Author Topic: keylogger on vine4you.com  (Read 6660 times)

0 Members and 1 Guest are viewing this topic.

MattiieG

  • Guest
keylogger on vine4you.com
« on: October 14, 2013, 02:42:44 AM »
http://www.scamvoid.com/check/vine4you.com
I believe that I have recieved the keylogger from vine4you.com, but am not completely sure, can anyone help me check whether or not I have?
Maybe I didn't recieve it because I use the ultrasurf proxy?
Malwarebytes found nothing
Avast found nothing

Offline Secondmineboy

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3645
Re: keylogger on vine4you.com
« Reply #1 on: October 14, 2013, 05:29:59 AM »
Follow the logs in assist to clean malware thread at the top of the viruses and worms section. And attach logs. When done malware removers will be notified.
Windows 10 1909, 4 GB DDR3 RAM, 500 GB 5400 RPM HDD, 1366 by 768 LCD Screen, Intel Core i3 5010U Dual Core, Intel HD Graphics 5500
HUAWEI P30 Pro. Android 10

MattiieG

  • Guest
Re: keylogger on vine4you.com
« Reply #2 on: October 14, 2013, 11:19:07 AM »
here they are

MattiieG

  • Guest
Re: keylogger on vine4you.com
« Reply #3 on: October 14, 2013, 11:19:34 AM »
and Extras.txt if you need it

argus

  • Guest
Re: keylogger on vine4you.com
« Reply #4 on: October 14, 2013, 11:51:50 AM »
Hello


Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.


  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Under Optional Scan ensure "List BCD" and "Driver MD5" are ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

MattiieG

  • Guest
Re: keylogger on vine4you.com
« Reply #5 on: October 14, 2013, 12:50:17 PM »
hey, sorry for the late reply

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: keylogger on vine4you.com
« Reply #6 on: October 14, 2013, 12:58:50 PM »
Well WOT does not like that site either: http://www.mywot.com/en/scorecard/vine4you.com?utm_source=addon&utm_content=popup-donuts
Well 1000 websites on one IP, what security do you want there?

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

argus

  • Guest
Re: keylogger on vine4you.com
« Reply #7 on: October 14, 2013, 01:25:03 PM »

1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

Code: [Select]
Start
SearchScopes: HKLM-x32 - DefaultScope {F17BB688-52F9-4011-AE6D-F98B212548ED} URL = http://u-search.net/?a=1&e=1&q={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {F17BB688-52F9-4011-AE6D-F98B212548ED} URL = http://u-search.net/?a=1&e=1&q={searchTerms}
SearchScopes: HKCU - DefaultScope {F17BB688-52F9-4011-AE6D-F98B212548ED} URL = http://u-search.net/?a=1&e=1&q={searchTerms}
SearchScopes: HKCU - {C10BC952-33B9-402F-B496-60D485BF64AB} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U4&apn_dtid=OSJ000YYUK&apn_uid=AEB2CAEF-770A-4A5C-890E-9AD38995E6FD&apn_sauid=97CAFC54-2AA0-43D0-8C39-937F8F6D53AE
SearchScopes: HKCU - {EAFA2A8B-D06F-4FBD-8A99-1349BBA5DA95} URL = http://searchou.com/?q={searchTerms}&id=a44c152500000000000016de2b77868e&affilt=5&r=251
SearchScopes: HKCU - {F17BB688-52F9-4011-AE6D-F98B212548ED} URL = http://u-search.net/?a=1&e=1&q={searchTerms}
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKCU -  No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor
CHR RestoreOnStartup: "hxxp://google.com/", "hxxp://searchou.com/?id=a44c152500000000000016de2b77868e&affilt=5"
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.60.126.1_0\McChPlg.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL No File
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
C:\Users\Matt\jagex_cl_runescape_LIVE.dat
C:\Users\Matt\random.dat
C:\Users\Matt\AppData\Local\Temp\procexp64.exe
File: C:\Windows\Test.bat
End
2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.


3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.

MattiieG

  • Guest
Re: keylogger on vine4you.com
« Reply #8 on: October 14, 2013, 01:35:33 PM »
here's the fixlog

MattiieG

  • Guest
Re: keylogger on vine4you.com
« Reply #9 on: October 14, 2013, 01:42:57 PM »
I just got 2 random desktop.ini files on my desktop, can I delete these?

argus

  • Guest
Re: keylogger on vine4you.com
« Reply #10 on: October 14, 2013, 01:51:47 PM »


System is clean, you have not  keylogger.




Please download DelFix by "Xplode" to your Desktop.

Run the tool and check the following boxes below;
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore
  • Reset system settings

Now click on "Run" button. Wait for the programme completes his work.
All the tools we used should be gone.
Tool will create and open an log report (DelFix.txt)
Note: The report will also be stored on C:\DelFix.txt


> I don't need DelFix log report.

Offline Michael (alan1998)

  • Massive Poster
  • ****
  • Posts: 2768
  • Volunteer
Re: keylogger on vine4you.com
« Reply #11 on: October 14, 2013, 02:02:49 PM »
I just got 2 random desktop.ini files on my desktop, can I delete these?

Do not. Most likely FRST or some other program Argus used to check your computer over unhide those files. Open up your File Explorer (Where you go to get your documents from.) --> Top Left Organize --> Folder and Search Options --> View --> Restore to Default.

If that doesn't work follow all the steps again except the last an make sure the tick is on "Don't show hidden folders, Files and drives.
Ensure the check is ON for "Hide extensions of known file types"
VOLUNTEER

Senior Security Analyst; Sys Admin (Linux); Forensics/Incident Response.

Security is a mindset, not an application. Think BEFORE you click.