Random Search pages popping up

Ultimate Windows 7 ultimate 32-bit
June 12, 2010 at 05:57:01
Specs: Windows 7
I'm having an issue with my notebook. I have been infected with some kind of virus who randomly open search pages on unknown search site while browsing. It happen on all browsers (tested with IE8, Firefox3.6 safari 4). I also had some randomly named processes of exe files in the windows folder but i managed to remove them and cleaned the registry entries about them. But the search pages still keep opening.

See More: Random Search pages popping up

Report •

June 12, 2010 at 19:03:21
Try Malwarebytes Anti-malware for starters and post the log.


Report •

June 13, 2010 at 09:01:05
Hi, Thanks for the reply.

Here's the log:

Malwarebytes' Anti-Malware 1.46

Versione database: 4193

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

13/06/2010 17:09:39
mbam-log-2010-06-13 (17-09-39).txt

Scan: Quick Scan
Scanned elements: 112517
Time elapsed: 5 minutes, 16 seconds

Infected processes in memory :0
Infected memory modules : 0
Infected registry keys : 6
Infected registry values : 2
Infected voices in registry data : 1
Infected folders: 0
Infected files : 9

Infected processes in memory:
(No malicious elements were found)

Infected memory modules:
(No malicious elements were found)

Infected registry keys:
HKEY_CLASSES_ROOT\AppID\{7b6a2552-e65b-4a9e-add4-c45577ffd8fd} (Adware.EZLife) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\V71IQL7HI7 (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.

Infected registry values:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> No action taken.

Infected voices in registry data:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\Windows\system32\userinit.exe,C:\Users\Nitrox\AppData\Roaming\sdra64.exe,) Good: (userinit.exe) -> No action taken.

Infected folders:
(No malicious elements were found)

Infected files:
C:\Windows\System32\spool\prtprocs\w32x86\ED50.tmp (Rootkit.Agent) -> No action taken.
C:\Users\Nitrox\AppData\Local\Temp\wgvyd.exe (Rogue.AVSecuritySuite) -> No action taken.
C:\Users\Nitrox\AppData\Local\Temp\khvcol.exe (Adware.Agent) -> No action taken.
C:\Users\Nitrox\AppData\Local\Temp\Kvf.exe (Trojan.Fraudpack) -> No action taken.
C:\Users\Nitrox\AppData\Local\Temp\gmfrxpgv.exe (Trojan.Dropper) -> No action taken.
C:\Windows\System32\sshnas21.dll (Trojan.FakeAlert) -> No action taken.
C:\Users\Nitrox\AppData\Local\Temp\jisfije9fjoiee.tmp (Trojan.Downloader) -> No action taken.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> No action taken.
C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> No action taken.

Report •

June 13, 2010 at 09:04:02
You may want to run combofix:
Follow the tutorial closely when running it.

Some HELP in posting on Computing.net plus free progs and instructions Cheers

Report •

Related Solutions

Ask Question