Author Topic: keylogger on vine4you.com  (Read 2254 times)

0 Members and 1 Guest are viewing this topic.

Offline MattiieG

  • Jr. Member
  • **
  • Posts: 53
keylogger on vine4you.com
« on: October 14, 2013, 02:42:44 AM »
http://www.scamvoid.com/check/vine4you.com
I believe that I have recieved the keylogger from vine4you.com, but am not completely sure, can anyone help me check whether or not I have?
Maybe I didn't recieve it because I use the ultrasurf proxy?
Malwarebytes found nothing
Avast found nothing

Offline Steven Winderlich

  • Super Poster
  • ***
  • Posts: 2267
Re: keylogger on vine4you.com
« Reply #1 on: October 14, 2013, 05:29:59 AM »
Follow the logs in assist to clean malware thread at the top of the viruses and worms section. And attach logs. When done malware removers will be notified.
Windows 10 Technical Preview Build 10041 64 Bit, Avast Premier 2015 R2

Offline MattiieG

  • Jr. Member
  • **
  • Posts: 53
Re: keylogger on vine4you.com
« Reply #2 on: October 14, 2013, 11:19:07 AM »
here they are

Offline MattiieG

  • Jr. Member
  • **
  • Posts: 53
Re: keylogger on vine4you.com
« Reply #3 on: October 14, 2013, 11:19:34 AM »
and Extras.txt if you need it

Offline argus

  • Anti Malware Fighter _ ASAP_
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1602
Re: keylogger on vine4you.com
« Reply #4 on: October 14, 2013, 11:51:50 AM »
Hello


Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.


  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Under Optional Scan ensure "List BCD" and "Driver MD5" are ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.


 My help is free, however, if you want to support my fight against malware, click here ->

Offline MattiieG

  • Jr. Member
  • **
  • Posts: 53
Re: keylogger on vine4you.com
« Reply #5 on: October 14, 2013, 12:50:17 PM »
hey, sorry for the late reply

Offline polonus

  • Avast √úberevangelist
  • Maybe Bot
  • *****
  • Posts: 23318
  • malware fighter
Re: keylogger on vine4you.com
« Reply #6 on: October 14, 2013, 12:58:50 PM »
Well WOT does not like that site either: http://www.mywot.com/en/scorecard/vine4you.com?utm_source=addon&utm_content=popup-donuts
Well 1000 websites on one IP, what security do you want there?

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline argus

  • Anti Malware Fighter _ ASAP_
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1602
Re: keylogger on vine4you.com
« Reply #7 on: October 14, 2013, 01:25:03 PM »

1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

Code: [Select]
Start
SearchScopes: HKLM-x32 - DefaultScope {F17BB688-52F9-4011-AE6D-F98B212548ED} URL = http://u-search.net/?a=1&e=1&q={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {F17BB688-52F9-4011-AE6D-F98B212548ED} URL = http://u-search.net/?a=1&e=1&q={searchTerms}
SearchScopes: HKCU - DefaultScope {F17BB688-52F9-4011-AE6D-F98B212548ED} URL = http://u-search.net/?a=1&e=1&q={searchTerms}
SearchScopes: HKCU - {C10BC952-33B9-402F-B496-60D485BF64AB} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U4&apn_dtid=OSJ000YYUK&apn_uid=AEB2CAEF-770A-4A5C-890E-9AD38995E6FD&apn_sauid=97CAFC54-2AA0-43D0-8C39-937F8F6D53AE
SearchScopes: HKCU - {EAFA2A8B-D06F-4FBD-8A99-1349BBA5DA95} URL = http://searchou.com/?q={searchTerms}&id=a44c152500000000000016de2b77868e&affilt=5&r=251
SearchScopes: HKCU - {F17BB688-52F9-4011-AE6D-F98B212548ED} URL = http://u-search.net/?a=1&e=1&q={searchTerms}
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKCU -  No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor
CHR RestoreOnStartup: "hxxp://google.com/", "hxxp://searchou.com/?id=a44c152500000000000016de2b77868e&affilt=5"
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.60.126.1_0\McChPlg.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL No File
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
C:\Users\Matt\jagex_cl_runescape_LIVE.dat
C:\Users\Matt\random.dat
C:\Users\Matt\AppData\Local\Temp\procexp64.exe
File: C:\Windows\Test.bat
End
2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.


3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.


 My help is free, however, if you want to support my fight against malware, click here ->

Offline MattiieG

  • Jr. Member
  • **
  • Posts: 53
Re: keylogger on vine4you.com
« Reply #8 on: October 14, 2013, 01:35:33 PM »
here's the fixlog

Offline MattiieG

  • Jr. Member
  • **
  • Posts: 53
Re: keylogger on vine4you.com
« Reply #9 on: October 14, 2013, 01:42:57 PM »
I just got 2 random desktop.ini files on my desktop, can I delete these?

Offline argus

  • Anti Malware Fighter _ ASAP_
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1602
Re: keylogger on vine4you.com
« Reply #10 on: October 14, 2013, 01:51:47 PM »


System is clean, you have not  keylogger.




Please download DelFix by "Xplode" to your Desktop.

Run the tool and check the following boxes below;
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore
  • Reset system settings

Now click on "Run" button. Wait for the programme completes his work.
All the tools we used should be gone.
Tool will create and open an log report (DelFix.txt)
Note: The report will also be stored on C:\DelFix.txt


> I don't need DelFix log report.


 My help is free, however, if you want to support my fight against malware, click here ->

Offline Michael (alan1998)

  • Super Poster
  • ***
  • Posts: 2236
Re: keylogger on vine4you.com
« Reply #11 on: October 14, 2013, 02:02:49 PM »
I just got 2 random desktop.ini files on my desktop, can I delete these?

Do not. Most likely FRST or some other program Argus used to check your computer over unhide those files. Open up your File Explorer (Where you go to get your documents from.) --> Top Left Organize --> Folder and Search Options --> View --> Restore to Default.

If that doesn't work follow all the steps again except the last an make sure the tick is on "Don't show hidden folders, Files and drives.
Ensure the check is ON for "Hide extensions of known file types"
Danny, best person in the School. Finally things are getting done.