Author Topic: Not sure if I am infected.  (Read 11633 times)

0 Members and 1 Guest are viewing this topic.

SafeSurf

  • Guest
Re: Not sure if I am infected.
« Reply #15 on: September 22, 2010, 10:45:26 AM »
Thank you for the logs.  Although I had asked for an MBAM FULL scan and you did a Quick scan, I think Essexboy can work with your OTL logs.

Did you realize that when you installed Fox-It pdf Reader that you also installed the Ask Toolbar (adware)?  They are sneaky in putting this adware in there unless you do a Custom Install and read everything you click while you are installing or preferably download the Slim or Portable Version.  So next time you need an update, uninstall this version and install the versions I suggested instead.  An alternative pdf reader without toolbars is Nitro pdf reader and there are others.  Just something to think about once all these troubles are over.

Can you please give an explanation for Essexboy as to the problems you are currently having with your machine now

He will analyze your logs and give you further instructions.  Please check in at least daily on the forum for his instructions (he is on UK time).  Thank you.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Not sure if I am infected.
« Reply #16 on: September 22, 2010, 09:15:04 PM »
Nothing jumps out at me there - so lets investigate some other areas

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.





  • If an infected file is detected, the default action will be Cure, click on Continue.





  • If a suspicious file is detected, the default action will be Skip, click on Continue.





  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.





  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
THEN

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

crudohgod

  • Guest
Re: Not sure if I am infected.
« Reply #17 on: September 23, 2010, 02:34:44 AM »
I've done this, here are the logs.

TDSS Killer
Code: [Select]
Attached to post due to character limit
GoordFix
Code: [Select]
GooredFix by jpshortstuff (03.07.10.1)
Log created at 17:31 on 22/09/2010 (Conrad)
Firefox version 3.6.10 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [07:35 21/08/2010]
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [01:53 02/09/2010]

C:\Users\Conrad\Application Data\Mozilla\Firefox\Profiles\oxrvfedc.default\extensions\
SearchHelper [01:55 02/09/2010]
{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [01:57 02/09/2010]
{b749fc7c-e949-447f-926c-3f4eed6accfe} [07:36 21/08/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
(Key not found)

---------- Old Logs ----------
GooredFix[00.30.42_23-09-2010].txt

-=E.O.F=-





Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Not sure if I am infected.
« Reply #18 on: September 23, 2010, 08:31:28 PM »
Could you attach the TDSSKiller log please as you duplicated the Gored.  Do you use a router ?

crudohgod

  • Guest
Re: Not sure if I am infected.
« Reply #19 on: September 23, 2010, 11:04:33 PM »
Wow how did I manage to do that. Log is attached. Yes I use a router by the way.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Not sure if I am infected.
« Reply #20 on: September 23, 2010, 11:14:43 PM »
Are the redirects in firefox only or both IE and FF

crudohgod

  • Guest
Re: Not sure if I am infected.
« Reply #21 on: September 23, 2010, 11:20:04 PM »
I don't use IE often but I haven't seem to be able to get the redirect on IE. I've been getting it on Firefox a lot lately, the redirect is to www.landing.savetubevideo.com/ by the way, even though I've uninstalled the savetube thing. I get no redirects on Opera by the way.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Not sure if I am infected.
« Reply #22 on: September 24, 2010, 08:44:16 PM »
I hate Firefox - there are so many nooks and crannies where stuff hides

What I would recommend is a full uninstall of Firefox and re-install a fresh copy.  You will need to remove it entirely from your system

Here is a link for how to completely uninstall FF http://support.mozilla.com/en-US/kb/Uninstalling+Firefox#Removing_user_data_and_settings

crudohgod

  • Guest
Re: Not sure if I am infected.
« Reply #23 on: September 24, 2010, 10:15:06 PM »
I hate Firefox - there are so many nooks and crannies where stuff hides

What I would recommend is a full uninstall of Firefox and re-install a fresh copy.  You will need to remove it entirely from your system

Here is a link for how to completely uninstall FF http://support.mozilla.com/en-US/kb/Uninstalling+Firefox#Removing_user_data_and_settings

For some reason I haven't gotten the redirects as much, but I went ahead and uninstalled firefox completely and I haven't reinstalled it yet. I'm still having the problem of Avast not being able to turn on.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Not sure if I am infected.
« Reply #24 on: September 24, 2010, 10:36:57 PM »
OK big boy time.  This programme has recently changed and I am in the process of updating the instructions, so it may differ slightly 

Download Dr.Web CureIt to the desktop.
  • Doubleclick the downloaded random name file
  • OK the run in protected mode box
  • Click start
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, chose the Complete Scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look and see if you can click the following icon next to the files found:

  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:

  • This will move it to the %userprofile%\DoctorWeb\quarantine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer to allow files that were in use to be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply along with a new OTL log.
NOTE: During the scan, a pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.