Google Redirect [Closed]
Started by
busdrvr64
, May 28 2010 06:22 PM
#16
Posted 30 May 2010 - 09:37 AM
#17
Posted 30 May 2010 - 11:17 AM
I ran the gmer as requested. I left to prepare for folks to come over. Came back, gmer finished and closed itself. I dont know where log is.
#18
Posted 30 May 2010 - 02:27 PM
rename gmer to svchost.com and run it in safe mode
works ?
works ?
#19
Posted 30 May 2010 - 02:29 PM
my desktop is now dragging very bdly unless I reboot
#20
Posted 31 May 2010 - 01:12 AM
Woke up this morn, still have it.
#21
Posted 31 May 2010 - 05:02 AM
rename gmer to svchost.com and run it in safe mode
works ?
#22
Posted 31 May 2010 - 06:06 PM
I ran gmer in safe mode 2x and nothing to report. No log
#23
Posted 31 May 2010 - 06:58 PM
Now when I use google search, everything says :bad search or old record:. Now what do I do?
#24
Posted 01 June 2010 - 09:32 AM
Download TFC to your desktop
Please download Malwarebytes' Anti-Malware from Here
Double Click mbam-setup.exe to install the application.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
Go to Kaspersky website and perform an online antivirus scan.
- Open the file and close any other windows.
- It will close all programs itself when run, make sure to let it run uninterrupted.
- Click the Start button to begin the process. The program should not take long to finish its job
- Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean
Please download Malwarebytes' Anti-Malware from Here
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Quick Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy&Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
Go to Kaspersky website and perform an online antivirus scan.
- Read through the requirements and privacy statement and click on Accept button.
- It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
- When the downloads have finished, click on Settings.
- Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
- Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases
- Spyware, Adware, Dialers, and other potentially dangerous programs
- Click on My Computer under Scan.
- Once the scan is complete, it will display the results. Click on View Scan Report.
- You will see a list of infected items there. Click on Save Report As....
- Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.
#25
Posted 02 June 2010 - 06:36 PM
Did TFC. Going to do MBAM right now.
#26
Posted 02 June 2010 - 06:55 PM
Here is the log.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4165
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904
6/2/2010 8:54:31 PM
mbam-log-2010-06-02 (20-54-31).txt
Scan type: Quick scan
Objects scanned: 114633
Time elapsed: 7 minute(s), 45 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
C:\Program Files\Common Files\microsoft shared\DAO\NEWUSER-PC\svchost.exe (Trojan.Dropper) -> Not selected for removal.
Memory Modules Infected:
C:\Windows\System32\ijl11pro.DLL (Worm.Sohanad) -> Delete on reboot.
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sound card driver (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Windows\System32\ijl11pro.DLL (Worm.Sohanad) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Program Files\Common Files\Microsoft Shared\DAO\NEWUSER-PC\svchost.exe (Trojan.Dropper) -> Not selected for removal.
C:\Windows\System32\ijl11pro.DLL (Worm.Sohanad) -> Delete on reboot.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4165
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904
6/2/2010 8:54:31 PM
mbam-log-2010-06-02 (20-54-31).txt
Scan type: Quick scan
Objects scanned: 114633
Time elapsed: 7 minute(s), 45 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
C:\Program Files\Common Files\microsoft shared\DAO\NEWUSER-PC\svchost.exe (Trojan.Dropper) -> Not selected for removal.
Memory Modules Infected:
C:\Windows\System32\ijl11pro.DLL (Worm.Sohanad) -> Delete on reboot.
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sound card driver (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Windows\System32\ijl11pro.DLL (Worm.Sohanad) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Program Files\Common Files\Microsoft Shared\DAO\NEWUSER-PC\svchost.exe (Trojan.Dropper) -> Not selected for removal.
C:\Windows\System32\ijl11pro.DLL (Worm.Sohanad) -> Delete on reboot.
#27
Posted 03 June 2010 - 03:01 AM
Here is the other. I believe what is here is a key logger I have on my pc.
ASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, June 3, 2010
Operating system: Microsoft Windows Vista Home Basic Edition, 32-bit Service Pack 2 (build 6002)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, June 02, 2010 18:33:27
Records in database: 4196936
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - My Computer:
A:\
C:\
D:\
Scan statistics:
Objects scanned: 133359
Threats found: 1
Infected objects found: 2
Suspicious objects found: 0
Scan duration: 02:34:19
File name / Threat / Threats count
C:\Program Files\Common Files\microsoft shared\DAO\NEWUSER-PC\svchost.exe Infected: not-a-virus:Monitor.Win32.007SpySoft.l 1
C:\Users\new user\Music\microsoft.exe Infected: not-a-virus:Monitor.Win32.007SpySoft.l 1
Selected area has been scanned.
ASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, June 3, 2010
Operating system: Microsoft Windows Vista Home Basic Edition, 32-bit Service Pack 2 (build 6002)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, June 02, 2010 18:33:27
Records in database: 4196936
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - My Computer:
A:\
C:\
D:\
Scan statistics:
Objects scanned: 133359
Threats found: 1
Infected objects found: 2
Suspicious objects found: 0
Scan duration: 02:34:19
File name / Threat / Threats count
C:\Program Files\Common Files\microsoft shared\DAO\NEWUSER-PC\svchost.exe Infected: not-a-virus:Monitor.Win32.007SpySoft.l 1
C:\Users\new user\Music\microsoft.exe Infected: not-a-virus:Monitor.Win32.007SpySoft.l 1
Selected area has been scanned.
#28
Posted 03 June 2010 - 04:38 AM
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL :Services :Reg :Files C:\Program Files\Common Files\microsoft shared\DAO\NEWUSER-PC\svchost.exe C:\Users\new user\Music\microsoft.exe C:\ijl11pro.DLL /s :Commands [purity] [resethosts] [emptytemp] [EMPTYFLASH] [CREATERESTOREPOINT] [Reboot]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
#29
Posted 04 June 2010 - 03:44 PM
Do I have to include these 2?
C:\Program Files\Common Files\microsoft shared\DAO\NEWUSER-PC\svchost.exe
C:\Users\new user\Music\microsoft.exe
This is for the key logger.
C:\Program Files\Common Files\microsoft shared\DAO\NEWUSER-PC\svchost.exe
C:\Users\new user\Music\microsoft.exe
This is for the key logger.
#30
Posted 04 June 2010 - 04:37 PM
if you know what those files are then you don't need to include them
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users