56566C5E-C71F-49B6-AAC9-D684E8B8D3B2}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.
C:\Program Files\Mozilla Firefox\extensions\{27758EDB-653F-4D83-A15E-F9BFC9F12F91}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.
C:\Program Files\Mozilla Firefox\extensions\{10835DA3-2C49-4B06-9608-124192E5603D}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"[email protected]"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\Program Files\Real\RealPlayer\browserrecord"
  • 0

Advertisements


#17
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please download ATF Cleaner by Atribune.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
==============================================
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#18
Strike Martel

Strike Martel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 70 posts
Sorry for the late reply:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Thursday, May 21, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Wednesday, May 20, 2009 22:10:48
Records in database: 2206118
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 94266
Threat name: 3
Infected objects: 3
Suspicious objects: 0
Duration of the scan: 08:37:50


File name / Threat name / Threats count
C:\Documents and Settings\Ryan Preston\Desktop\Security Stuff\samples.cab Infected: Trojan-Dropper.Win32.Agent.apgo 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\ovfsthrhosrwvjfylisiboauiqubvpqbrbejpw.dll.vir Infected: Trojan.Win32.Tdss.aalc 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\0D2FST67\lsp[1].exe Infected: Trojan-Dropper.Win32.Agent.aolj 1

The selected area was scanned.

---

I forgot to turn my Antivirus back on, this ad came up, and Win PC Antivirus got installed, although I manually removed that and there are no problems stemming from that.

Edited by Strike Martel, 21 May 2009 - 03:16 PM.

  • 0

#19
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Ok.

Run OTList2.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :files
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\0D2FST67\lsp[1].exe
    C:\Documents and Settings\Ryan Preston\Desktop\Security Stuff\samples.cab
    
    :Commands
    [emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.
=============
After that let me know if things are back to normal.
Can you tell me where the ad may have stemmed from?
  • 0

#20
Strike Martel

Strike Martel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 70 posts
The ad came from a myspace page designer type of thing that I accidentally clicked when my computer froze a little and my pointer moved further than where I need to. I hadn't realised my firewall was still disabled and so I think that's why it came up, I think.

My computer still seems to be running a little slow, and SAV was taking up a lot of memory on startup... although it's fine so long as 'On-Access Scanning' is disabled, otherwise my computer gets really slow; it did get rid of 3 infected files so would that make a difference? Aside from that, things seem okay. I have, however, got a desktop.ini and a few other files such as album art on my desktop, along with "folder.jpg" and thumbs.db that appeared after I rebooted my computer. Can I delete those?

Here is the log:

========== FILES ==========
File move failed. C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\0D2FST67\lsp[1].exe scheduled to be moved on reboot.
C:\Documents and Settings\Ryan Preston\Desktop\Security Stuff\samples.cab moved successfully.
========== COMMANDS ==========
File delete failed. C:\Documents and Settings\Ryan Preston\Local Settings\temp\~DF3FF5.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Ryan Preston\Local Settings\temp\~DF4006.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Ryan Preston\Local Settings\temp\~DF40B2.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Ryan Preston\Local Settings\temp\~DF40C4.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Ryan Preston\Local Settings\temp\~DF41E1.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Ryan Preston\Local Settings\temp\~DF41FC.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Network Service Temp folder emptied.
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_1d0.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.

OTListIt2 by OldTimer - Version 2.0.15.8 log created on 05222009_133724

Files moved on Reboot...
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\0D2FST67\lsp[1].exe not found!
File C:\Documents and Settings\Ryan Preston\Local Settings\temp\~DF3FF5.tmp not found!
File C:\Documents and Settings\Ryan Preston\Local Settings\temp\~DF4006.tmp not found!
File C:\Documents and Settings\Ryan Preston\Local Settings\temp\~DF40B2.tmp not found!
File C:\Documents and Settings\Ryan Preston\Local Settings\temp\~DF40C4.tmp not found!
File C:\Documents and Settings\Ryan Preston\Local Settings\temp\~DF41E1.tmp not found!
File C:\Documents and Settings\Ryan Preston\Local Settings\temp\~DF41FC.tmp not found!
File C:\WINDOWS\temp\Perflib_Perfdata_1d0.dat not found!

Registry entries deleted on Reboot...

Edited by Strike Martel, 22 May 2009 - 06:57 AM.

  • 0

#21
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts

got a desktop.ini and a few other files such as album art on my desktop, along with "folder.jpg" and thumbs.db that appeared after I rebooted my computer. Can I delete those?

These are just hidden files they need to be there as the have a purpose to the Operating system.
Sav is more than likely picking up files that we have already deleted.

Do this and see if it helps the speed.
Please download OT CLeanit from Here save it to your desktop.
Double click on OT Clean it to run it.
Then click on Clean up.
Restart your computer when prompted.
This will remove what tools we used.

Let me know how things run after that?
  • 0

#22
Strike Martel

Strike Martel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 70 posts
Things are quicker. Should I leave on-access scanning on/off? Perhaps Sophos will run a little better now? Apart from that little question, I think everything is resolved! :) I'll be sure to scan at least once a week with SB, AdAware, and MalwareBytes as well as my SAV. Are there any programs you would recommend me to download that would greatly help in defending my computer, or are the 4 I mentioned above good enough?

Anyway, thank you very much for using your time to help someone mediocre :) I've also learnt what to do should a similar thing arise, although I don't intend for anything else to arise.

Thank you very much for your assistance :)

PS: I just hid the desktop system files.

Edited by Strike Martel, 22 May 2009 - 07:17 AM.

  • 0

#23
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
You are welcome :)

Should I leave on-access scanning on/off?

If it has real time protection then you should not need the On access scanning.
Was it always like that?
Like when you boot up the computer was SAV always slow?
=================================
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java SE Runtime Environment (JRE) 6 Update 13...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u10-windows-i586-p.exe to install the newest version.
======================
Delete\uninstall anything else that we have used.

Including this folder C:\Rsit

System Restore
Then I will need you to reset your System Restore points.
The link below shows how to create a clean restore point.
How to Turn On and Turn Off System Restore in Windows XP
http://support.micro...kb/310405/en-us

If you are using Vista then see this link > http://www.bleepingc...143.html#manual
=====================================
After that your all set. :)


The following are some articles and a Windows Update link that I like to suggest to people to prevent malware and general PC maintenance.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Prevention article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.

If your computer is slow Is a tutorial on what you can do if your computer is slow.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP