27 replies to this topic

[hoffandcol]

When I go to a search engine and do a search, the regular page pops up. When I click on a link. sometimes it takes me to the correct website, but more often than not it takes me to an unrelated site.

So far today it has taken me to travel web sites, something classed My Local Hero (local yellow page looking thing)

I don't know how to get rid of it.

Can anyone point me in the right direction? I read some other posts but they all seem very specific so I wanted to start from scratch. I am a little new to this - so I apologize ahead of time if I have questions.

Thanks for your help.
Colleen

[Blade81]

Hi,

Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds file to run the tool.

• When done, DDS will open two (2) logs:
  • DDS.txt
  • Attach.txt
• Save both reports to your desktop. Post them back to your topic.

[hoffandcol]

Thank you for your info. I tried to run the dds, but in the middle of it my screen went blue and I got a pretty intimidating message.

"A problem has been detected and windows has been shut down to prevent damage to your computer [RQL_NOT_LESS_OR_EQUAL]"

There were more lines but there was also a technical code:

STOP: 0x0000000A (0x00461000, 0x0000001C, 0x00000000, 0x0806163CF)

I had disabled my "noscript" as mentioned but am not sure if maybe there is something else I need to disable.

Do you know if the blue screen is a result of something interfering with the DDS or if there is something really wrong? My husband thinks I might be safer letting a computer tech do this instead of doing this myself...should I be afraid?

Thanks
Colleen

[Blade81]

Hi,

Are you able to use system in safe mode? If yes, please try to run DDS there.

[hoffandcol]

I believe the files you want are the ones I am attaching. One says something about zipping/unzipping - I am sorry if this is posted incorrectly - not sure what to do with it and I couldn't find specific instructions for it.

Please let me know if you need me to do something else to it in order for you to be able to use it.

Thanks for your help.
colleen

Attached Files

•  dds.txt   10.29K   55 downloads
•  attach.txt   22.89K   66 downloads

[Blade81]

Hi,

Logs posted like expected

Next AVG has to be uninstalled so that it won't interfere with cleaning process. That can be done with Appremover. AVG can be reinstalled after we've finished the case (I'll let you know when).


When done, please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingc...to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:

• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
  Remember to re-enable them afterwards.
  
  
• Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

[hoffandcol]

Thanks for your help. Before I do this - should any or all of this be done in safe mode?

Thank you.
Colleen

[Blade81]

If possible take the steps in normal mode, please.

[hoffandcol]

Thank you - I am leaving for vacation in a few hours. I will run this and post when I return so it will be most recent for when I can follow up instead of beginning this and leaving it unresolved. Thanks for your help so far - post back in 5 days.

[Blade81]

Ok, thanks for the heads up

[hoffandcol]

Thank you for your help. Here are the files I believe you are looking for.

If you need something else, let me know.
(there is another file called combofix quarantined files)

In the meantime - should ALL my blockers/firewalls be down?

Colleen

Attached Files

•  dds.txt   9.19K   47 downloads
•  attach.txt   22.66K   58 downloads
•  ComboFix.txt   16.07K   44 downloads

[Blade81]

Hi again,

Open notepad and copy/paste the text in the quotebox below into it:

DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:6092
uInternet Settings,ProxyOverride = <local>;*.local
TB&#58; {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB&#58; {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No File

Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.



Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.


Uninstall old Adobe Reader versions and get the latest one (Adobe Reader 10.1) here or get Foxit Reader here. Make sure you don't (unless you want to) install toolbar if choose Foxit Reader! You may also check free readers introduced here.


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:

• Download the latest version of Java Runtime Environment (JRE) 6 Update 26.
• Click the
  Download
  button to the right.
• Select Windows on platform combobox and check the box that says:
  Accept License Agreement. Click continue.
  
• The page will refresh.
• Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java versions.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-6u26-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.

* Go here to run an online scanner from ESET.

• Note: You will need to use Internet explorer for this scan
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to install
• Click Start
• Make sure that the option Remove found threats is UNchecked.
• Click Scan
• Wait for the scan to finish.

Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log. Are there still symptoms left?

[hoffandcol]

Thanks again - here is the morning log. As it was running it said there was a newer version of Combofix. I did NOT stop the analysis because I wasn't sure if I should.

If you need me to go back and do that over again with the updated version, let me know.


Off to do the other items on your list - and will post the next dds when that has been completed.

Colleen

Attached Files

•  ComboFix.txt   14.49K   41 downloads

[hoffandcol]

I think I did something wrong. The ESET ran but I can't find any file log to upload. It said there were 10 threats detected. Do you have any idea where it may have saved the log or if I did something wrong?

Here is the other log in the meantime. The combofix is in the above post.

Sorry...

Attached Files

•  dds.txt   10.01K   93 downloads

[Blade81]

Hi,

Did ESET window have any details about found items visible?

[hoffandcol]

It did have info - it said 10 items and from what I recall mostly trojan related.

Do you want me to rerun and write them down if I can't find a way to generate a log?

Colleen

[Blade81]

Hi,

Please see if C:\Program Files\EsetOnlineScanner\log.txt file exists. If not then run the scanner again.

EDIT: Check also c:\program files\ESET contents for log file.

[hoffandcol]

I started to run it again before - just in case. It just ended and here is the exported text file.

Thanks
Colleen

Attached Files

•  eset.txt   1.56K   49 downloads

[Blade81]

Hi,

Delete these files:
C:\Documents and Settings\Joe\My Documents\My Music\Incomplete\Preview-T-3209657-loving pi.mp3
C:\Documents and Settings\Joe\My Documents\My Music\Incomplete\Preview-T-4224012-loving pi HIT TOP50.mp3
C:\Documents and Settings\Joe\My Documents\My Music\LIMEWIRE downloads\loving pi.mp3

How's the system running now?

[hoffandcol]

The system seems to be ok - I tried to sign in as my husband and google some things. I haven't been redirected. Last week it seemed like my sign in would be fine until he logged in and started searching but so far so good.

I added them to the recycle bin and emptied it.

Thank you again for all your help...will await you next instructions.

Thanks!
Colleen