Author Topic: HTML/RedirME-inf[Trj]  (Read 4803 times)

0 Members and 1 Guest are viewing this topic.

Offline Muimui

  • Newbie
  • *
  • Posts: 6
HTML/RedirME-inf[Trj]
« on: September 30, 2013, 11:24:35 PM »
bonjour

depuis plusieurs jours maintenant quand je vais sur mes sites habituels l'équipe faceb00k... des popsup s'ouvrent et avast me bloque ces pages en me disant:
cheval de troie bloqué :
le nom d'une page web : http://ahizz.movies-online.squrrel.com/npytsurveyNoTOV.html (ou autre)
menace:  HTML/RedirME-inf[Trj]
j'ai lancé un scan : rien n'a été détecté
cela signifie-t-il que mon ordinateur est infecté ?
quelle est la marche à suivre ?

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40632
  • Dragons by Sasha
    • Malware fixes
Re: HTML/RedirME-inf[Trj]
« Reply #1 on: October 01, 2013, 12:02:33 AM »
Download OTL  to your Desktop
Secondary link
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.


  • Select All Users
  • Under the Custom Scan box paste this in
netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
dir "%systemdrive%\*" /S /A:L /C
CREATERESTOREPOINT


  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Post  both logs

Offline Muimui

  • Newbie
  • *
  • Posts: 6
Re: HTML/RedirME-inf[Trj]
« Reply #2 on: October 01, 2013, 11:29:07 PM »
Hello

Thx for your answer
Here is the ODT report (I don't find the Extra ?)

http://textup.fr/71870Pp

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40632
  • Dragons by Sasha
    • Malware fixes
Re: HTML/RedirME-inf[Trj]
« Reply #3 on: October 02, 2013, 04:41:08 PM »
Let me know if this fixes it :)

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following


Code: [Select]
:Commands
[CREATERESTOREPOINT]

:OTL
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=coolmsd&cd=2XzuyEtN2Y1L1QzutDtDtC0F0CyC0F0AyCyDtAyCyC0EzyyEtN0D0Tzu0CyDtCtCtN1L2XzutBtFtBtFtCtFyDyByEtN1L1Czu1R1F1F1I1H1B1Q&cr=1212408644&ir=
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=coolmsd&cd=2XzuyEtN2Y1L1QzutDtDtC0F0CyC0F0AyCyDtAyCyC0EzyyEtN0D0Tzu0CyDtCtCtN1L2XzutBtFtBtFtCtFyDyByEtN1L1Czu1R1F1F1I1H1B1Q&cr=1212408644&ir=
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=coolmsd&cd=2XzuyEtN2Y1L1QzutDtDtC0F0CyC0F0AyCyDtAyCyC0EzyyEtN0D0Tzu0CyDtCtCtN1L2XzutBtFtBtFtCtFyDyByEtN1L1Czu1R1F1F1I1H1B1Q&cr=1212408644&ir=
[2011/09/07 18:12:00 | 000,089,388 | ---- | M] () (No name found) -- C:\Users\Céline\AppData\Roaming\Mozilla\Firefox\Profiles\6rlf8bfb.default\extensions\{dd05fd3d-18df-4ce4-ae53-e795339c5f01}.xpi
O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O3 - HKU\S-1-5-21-1801811131-2594106703-2017142490-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-1801811131-2594106703-2017142490-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O20 - AppInit_DLLs: (c:\progra~3\browse~1\261562~1.220\{c16c1~1\browse~1.dll) - File not found

:Commands
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Offline Muimui

  • Newbie
  • *
  • Posts: 6
Re: HTML/RedirME-inf[Trj]
« Reply #4 on: October 02, 2013, 06:50:39 PM »
hello
this is the report
http://textup.fr/71911GT

thank you for your help ( Can you explain me what you did ?

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40632
  • Dragons by Sasha
    • Malware fixes
Re: HTML/RedirME-inf[Trj]
« Reply #5 on: October 02, 2013, 10:44:30 PM »
start.mysearchdial.com this was the problem it was set as your main page in IE along with the search ..  Have the alerts now ceased ?

Offline Muimui

  • Newbie
  • *
  • Posts: 6
Re: HTML/RedirME-inf[Trj]
« Reply #6 on: October 03, 2013, 07:25:18 AM »
I thought everything was OK but
another alert came ...
cheval de troie HTML/RedirME-inf[Trj]
 but with another website

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40632
  • Dragons by Sasha
    • Malware fixes
Re: HTML/RedirME-inf[Trj]
« Reply #7 on: October 03, 2013, 10:12:34 PM »
cheval de troie HTML/RedirME-inf[Trj]  this indicates a web site infection.  There is a script that attempts to redirect to an advertising site on that site

Offline Muimui

  • Newbie
  • *
  • Posts: 6
Re: HTML/RedirME-inf[Trj]
« Reply #8 on: October 05, 2013, 10:50:36 PM »
What can i do to preserve me against these "attacks" ?

Today another one called URL:Mal2

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40632
  • Dragons by Sasha
    • Malware fixes
Re: HTML/RedirME-inf[Trj]
« Reply #9 on: October 05, 2013, 11:21:53 PM »
Webshield is blocking the attempted redirect so you are safe

WebShield bloque la tentative de redirection alors que vous êtes en sécurité

Offline Muimui

  • Newbie
  • *
  • Posts: 6
Re: HTML/RedirME-inf[Trj]
« Reply #10 on: October 06, 2013, 08:26:37 PM »
OK THX

But it happens on the websites i visit everyday; when i click on a link an add appears and then the messages...

Before i didn't had any problems

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40632
  • Dragons by Sasha
    • Malware fixes
Re: HTML/RedirME-inf[Trj]
« Reply #11 on: October 07, 2013, 09:03:18 PM »
OK lets look in a different area

Please download Junkware Removal Tool to your desktop.
  • Right-mouse click JRT.exe and select "Run as Administrator" the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • post the contents of JRT.txt into your next message.