Author Topic: keylogger on vine4you.com  (Read 1510 times)

Offline MattiieG

  • Jr. Member
  • **
  • Posts: 50
    • Personal Message (Offline)
keylogger on vine4you.com
« on: October 14, 2013, 12:42:44 AM »
http://www.scamvoid.com/check/vine4you.com
I believe that I have recieved the keylogger from vine4you.com, but am not completely sure, can anyone help me check whether or not I have?
Maybe I didn't recieve it because I use the ultrasurf proxy?
Malwarebytes found nothing
Avast found nothing

Online Steven Winderlich

  • Super Poster
  • ***
  • Posts: 1835
  • Gender: Male
  • Happy Easter :)
    • Personal Message (Online)
Re: keylogger on vine4you.com
« Reply #1 on: October 14, 2013, 03:29:59 AM »
Follow the logs in assist to clean malware thread at the top of the viruses and worms section. And attach logs. When done malware removers will be notified.
Windows 8.1 Update 1 64-Bit, Avast 2014 Free 9.0.2018, Malwarebytes 2 PRO, MCShield

Offline MattiieG

  • Jr. Member
  • **
  • Posts: 50
    • Personal Message (Offline)
Re: keylogger on vine4you.com
« Reply #2 on: October 14, 2013, 09:19:07 AM »
here they are

Offline MattiieG

  • Jr. Member
  • **
  • Posts: 50
    • Personal Message (Offline)
Re: keylogger on vine4you.com
« Reply #3 on: October 14, 2013, 09:19:34 AM »
and Extras.txt if you need it

Offline argus

  • Anti Malware Fighter _ ASAP_
  • avast! Evangelist
  • Super Poster
  • ***
  • Posts: 1342
  • Gender: Male
    • Personal Message (Offline)
Re: keylogger on vine4you.com
« Reply #4 on: October 14, 2013, 09:51:50 AM »
Hello


Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.


  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Under Optional Scan ensure "List BCD" and "Driver MD5" are ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Offline MattiieG

  • Jr. Member
  • **
  • Posts: 50
    • Personal Message (Offline)
Re: keylogger on vine4you.com
« Reply #5 on: October 14, 2013, 10:50:17 AM »
hey, sorry for the late reply

Online polonus

  • avast! √úberevangelist
  • Maybe Bot
  • *****
  • Posts: 20147
  • Gender: Male
  • malware fighter
    • Personal Message (Online)
Re: keylogger on vine4you.com
« Reply #6 on: October 14, 2013, 10:58:50 AM »
Well WOT does not like that site either: http://www.mywot.com/en/scorecard/vine4you.com?utm_source=addon&utm_content=popup-donuts
Well 1000 websites on one IP, what security do you want there?

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline argus

  • Anti Malware Fighter _ ASAP_
  • avast! Evangelist
  • Super Poster
  • ***
  • Posts: 1342
  • Gender: Male
    • Personal Message (Offline)
Re: keylogger on vine4you.com
« Reply #7 on: October 14, 2013, 11:25:03 AM »

1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

Code: [Select]
Start
SearchScopes: HKLM-x32 - DefaultScope {F17BB688-52F9-4011-AE6D-F98B212548ED} URL = http://u-search.net/?a=1&e=1&q={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {F17BB688-52F9-4011-AE6D-F98B212548ED} URL = http://u-search.net/?a=1&e=1&q={searchTerms}
SearchScopes: HKCU - DefaultScope {F17BB688-52F9-4011-AE6D-F98B212548ED} URL = http://u-search.net/?a=1&e=1&q={searchTerms}
SearchScopes: HKCU - {C10BC952-33B9-402F-B496-60D485BF64AB} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U4&apn_dtid=OSJ000YYUK&apn_uid=AEB2CAEF-770A-4A5C-890E-9AD38995E6FD&apn_sauid=97CAFC54-2AA0-43D0-8C39-937F8F6D53AE
SearchScopes: HKCU - {EAFA2A8B-D06F-4FBD-8A99-1349BBA5DA95} URL = http://searchou.com/?q={searchTerms}&id=a44c152500000000000016de2b77868e&affilt=5&r=251
SearchScopes: HKCU - {F17BB688-52F9-4011-AE6D-F98B212548ED} URL = http://u-search.net/?a=1&e=1&q={searchTerms}
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKCU -  No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor
CHR RestoreOnStartup: "hxxp://google.com/", "hxxp://searchou.com/?id=a44c152500000000000016de2b77868e&affilt=5"
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.60.126.1_0\McChPlg.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL No File
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
C:\Users\Matt\jagex_cl_runescape_LIVE.dat
C:\Users\Matt\random.dat
C:\Users\Matt\AppData\Local\Temp\procexp64.exe
File: C:\Windows\Test.bat
End
2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.


3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.

Offline MattiieG

  • Jr. Member
  • **
  • Posts: 50
    • Personal Message (Offline)
Re: keylogger on vine4you.com
« Reply #8 on: October 14, 2013, 11:35:33 AM »
here's the fixlog

Offline MattiieG

  • Jr. Member
  • **
  • Posts: 50
    • Personal Message (Offline)
Re: keylogger on vine4you.com
« Reply #9 on: October 14, 2013, 11:42:57 AM »
I just got 2 random desktop.ini files on my desktop, can I delete these?

Offline argus

  • Anti Malware Fighter _ ASAP_
  • avast! Evangelist
  • Super Poster
  • ***
  • Posts: 1342
  • Gender: Male
    • Personal Message (Offline)
Re: keylogger on vine4you.com
« Reply #10 on: October 14, 2013, 11:51:47 AM »


System is clean, you have not  keylogger.




Please download DelFix by "Xplode" to your Desktop.

Run the tool and check the following boxes below;
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore
  • Reset system settings

Now click on "Run" button. Wait for the programme completes his work.
All the tools we used should be gone.
Tool will create and open an log report (DelFix.txt)
Note: The report will also be stored on C:\DelFix.txt


> I don't need DelFix log report.

Offline Michael (alan1998)

  • Super Poster
  • ***
  • Posts: 1249
  • Gender: Male
    • Personal Message (Offline)
Re: keylogger on vine4you.com
« Reply #11 on: October 14, 2013, 12:02:49 PM »
I just got 2 random desktop.ini files on my desktop, can I delete these?

Do not. Most likely FRST or some other program Argus used to check your computer over unhide those files. Open up your File Explorer (Where you go to get your documents from.) --> Top Left Organize --> Folder and Search Options --> View --> Restore to Default.

If that doesn't work follow all the steps again except the last an make sure the tick is on "Don't show hidden folders, Files and drives.
Ensure the check is ON for "Hide extensions of known file types"
i7-3770, GTX 760DCII OC, 16GB DDR3 RAM @ 1600Mhz, 2TB HDD @ 7200RPM, 32GB SSD.

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now