*Sigh* Annoying Virus - Help? - HotUKDeals
We use cookie files to improve site functionality and personalisation. By continuing to use HUKD, you accept our cookie and privacy policy.
Get the HUKD app free at Google Play

Search Error

An error occurred when searching, please try again!

Login / Sign UpSubmit

*Sigh* Annoying Virus - Help?

£0.00 @
My dim friend has managed to get his laptop infected with a shedloads of viruses, I've got rid of MOST of these, but one blighter remains. Basically, when you search on google, and you get search…
sicpuppy Avatar
6y, 6m agoPosted 6 years, 6 months ago
My dim friend has managed to get his laptop infected with a shedloads of viruses, I've got rid of MOST of these, but one blighter remains.

Basically, when you search on google, and you get search results, the links just redirect you to another scam website, or, Ask Jeeves sometimes! They are sometimes accompanied by a popup.

Also worth noting, I have used AVG Free and Malware Bytes Anti Malware

Running Vista

I have included an HijackThis Log.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:41:12, on 19/08/2010
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.17037)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wuauclt.exe
C:\Users\admin\Downloads\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O1 - Hosts: 85.13.206.115 u07012010u.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

--
End of file - 3966 bytes

Any help guys :)
sicpuppy Avatar
6y, 6m agoPosted 6 years, 6 months ago
Options

All Comments

(15) Jump to unreadPost a comment
Comments/page:
banned#1
Download hijack this & malwarebytes
They are both free & are really good
Let us know how you get on
#2
robbieukranger
Download hijack this & malwarebytesThey are both free & are really good Let us know how you get on
Used Malwarebytes, very helpful, got rid of annoying GT Antivirus popups which were driving me mad

HJT report is included
#3
robbieukranger
Download hijack this & malwarebytesThey are both free & are really good Let us know how you get on

• . . . . . .. . . . . . . . . . . ,.-‘”. . . . . . . . . .``~.,
. . . . . . . .. . . . . .,.-”. . . . . . . . . . . . . . . . . .“-.,
. . . . .. . . . . . ..,/. . . . . . . . . . . . . . . . . . . . . . . ”:,
. . . . . . . .. .,?. . . . . . . . . . . . . . . . . . . . . . . . . . .\,
. . . . . . . . . /. . . . . . . . . . . . . . . . . . . . . . . . . . . . ,}
. . . . . . . . ./. . . . . . . . . . . . . . . . . . . . . . . . . . ,:`^`.}
. . . . . . . ./. . . . . . . . . . . . . . . . . . . . . . . . . ,:”. . . ./
. . . . . . .?. . . __. . . . . . . . . . . . . . . . . . . . :`. . . ./
. . . . . . . /__.(. . .“~-,_. . . . . . . . . . . . . . ,:`. . . .. ./
. . . . . . /(_. . ”~,_. . . ..“~,_. . . . . . . . . .,:`. . . . _/
. . . .. .{.._$;_. . .”=,_. . . .“-,_. . . ,.-~-,}, .~”; /. .. .}
. . .. . .((. . .*~_. . . .”=-._. . .“;,,./`. . /” . . . ./. .. ../
. . . .. . .\`~,. . ..“~.,. . . . . . . . . ..`. . .}. . . . . . ../
. . . . . .(. ..`=-,,. . . .`. . . . . . . . . . . ..(. . . ;_,,-”
. . . . . ../.`~,. . ..`-.. . . . . . . . . . . . . . ..\. . /\
. . . . . . \`~.*-,. . . . . . . . . . . . . . . . . ..|,./.....\,__
,,_. . . . . }.>-._\. . . . . . . . . . . . . . . . . .|. . . . . . ..`=~-,
. .. `=~-,_\_. . . `\,. . . . . . . . . . . . . . . . .\
. . . . . . . . . .`=~-,,.\,. . . . . . . . . . . . . . . .\
. . . . . . . . . . . . . . . . `:,, . . . . . . . . . . . . . `\. . . . . . ..__
. . . . . . . . . . . . . . . . . . .`=-,. . . . . . . . . .,%`>--
banned#4
if you havent already get kaspersky (30 day free trial) give that a go.
#5
did you run M-bam in safe mode and remember to reboot the pc to complete the removal?
#6
This is not a virus it is malware/spyware.

So most "virus" products will not find it nor get rid of it.

Try running Malwarebytes in safe mode.

These can be very nasty and very difficult to get rid of. Might mean a full Windows reinstall.
#7
DAMNOME
did you run M-bam in safe mode and remember to reboot the pc to complete the removal?

Just in regular mode, but I did reboot.
#8
sicpuppy
DAMNOME
did you run M-bam in safe mode and remember to reboot the pc to complete the removal?
Just in regular mode, but I did reboot.

I would try it in safe mode
make sure you've updated database and run a full scan in safe mode
#9
Will also need to disable System Restore points before commencing with scan in Safe Mode i think.
#10
I assume you are attacking these from within Safe mode and not normal Windows. As this will stop the files getting locked (or reinstalled on shut down).

Keep tapping F8 when you switch the machine on and select Safe Mode.

I would try 4 programs:
Scan using AVG Free Antivirus (runs in limited mode in Safe Mode):
http://www.majorgeeks.com/AVG_AntiVirus_Free_Edition_d886.html

Scan using Avira Free AntiVirus (remove avg first - dont mix Antivirus software)
http://www.majorgeeks.com/Avira_AntiVir_Personal_-_FREE_Antivirus_d955.html

Now attack the spyware:
Spybot (free) 1st:
http://www.majorgeeks.com/SpyBot-Search_&_Destroy_Tools_d2471.html

now as a 2nd run use the excellent free IO360 (formally Advanced Spyware remover). Unfortunately, you can not download an updated version, instead you have to update after installation. Its worth it, this is a great package.
http://www.majorgeeks.com/IObit_Security_360_d6088.html

Scan with this. Again most of these run in Safe mode (but may not install in safe mode). AVG in safe mode - go to my computer, right click on C: Disk and select Scan with AVG. You can not open the main interface in Safe mode.

Also, if you want to massively speed up the scans download CCleaner (google it). Its brilliant at removing all you temp files properly (unlike windows) and can also scan registry for broken links (irrelevant here).

Edited By: Gordon Bell on Aug 19, 2010 20:13: x
#11
Re : Hijack log

O1 - Hosts: 85.13.206.115 u07012010u.com

Hey, that file is nasty (_;)
#12
sparkyIreland
Re : Hijack log

O1 - Hosts: 85.13.206.115 u07012010u.com

Hey, that file is nasty (_;)


Yep! It is!

Got rid and all is well :D CHEERS DUDE!
#13
DangerGod
if you havent already get kaspersky (30 day free trial) give that a go.


+1
#14
sicpuppy
sparkyIreland
Re : Hijack log

O1 - Hosts: 85.13.206.115 u07012010u.com

Hey, that file is nasty (_;)


Yep! It is!

Got rid and all is well :D CHEERS DUDE!


No probs man ;)
banned#15
and get shot of AVG - its crap!

Post a Comment

You don't need an account to leave a comment. Just enter your email address. We'll keep it private.

...OR log in with your social account

...OR comment using your social account

Looking for Twitter login?
Thanks for your comment! Keep it up!
We just need to have a quick look and it will be live soon.
The community is happy to hear your opinion! Keep contributing!