Please help with Virus / Malware problem - Win32:Malware-gen URL:Mal

[marsd]

as for firefox set to syn, I never changed any setting about this that I know of- How do I see that info?

[marsd]

if you mean under tools, options, sync-
I never touched anything there

[marsd]

Im still getting all sorts of google search redirectiong after clicking on links--

again-

did this search on google in IE trying to see what this Trojan warning is that I got from the other google search where I clicked stockrants-

what kind of trojan is HTML:RedirDL-inf [Trj]

http://www.google.com/search?q=what+kind+of+trojan+is+HTML%3ARedirDL-inf+%5BTrj%5D&sourceid=ie7&rls=com.microsoft:en-us:IE-SearchBox&ie=&oe=&rlz=1I7ADRA_en#rls=com.microsoft:en-us%3AIE-SearchBox&rlz=1I7ADRA_en&sclient=psy-ab&q=what+kind+of+trojan+is+HTML:RedirDL-inf+%5BTrj%5D&oq=what+kind+of+trojan+is+HTML:RedirDL-inf+%5BTrj%5D&gs_l=serp.12...0.0.0.116016.0.0.0.0.0.0.0.0..0.0...0.0...1c..15.psy-ab.uIksnY_Oi_M&pbx=1&bav=on.2,or.r_qf.&bvm=bv.47244034,d.aWM&fp=b13afd72f562bd5a&biw=1280&bih=705

Then I clicked on 5th listing-

www.drumcorpsplanet.com/forums/index.php/.../154946-dcp-infected/

but it redirects to bad site--

http://url4short.info/948f56c0

and I get this warning-

Infection Details
URL:   http://url4short.info/948f56c0
Process:   C:\Program Files\Internet Explorer\iexpl...
Infection:   URL:Mal

[essexboy]

From reading that forum thread there appears to be a bad google link.  Could you once more totally uninstall firefox and chrome, reboot and run an OTL quick scan selecting all users please 

[marsd]

OTL attached-

[marsd]

I just reinstalled firefox and I still get all these addons that should have been deleted when I uninstalled, but for some reason they are not going away--

[essexboy]

OK Uninstall Firefox, run this OTL fix and then re-install firefox please

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  
  

Code: [Select]

:OTL
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@worldwinner.com/Launcher2,version=1.10.0.25: C:\Program Files\WorldWinner.com, Inc\WorldWinner Games\npwwload.dll (WorldWinner.com, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\CouponNetwork.com/CMDUniversalCouponPrintActivator: C:\DOCUME~1\Marwan\APPLIC~1\CATALI~2\NPBCSK~1.DLL (Catalina Marketing Corporation)
FF - HKCU\Software\MozillaPlugins\tdameritrade.com/tossc: C:\Program Files\thinkorswim\tossc32.dll (TD Ameritrade)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\hotfix@mozilla.org: C:\Documents and Settings\Marwan\Application Data\Mozilla\Firefox\Extensions\MozillaHotfix [2013/02/28 16:28:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/05/14 15:30:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\hotfix@mozilla.org: C:\Documents and Settings\Marwan\Application Data\Mozilla\Firefox\Extensions\MozillaHotfix [2013/02/28 16:28:16 | 000,000,000 | ---D | M]
[2012/04/25 20:59:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Marwan\Application Data\Mozilla\Firefox\Extensions
[2013/02/28 16:28:16 | 000,000,000 | ---D | M] (Mozilla hotfix) -- C:\Documents and Settings\Marwan\Application Data\Mozilla\Firefox\Extensions\MozillaHotfix
[2013/05/30 09:50:57 | 002,162,336 | ---- | C] (Catalina Marketing Corp) -- C:\Documents and Settings\Marwan\Local Settings\Application Data\BcsKtYcHW.dll
[2013/05/28 17:56:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marwan\Application Data\MCommon
[2013/05/30 09:50:57 | 000,922,944 | ---- | M] () -- C:\Documents and Settings\Marwan\Local Settings\Application Data\a.zip
[2013/05/28 07:29:46 | 000,465,280 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2win32.cid
[2012/12/16 12:40:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marwan\Application Data\Catalina Marketing Corp
[2013/05/03 08:22:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marwan\Application Data\Catalina – Print Savings
[2013/06/03 14:16:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marwan\Application Data\MCommon

:Files
C:\Program Files\MozyHome
C:\Documents and Settings\Marwan\Application Data\Mozilla

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

[marsd]

ran fix-

[essexboy]

OK reinstall Firefox now and let me know if the alerts have gone, you did have firefox backing up data .. Hence the return

[marsd]

otl-
quick scan

[marsd]

No, I still get the same alerts and redirects- after following google search shown above--

Infection Details
URL:   http://url4short.info/948f56c0
Process:   C:\Program Files\Mozilla Firefox\firefox...
Infection:   URL:Mal


fyi-
Firefox now only has these addons-

extensions:
microsoft .net framework assistant 0.0.0 (disabled)

plugins:
adobe acrobat 11.0.3.37 (enabled)
quicktime plugin 7.7.4 7.7.4.0  (enabled)

[marsd]

same pattern for other google search

"stock market forum"

Infection Details
URL:   http://www.stockrants.com/forum/misc.php...
Process:   C:\Program Files\Mozilla Firefox\firefox...
Infection:   HTML:RedirDL-inf [Trj]


I can find other examples too if that is helpful??

[marsd]

ran fresh OTL scan
attached-

[essexboy]

OK I think I know where it is hiding... Notice that the quarantine file has now added itself to the run key.  As soon has this fix has completed (there will be no reboot)  Press the Cleanup button on OTL

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  
  

Code: [Select]

:OTL
SRV - File not found [Auto | Stopped] -- C:\Program Files\MozyHome\mozybackup.exe -- (mozybackup)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MozyHome Status.lnk = C:\_OTL\MovedFiles\06052013_094250\C_Program Files\MozyHome\mozystat.exe (Mozy, Inc.)

:Files
C:\Program Files\MozyHome
C:\Documents and Settings\Marwan\Application Data\MCommon

:Commands
[resethosts]
[CREATERESTOREPOINT]


• Then click the Run Fix button at the top
   

[marsd]

I have done this and I will attached the logs once it restarts--

however I would like to note that I am using my other laptop and was trying to replicate those 2 warning popups with a google search and I was able to do it-- are you able to replicate them too or is it possible that this other laptop of mine is also infected?