Avast WEBforum
Other => Viruses and worms => Topic started by: MattiieG on October 14, 2013, 02:42:44 AM
-
http://www.scamvoid.com/check/vine4you.com
I believe that I have recieved the keylogger from vine4you.com, but am not completely sure, can anyone help me check whether or not I have?
Maybe I didn't recieve it because I use the ultrasurf proxy?
Malwarebytes found nothing
Avast found nothing
-
Follow the logs in assist to clean malware thread at the top of the viruses and worms section. And attach logs. When done malware removers will be notified.
-
here they are
-
and Extras.txt if you need it
-
Hello
Please download Farbar Recovery Scan Tool (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/) and save it to your desktop.
Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.
- Double-click to run it. When the tool opens click Yes to disclaimer.
- Under Optional Scan ensure "List BCD" and "Driver MD5" are ticked.
- Press Scan button.
- It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
- The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
-
hey, sorry for the late reply
-
Well WOT does not like that site either: http://www.mywot.com/en/scorecard/vine4you.com?utm_source=addon&utm_content=popup-donuts
Well 1000 websites on one IP, what security do you want there?
polonus
-
1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
Start
SearchScopes: HKLM-x32 - DefaultScope {F17BB688-52F9-4011-AE6D-F98B212548ED} URL = http://u-search.net/?a=1&e=1&q={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {F17BB688-52F9-4011-AE6D-F98B212548ED} URL = http://u-search.net/?a=1&e=1&q={searchTerms}
SearchScopes: HKCU - DefaultScope {F17BB688-52F9-4011-AE6D-F98B212548ED} URL = http://u-search.net/?a=1&e=1&q={searchTerms}
SearchScopes: HKCU - {C10BC952-33B9-402F-B496-60D485BF64AB} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U4&apn_dtid=OSJ000YYUK&apn_uid=AEB2CAEF-770A-4A5C-890E-9AD38995E6FD&apn_sauid=97CAFC54-2AA0-43D0-8C39-937F8F6D53AE
SearchScopes: HKCU - {EAFA2A8B-D06F-4FBD-8A99-1349BBA5DA95} URL = http://searchou.com/?q={searchTerms}&id=a44c152500000000000016de2b77868e&affilt=5&r=251
SearchScopes: HKCU - {F17BB688-52F9-4011-AE6D-F98B212548ED} URL = http://u-search.net/?a=1&e=1&q={searchTerms}
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor
CHR RestoreOnStartup: "hxxp://google.com/", "hxxp://searchou.com/?id=a44c152500000000000016de2b77868e&affilt=5"
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.60.126.1_0\McChPlg.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL No File
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
C:\Users\Matt\jagex_cl_runescape_LIVE.dat
C:\Users\Matt\random.dat
C:\Users\Matt\AppData\Local\Temp\procexp64.exe
File: C:\Windows\Test.bat
End
2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.
-
here's the fixlog
-
I just got 2 random desktop.ini files on my desktop, can I delete these?
-
System is clean, you have not keylogger.
Please download DelFix (http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/9-delfix) by "Xplode" to your Desktop.
Run the tool and check the following boxes below;
- Remove disinfection tools
- Create registry backup
- Purge System Restore
- Reset system settings
Now click on "Run" button. Wait for the programme completes his work.
All the tools we used should be gone.
Tool will create and open an log report (DelFix.txt)
Note: The report will also be stored on C:\DelFix.txt
> I don't need DelFix log report.
-
I just got 2 random desktop.ini files on my desktop, can I delete these?
Do not. Most likely FRST or some other program Argus used to check your computer over unhide those files. Open up your File Explorer (Where you go to get your documents from.) --> Top Left Organize --> Folder and Search Options --> View --> Restore to Default.
If that doesn't work follow all the steps again except the last an make sure the tick is on "Don't show hidden folders, Files and drives.
Ensure the check is ON for "Hide extensions of known file types"