Groups

    *Sigh* Annoying Virus - Help?

    My dim friend has managed to get his laptop infected with a shedloads of viruses, I've got rid of MOST of these, but one blighter remains.

    Basically, when you search on google, and you get search results, the links just redirect you to another scam website, or, Ask Jeeves sometimes! They are sometimes accompanied by a popup.

    Also worth noting, I have used AVG Free and Malware Bytes Anti Malware

    Running Vista

    I have included an HijackThis Log.

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 19:41:12, on 19/08/2010
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.17037)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\AVG\AVG9\avgtray.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\wuauclt.exe
    C:\Users\admin\Downloads\HijackThis.exe
    C:\Windows\system32\SearchFilterHost.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwl…896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwl…157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwl…896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwl…896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwl…157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O1 - Hosts: 85.13.206.115 u07012010u.com
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
    O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com/get…cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
    O20 - AppInit_DLLs: avgrsstx.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
    O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

    --
    End of file - 3966 bytes

    Any help guys

    16 Comments

    Banned

    Download hijack this & malwarebytes
    They are both free & are really good
    Let us know how you get on

    Original Poster

    robbieukranger

    Download hijack this & malwarebytesThey are both free & are really good … Download hijack this & malwarebytesThey are both free & are really good Let us know how you get on


    Used Malwarebytes, very helpful, got rid of annoying GT Antivirus popups which were driving me mad

    HJT report is included

    robbieukranger

    Download hijack this & malwarebytesThey are both free & are really good … Download hijack this & malwarebytesThey are both free & are really good Let us know how you get on



    • . . . . . .. . . . . . . . . . . ,.-‘”. . . . . . . . . .``~.,
    . . . . . . . .. . . . . .,.-”. . . . . . . . . . . . . . . . . .“-.,
    . . . . .. . . . . . ..,/. . . . . . . . . . . . . . . . . . . . . . . ”:,
    . . . . . . . .. .,?. . . . . . . . . . . . . . . . . . . . . . . . . . .\,
    . . . . . . . . . /. . . . . . . . . . . . . . . . . . . . . . . . . . . . ,}
    . . . . . . . . ./. . . . . . . . . . . . . . . . . . . . . . . . . . ,:`^`.}
    . . . . . . . ./. . . . . . . . . . . . . . . . . . . . . . . . . ,:”. . . ./
    . . . . . . .?. . . __. . . . . . . . . . . . . . . . . . . . :`. . . ./
    . . . . . . . /__.(. . .“~-,_. . . . . . . . . . . . . . ,:`. . . .. ./
    . . . . . . /(_. . ”~,_. . . ..“~,_. . . . . . . . . .,:`. . . . _/
    . . . .. .{.._$;_. . .”=,_. . . .“-,_. . . ,.-~-,}, .~”; /. .. .}
    . . .. . .((. . .*~_. . . .”=-._. . .“;,,./`. . /” . . . ./. .. ../
    . . . .. . .\`~,. . ..“~.,. . . . . . . . . ..`. . .}. . . . . . ../
    . . . . . .(. ..`=-,,. . . .`. . . . . . . . . . . ..(. . . ;_,,-”
    . . . . . ../.`~,. . ..`-.. . . . . . . . . . . . . . ..\. . /\
    . . . . . . \`~.*-,. . . . . . . . . . . . . . . . . ..|,./.....\,__
    ,,_. . . . . }.>-._\. . . . . . . . . . . . . . . . . .|. . . . . . ..`=~-,
    . .. `=~-,_\_. . . `\,. . . . . . . . . . . . . . . . .\
    . . . . . . . . . .`=~-,,.\,. . . . . . . . . . . . . . . .\
    . . . . . . . . . . . . . . . . `:,, . . . . . . . . . . . . . `\. . . . . . ..__
    . . . . . . . . . . . . . . . . . . .`=-,. . . . . . . . . .,%`>--

    superantispyware.com .
    Get the free download on this and that should get the problem sorted for you..

    Banned

    if you havent already get kaspersky (30 day free trial) give that a go.

    did you run M-bam in safe mode and remember to reboot the pc to complete the removal?

    This is not a virus it is malware/spyware.

    So most "virus" products will not find it nor get rid of it.

    Try running Malwarebytes in safe mode.

    These can be very nasty and very difficult to get rid of. Might mean a full Windows reinstall.

    Original Poster

    DAMNOME

    did you run M-bam in safe mode and remember to reboot the pc to complete … did you run M-bam in safe mode and remember to reboot the pc to complete the removal?



    Just in regular mode, but I did reboot.

    sicpuppy

    Just in regular mode, but I did reboot.



    I would try it in safe mode
    make sure you've updated database and run a full scan in safe mode

    Will also need to disable System Restore points before commencing with scan in Safe Mode i think.

    I assume you are attacking these from within Safe mode and not normal Windows. As this will stop the files getting locked (or reinstalled on shut down).

    Keep tapping F8 when you switch the machine on and select Safe Mode.

    I would try 4 programs:
    Scan using AVG Free Antivirus (runs in limited mode in Safe Mode):
    majorgeeks.com/AVG…tml

    Scan using Avira Free AntiVirus (remove avg first - dont mix Antivirus software)
    majorgeeks.com/Avi…tml

    Now attack the spyware:
    Spybot (free) 1st:
    majorgeeks.com/Spy…tml

    now as a 2nd run use the excellent free IO360 (formally Advanced Spyware remover). Unfortunately, you can not download an updated version, instead you have to update after installation. Its worth it, this is a great package.
    majorgeeks.com/IOb…tml

    Scan with this. Again most of these run in Safe mode (but may not install in safe mode). AVG in safe mode - go to my computer, right click on C: Disk and select Scan with AVG. You can not open the main interface in Safe mode.

    Also, if you want to massively speed up the scans download CCleaner (google it). Its brilliant at removing all you temp files properly (unlike windows) and can also scan registry for broken links (irrelevant here).

    Re : Hijack log

    O1 - Hosts: 85.13.206.115 u07012010u.com

    Hey, that file is nasty (_;)

    Original Poster

    sparkyIreland

    Re : Hijack logO1 - Hosts: 85.13.206.115 u07012010u.comHey, that file is … Re : Hijack logO1 - Hosts: 85.13.206.115 u07012010u.comHey, that file is nasty (_;)



    Yep! It is!

    Got rid and all is well CHEERS DUDE!

    DangerGod

    if you havent already get kaspersky (30 day free trial) give that a go.



    +1

    sicpuppy

    Yep! It is!Got rid and all is well CHEERS DUDE!



    No probs man

    Banned

    and get shot of AVG - its crap!
    Post a comment
    Avatar
    @
      Text
      Top Discussions
      1. Back to school: what's your views on your kids uniform and piercing rules e…46
      2. Surprise! The HUKD Summer Flamedeer Hunt 2017 **OFFICIAL THREAD** (trading …3321191
      3. If you had £50,000 to start a business what would it be ?1626
      4. New Nintendo 3DS XL – SNES Edition available in UK from October1326

      See more discussions