Dell Latitude D620 laptop infected and redirects

Dell / Latitude d620...
October 31, 2014 at 10:55:05
Specs: Windows 7 Home Premium, Intel Core I3
My desktop was just infected pretty bad, Some pro cleaner program. I thought I had it all cleaned and was just having a small issue with redirects. I tried to post here on the machine but when I tried to log in here it redirected me. Also I was going to run a online scan with eset/node32 but it redirects to some page telling me my system is infected and also a page comes up about java being outdated. Maybe someone can suggest some programs I can run. To protect my privacy I unhooked the cat 5 cable from the back so I will have to move programs via flash USB drive. The last 2 scans I did with maleware bytes came clean. I ran a quick scan and full scan. I have also ran adw cleaner and rkill they have done about all they can do. Got some things in startup and add/remove try to remove them but get an error message.

Laptop Dell Latitude D620 Core2Duo
Windows XP Pro SP3
Desktop HP Pavilion p6533w
AMD Dual Core 3.0
Windows 7 Home Premium
Server Windows XP Pro SP3
3.0 Ghz 3 GB Ram

message edited by ChristopherTGarrett


See More: Dell Latitude D620 laptop infected and redirects

Report •

#1
October 31, 2014 at 13:38:50
For a start, download and burn to dvd a Kaspersky Rescue disk ISO. Boot with the dvd. It will load itself into RAM only; then go on-line and update itself. After-which it will scan your hard drive fully and deal with more or less "anything" it finds. It's built around a Linux variant; and will not install itself to the hard drive .

The utility is free here:

http://www.kaspersky.com/virus-scanner

and some support info here:

http://support.kaspersky.co.uk/viru...

Start with that and post back with the results. There are other utilities (all free and regularly recommended here) to run after you have run the Kaspersky disk.

It's likely that JohnW will drop across here at some stage. He is one of several here very up on dealing with assorted pests... Wise to pay heed to his thoughts and those of one or two others too. All are well versed in dealing with these pests...



Report •

#2
October 31, 2014 at 14:09:26
Well I was able to get eset to scan. It has found over 50 objects so far just started less than one minute in scan. I was having trouble getting the rescue disk to download.

Laptop Dell Latitude D620 Core2Duo
Windows XP Pro SP3
Desktop HP Pavilion p6533w
AMD Dual Core 3.0
Windows 7 Home Premium
Server Windows XP Pro SP3
3.0 Ghz 3 GB Ram


Report •

#3
October 31, 2014 at 15:21:37
What is the problem with the rescue disk download?

Perhaps try this link?

http://www.majorgeeks.com/files/det...

or this one (the actual downloads - there are four available) is about mid-screen:

http://www.softexia.com/anti-virus/...


Report •

Related Solutions

#4
October 31, 2014 at 17:27:23
Avoid computer cleaner programs like the plague - they mess up more than they fix.

Always pop back and let us know the outcome - thanks


Report •

#5
October 31, 2014 at 18:48:47
It was not starting the download it was only showing the image of the icon. I got it eset was crazy it showed things infected that are not like cCleaner and some other's. I am running the rescue disk now finally got it to work has found a couple of things. Most it has found is in quarantine adw cleaner.

Laptop Dell Latitude D620 Core2Duo
Windows XP Pro SP3
Desktop HP Pavilion p6533w
AMD Dual Core 3.0
Windows 7 Home Premium
Server Windows XP Pro SP3
3.0 Ghz 3 GB Ram


Report •

#6
October 31, 2014 at 19:06:08
Oh I see now. Seems the website was infected then.

This one is worth a shot (JRT) if you've not already run it:
http://www.bleepingcomputer.com/dow...

When you ran MalwareBytes did you go to "Settings > Detections and Protection" and check the Scan for rootkits option?

EDIT:
Once you get the system running it sounds like you need an in-depth clean - as already said maybe Johnw will jump in at some stage.

Always pop back and let us know the outcome - thanks

message edited by Derek


Report •

#7
November 1, 2014 at 01:59:56
It is not uncommon for some anti-pest utilities conider others to be threats or pests... It particularly applies to some anti-virs apps. If more than one is installed and "active" they may, and occasionally do, conflict and produe error messages and "false" alerts. Sometims they may even fail to run properly too.

Report •

#8
November 1, 2014 at 05:11:26
After copying and posting here any reports from these programs, make sure that you clean out any quarantine items so other programs do not pick up on any remains that are there.

It is too late now that you have begun getting some results, but I would have begun with a system restore to an old date first to loosen the hold the nasty had on the system itself and then began the intense scanning. I have found that when it works, it makes the process easier and often faster.

As others have said, look for Johnw to follow up with you to make sure you have got everything cleaned out in the end. This is also why you should post the reports from the scans to be analyzed.

You have to be a little bit crazy to keep you from going insane.


Report •

#9
November 1, 2014 at 12:04:24

Looks like something has possibly changed the Hosts file causing the redirects.
An explanation can be found Here Microsoft have a Fix it tool Here

A number of removal tools etc that can be run from USB etc can be found Here

Help to avoid an infection use FREE protection
nowyoudo.co.uk


Report •

#10
November 1, 2014 at 14:39:09
Re #9

Using the Fix it tool depends on whether you use Hosts files yourself. If so you will not want it set back to defaults but you can edit out any lines that might have been added. Lines that start with 127.0.0.1 are for blocking and can be left in if required.

If you had never heard of hosts files before or do not have any legitimate program that sets them, running the Fix it tool is a good idea.

Always pop back and let us know the outcome - thanks

message edited by Derek


Report •

#11
November 1, 2014 at 16:02:11
After running the Kapersky rescue disk I still had problems. It removed allot of junk. I could post a log but here is the deal. I am on a brand new laptop. I do not want to transfer anything from the infected computer to this new one I just do not want to take a chance on that. In Add/Remove there are some programs like Chica Password remover. I try to remove it and get an error the File "C:\Program Files (x86)\ ChicaLogic\Chica Password Manager\unins000.dat does not exist. I am also getting video's of naked ladies.
Also somethings called knctr Itibi Inc and meadia downloader both the last two get the does not exist error. I have also ran system restore but it would not restore back before the infections. I just tried to add more space for system restore and get an error. This is about as fustrating as I had a few years ago with an XP system. And I don't know what happened but this is a Compaq system Windows 7 with the recovery drive D. I could always open the drive but the files were locked. Now I can view all the files that is weird.

Laptop Dell Latitude D620 Core2Duo
Windows XP Pro SP3
Desktop HP Pavilion p6533w
AMD Dual Core 3.0
Windows 7 Home Premium
Server Windows XP Pro SP3
3.0 Ghz 3 GB Ram

message edited by ChristopherTGarrett


Report •

#12
November 1, 2014 at 17:20:11
Using Revo Uninstaller I got rid of the above programs. Still got error messages but I was still able to force the uninstall. Computer seems faster now. I had to use ubuntu to go in and remove the folders and a few more things.

Laptop Dell Latitude D620 Core2Duo
Windows XP Pro SP3
Desktop HP Pavilion p6533w
AMD Dual Core 3.0
Windows 7 Home Premium
Server Windows XP Pro SP3
3.0 Ghz 3 GB Ram


Report •

#13
November 1, 2014 at 18:22:36
That's good. You might have to run some of the removal programs again and include JRT this time (#6). By the way, the idea with Rkill is that you run it and keep it running while you run other programs but I guess you knew that. Sometime removal programs do better in Safe Mode too.

Always pop back and let us know the outcome - thanks


Report •

#14
November 2, 2014 at 02:54:55
I ran Kapersky again. I thought it saved logs to my C drive but can not find them. I remember it was something like win32.krap.hcv. Computer is still infected when I come to this site on the computer this computing.net site looks infected. Like telling me java out of date etc. I did see Java installed in add/remove. I am looking now. It shows Java 7 Update 71 Oracle 10/26/14 119 MB 7.0.710
I will wait for replies I am in EST time zone if anyone wonders. It looks like this may take awhile.

Laptop Dell Latitude D620 Core2Duo
Windows XP Pro SP3
Desktop HP Pavilion p6533w
AMD Dual Core 3.0
Windows 7 Home Premium
Server Windows XP Pro SP3
3.0 Ghz 3 GB Ram


Report •

#15
November 2, 2014 at 03:18:43
I just looked the virus up. I read there is a way to manually remove it. Also showed a program called spy hunter. I am running it now and it has found 345 Threats. Does anyone know anything about this program? Seems like I had this before and had to register and pay for the program to remove threats. That is OK with me but is it worth it? I see it has found some things like Conduit search and snap.do and a bunch of addware.

Laptop Dell Latitude D620 Core2Duo
Windows XP Pro SP3
Desktop HP Pavilion p6533w
AMD Dual Core 3.0
Windows 7 Home Premium
Server Windows XP Pro SP3
3.0 Ghz 3 GB Ram


Report •

#16
November 2, 2014 at 05:32:07
Just to add that Java 71 is the latest version.

Spy Hunter has very mixed reviews, some swear by it and some swear at it - not one we use much around these parts.

Always pop back and let us know the outcome - thanks


Report •

#17
November 2, 2014 at 06:40:48
I will decide when I get home. I bet all the adware explains why all sites are inflected.

Laptop Dell Latitude D620 Core2Duo
Windows XP Pro SP3
Desktop HP Pavilion p6533w
AMD Dual Core 3.0
Windows 7 Home Premium
Server Windows XP Pro SP3
3.0 Ghz 3 GB Ram


Report •

#18
November 2, 2014 at 16:01:52
I was able to get eset to run. Here is the log.

ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=fe10a9441b2da24c89ee167228950ac9
# engine=20876
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-11-01 01:33:47
# local_time=2014-10-31 09:33:47 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 8820789 166349077 0 0
# scanned=285560
# found=206
# cleaned=0
# scan_time=15968
sh=E85FEB308BDF55610B5E1E434C23C6871A9BA8AF ft=1 fh=8560ecb4b1bfda38 vn="a variant of MSIL/AdvancedSystemProtector.E potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ASP\AdvancedSystemProtector.exe.vir"
sh=887A14C70B20A64E615F53298B6A6E7678154F6A ft=1 fh=d98a57574ec6cadf vn="a variant of MSIL/AdvancedSystemProtector.F potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ASP\AspManager.exe.vir"
sh=95AABFBC3A7FCEA51179B455FBDD5B7B4888C6EC ft=1 fh=567a33047db71482 vn="Win32/Systweak.K potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ASP\ASPUninstall.exe.vir"
sh=B104C9A9F8FAC42164CDA37BFEC0827F234E41FC ft=1 fh=4d5d385a06c56521 vn="a variant of Win32/Systweak.F potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ASP\Communication.dll.vir"
sh=E3DAD1022FF74127D86AE36E49AD43BF27666E95 ft=1 fh=248e1f375048ab6b vn="a variant of MSIL/AdvancedSystemProtector.F potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ASP\filetypehelper.exe.vir"
sh=34E0F73EB39A91A2DFFC5347CB5699933A9B4B73 ft=1 fh=46f27ba2fc037505 vn="a variant of MSIL/AdvancedSystemProtector.F potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ASP\scandll.dll.vir"
sh=AC874F39355CEABCAFC203C91DCE1516E452A144 ft=1 fh=a31b866c83daa41a vn="MSIL/AdvancedSystemProtector.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ASP\Troubleshooter\asp-fixer.com.vir"
sh=AC874F39355CEABCAFC203C91DCE1516E452A144 ft=1 fh=a31b866c83daa41a vn="MSIL/AdvancedSystemProtector.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ASP\Troubleshooter\asp-fixer.exe.vir"
sh=AC874F39355CEABCAFC203C91DCE1516E452A144 ft=1 fh=a31b866c83daa41a vn="MSIL/AdvancedSystemProtector.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ASP\Troubleshooter\asp-fixer.pif.vir"
sh=AC874F39355CEABCAFC203C91DCE1516E452A144 ft=1 fh=a31b866c83daa41a vn="MSIL/AdvancedSystemProtector.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ASP\Troubleshooter\asp-fixer.scr.vir"
sh=AC874F39355CEABCAFC203C91DCE1516E452A144 ft=1 fh=a31b866c83daa41a vn="MSIL/AdvancedSystemProtector.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ASP\Troubleshooter\firefox.com.vir"
sh=AC874F39355CEABCAFC203C91DCE1516E452A144 ft=1 fh=a31b866c83daa41a vn="MSIL/AdvancedSystemProtector.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ASP\Troubleshooter\iexplore.exe.vir"
sh=8F0EBB312ACE89E9D18D791B6EC2CD4EC9694A2A ft=1 fh=6055f3594729ccc2 vn="a variant of Win32/Toolbar.CrossRider.BM potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Cin-Plus-1.4AIV27.10\34cde2eb-42b7-4b57-9605-070a4b5c7e66.dll.vir"
sh=06E8065CB28F8AE4E437CEA75147B382B761ABE9 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Cin-Plus-1.4AIV27.10\829d0683-84c3-40f4-bef4-508b197def46.crx.vir"
sh=A46FD0DFEDE958AE99AEC6203C4484B3E4FB4540 ft=1 fh=a197f600ffc865a9 vn="a variant of Win32/Toolbar.CrossRider.BB potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Cin-Plus-1.4AIV27.10\829d0683-84c3-40f4-bef4-508b197def46.dll.vir"
sh=18A161DE91DE246C1DDBC40352D6550659CC7B9D ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Cin-Plus-1.4AIV27.10\99ef9ba6-1bdc-47c1-a739-3b733d0f9443.crx.vir"
sh=06E8065CB28F8AE4E437CEA75147B382B761ABE9 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Cin-Plus-1.4AIV27.10\e70768cc-947c-4f87-b122-b858c7b1bee0.crx.vir"
sh=D95A0439FE4E4CD4F10C7510248675243EEB766B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Cin-Plus-1.4AIV27.10\e70768cc-947c-4f87-b122-b858c7b1bee0.xpi.vir"
sh=825C53AC47F5AD5B677541D9951DF8F4EFD5CDE5 ft=1 fh=f649d126ac5f26e6 vn="a variant of Win32/Toolbar.CrossRider.AW potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Cin-Plus-1.4AIV27.10\Uninstall.exe.vir"
sh=CEE779B2060783DC57C28F8FCAA863E9EEFBC8F7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Clip-High_D_06\327d94ca-5b14-4a02-a34a-0ef28e8fe5ee.crx.vir"
sh=5127A680B744C3A983EFFF1DC6E880D51C9F2596 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Clip-High_D_06\c5cfd70a-d118-4022-a350-6d043843cec8.crx.vir"
sh=3EDD07E9AC5C23407C53B0B01C56E5942EB59A73 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Clip-High_D_06\c5cfd70a-d118-4022-a350-6d043843cec8.xpi.vir"
sh=46E509706C1A617A7F9906A60FF49EFFE0D04BCB ft=1 fh=b9616248951c2853 vn="a variant of Win32/Toolbar.CrossRider.BD potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Clip-High_D_06\Clip-High_D_06-buttonutil.dll.vir"
sh=DADAEE1AB91FEAF7187E30433FDFCE68B917B9F4 ft=1 fh=c51a925d778780ae vn="a variant of Win32/Toolbar.CrossRider.BM potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Clip-High_D_06\Clip-High_D_06-buttonutil64.dll.vir"
sh=47AFB34EF2FD008186C36C68D1CAC4D770466941 ft=1 fh=c41ba47204c87e94 vn="a variant of Win32/Toolbar.CrossRider.BB potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Clip-High_D_06\d8a022e5-377f-4e79-9569-9c051fc6adb4.dll.vir"
sh=F1C2737B1A71937EA40CF2B3288286E2BEF116A2 ft=1 fh=6ac71a8ec0d85028 vn="a variant of Win32/Toolbar.CrossRider.BM potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Clip-High_D_06\fa446e25-0ac2-473c-b944-fad333f689e2.dll.vir"
sh=167EA98DE01C89849D0DF69FB0FD1C03CC5EDA8A ft=1 fh=2445eb594c438626 vn="a variant of Win32/Toolbar.CrossRider.AW potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Clip-High_D_06\Uninstall.exe.vir"
sh=B1B4AC07DAA8083D6ED8F9B7EB9720EF9E0D938F ft=1 fh=0514f3564bf3a05d vn="a variant of Win32/AdWare.EoRezo.AU application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\fst_us_285\freeSoftToday_widget.exe.vir"
sh=F5F71AB418F703D58AA5466595BA6B34E7CCA5C3 ft=1 fh=bbee0b0c37145a82 vn="a variant of Win32/SpeedingUpMyPC application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro\OptimizerPro.exe.vir"
sh=8CDC93ED4639516458FADC1E476669DFD1CEEF05 ft=1 fh=0078b8d4d130cd49 vn="a variant of Win32/AirAdInstaller.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Software Updater\setup.exe.vir"
sh=B5DD3ABDFCBE02F5891B9D59305E66E6829225A4 ft=1 fh=6656dd5255da2d16 vn="a variant of Win32/AirAdInstaller.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Software Updater\SoftwareUpdater.exe.vir"
sh=0ED4B9FCCE9A375DDF372F3368DF2C541215BBBE ft=1 fh=c71c00118bf034d2 vn="Win32/AirAdInstaller.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Software Updater\Uninstall.exe.vir"
sh=2FC3A5E92137A2B80A59D68B7C62C774C50FFE00 ft=1 fh=938e1c7bdaa228ad vn="Win32/Thinknice.E potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\HpUI.exe.vir"
sh=12EBF6FC8AD543662053CA101C2D5DA175137EB2 ft=1 fh=c71c00119e5c1a87 vn="Win32/Thinknice.E potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\Loader32.exe.vir"
sh=8F0ABE23DDA3F9DC04497B1A4F455AF8CE9D45B8 ft=1 fh=787e176d56997de7 vn="Win64/Thinknice.E potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\Loader64.exe.vir"
sh=9AE9A2C0B8241366357206097FD312B5671FCAE8 ft=1 fh=dc7a3c84863e13b7 vn="Win32/Thinknice.E potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\uninstall.exe.vir"
sh=C4985BA9C5135CBB1A7AADF8919BA2AC8E2123FC ft=1 fh=080df1c602add6c5 vn="a variant of Win32/Adware.EoRezo.AJ application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Chris\AppData\Local\fst_us_285\upfst_us_285.exe.vir"
sh=D2380C24BABD4CDB94107CC444C6DE560C60CE60 ft=1 fh=5fe78517fff78311 vn="Win32/AdWare.EoRezo.AW application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Chris\AppData\Local\fst_us_285\Download\majmp_gentleeeuu.exe.vir"

Laptop Dell Latitude D620 Core2Duo
Windows XP Pro SP3
Desktop HP Pavilion p6533w
AMD Dual Core 3.0
Windows 7 Home Premium
Server Windows XP Pro SP3
3.0 Ghz 3 GB Ram


Report •

#19
November 2, 2014 at 16:03:10
Part 2


sh=4366C918541BB2CEFC4A8B2A45EAC57D389F828C ft=1 fh=7ef564c46477e9b8 vn="a variant of MSIL/Toolbar.Linkury.I potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Chris\AppData\Local\Smartbar\Application\lrrot.dll.vir"
sh=F45056B277A554262CDD038F3E1F0782F0604392 ft=1 fh=d39d53ce7216be4a vn="a variant of MSIL/Toolbar.Linkury.I potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Chris\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll.vir"
sh=7D6450EA5A8ECE580E98E755B833241C6120DEBB ft=1 fh=f2f1f39f6f2b4d9e vn="a variant of MSIL/Toolbar.Linkury.I potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Chris\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll.vir"
sh=779750EC105F9CFEA056A8DEC917BC8DE6A0D41E ft=1 fh=d94509e80a71c2d1 vn="a variant of MSIL/Toolbar.Linkury.I potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Chris\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.ChromeLocalPlugin.dll.vir"
sh=146E335B0A72F3BB03267E7282BF3DC4E4B05EB8 ft=1 fh=2fb048e234cd4258 vn="a variant of MSIL/Toolbar.Linkury.I potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Chris\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.FireFoxLocalPlugin.dll.vir"
sh=9F3CE2F79F47BC5F1B688C85EE3CE931AC8477DE ft=1 fh=fdb61c35b923e4b5 vn="a variant of MSIL/Toolbar.Linkury.I potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Chris\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll.vir"
sh=594B8D55A2CB39373111E766C660909A8DC984C7 ft=1 fh=2b25d9edb0e4e755 vn="a variant of MSIL/Toolbar.Linkury.E potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Chris\AppData\Local\Smartbar\Application\SmartbarInternetExplorerBHO.dll.vir"
sh=594B8D55A2CB39373111E766C660909A8DC984C7 ft=1 fh=2b25d9edb0e4e755 vn="a variant of MSIL/Toolbar.Linkury.E potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Chris\AppData\Local\Smartbar\Application\SmartbarInternetExplorerBHO2.dll.vir"
sh=CB67CE014186B4116DA2F70E5DAF0D7159E066CB ft=1 fh=903a00abbc70a964 vn="a variant of MSIL/Toolbar.Linkury.D potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Chris\AppData\Local\Smartbar\Application\SmartbarInternetExplorerExtension.dll.vir"
sh=CB67CE014186B4116DA2F70E5DAF0D7159E066CB ft=1 fh=903a00abbc70a964 vn="a variant of MSIL/Toolbar.Linkury.D potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Chris\AppData\Local\Smartbar\Application\SmartbarInternetExplorerExtension2.dll.vir"
sh=31872B953C72D1908BB3425314B13567CF6FFB69 ft=1 fh=2c936e34f0796534 vn="a variant of MSIL/Toolbar.Linkury.I potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Chris\AppData\Local\Smartbar\Application\smta.dll.vir"
sh=7B810E5324A7B3EE1317E50EBB1481CF53743825 ft=1 fh=fb943d58a27c6d4d vn="a variant of MSIL/Toolbar.Linkury.I potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Chris\AppData\Local\Smartbar\Application\smtu.dll.vir"
sh=E5CD8C8DDAFB797D3DA77B756FA5BE3E5FB91897 ft=1 fh=9c37a231a2b719a0 vn="a variant of MSIL/Toolbar.Linkury.I potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Chris\AppData\Local\Smartbar\Application\spbe.dll.vir"
sh=F76EFC17EA715C47BC211EB95F22A62CF3623E83 ft=1 fh=d97c91b0bf8ca9eb vn="a variant of MSIL/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Chris\AppData\Local\Smartbar\Application\spbl.dll.vir"
sh=C05FE40EFD74FD918B0B3271A0308569997413BC ft=1 fh=627baba9e23b681c vn="a variant of MSIL/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Chris\AppData\Local\Smartbar\Application\sppsm.dll.vir"
sh=F62E82E4572164A4232DF172EC76538230081A2F ft=1 fh=a705bad996f7364f vn="a variant of MSIL/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Chris\AppData\Local\Smartbar\Application\spusm.dll.vir"
sh=36588132EB1E8BB12F0C88BEFFC8645962EF6E57 ft=1 fh=b1e268c51cc121c8 vn="a variant of MSIL/Toolbar.Linkury.I potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Chris\AppData\Local\Smartbar\Application\srau.dll.vir"
sh=105DC0F0C97F47866EEA2450373FBF0A4322A453 ft=1 fh=9e6f6c104c1d4061 vn="a variant of MSIL/Toolbar.Linkury.I potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Chris\AppData\Local\Smartbar\Application\srbs.dll.vir"
sh=E9E4D88F43F38BC29B6A8BA44435AD36F77AC039 ft=1 fh=01dac2692a173659 vn="a variant of MSIL/Toolbar.Linkury.F potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Chris\AppData\Local\Smartbar\Application\srbu.dll.vir"
sh=5239C1E066E0DCAB7E241C987C7BD2C0E8A91894 ft=1 fh=be47ddd470e12a83 vn="a variant of MSIL/Toolbar.Linkury.I potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Chris\AppData\Local\Smartbar\Application\srpu.dll.vir"
sh=AD2C614152373C56C8D9D79F7805149CB973FE19 ft=1 fh=0b8ae79531b8198b vn="Win32/Toolbar.Linkury.D potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Chris\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\GoogleChromeRemotePlugin.dll.vir"
sh=858967CE0E7C0F9CA536776D47EFE8BCC11EB6D0 ft=1 fh=efcc34e7ea403613 vn="a variant of Win32/Toolbar.Linkury.D potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Chris\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_28.dll.vir"
sh=DC01864A8A7F86EB936E29EE740ACF899510855B ft=1 fh=da3920de5214ce1c vn="a variant of Win32/Toolbar.Linkury.D potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Chris\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_29.dll.vir"
sh=7888DD48B46070DD4BE97D2A1DC43F70DA4C44AD ft=1 fh=577d580e40d80373 vn="a variant of Win32/Toolbar.Linkury.D potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Chris\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_30.dll.vir"
sh=095061BFEE5F625F2EC16A6DC8A67DB0EDDB35DE ft=1 fh=188eee49c4c9e9db vn="a variant of Win32/Toolbar.Linkury.D potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Chris\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_31.dll.vir"
sh=36ED9A531DFF9C97C04CCD8666EA28A61B736779 ft=1 fh=552fb4c09778b82e vn="a variant of Win32/Toolbar.Linkury.D potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Chris\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_32.dll.vir"
sh=19002B3E3DF673268F9AF9AE217A8A22C9015E70 ft=1 fh=ab819e971b7ff3e0 vn="a variant of Win32/Toolbar.Linkury.D potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Chris\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_33.dll.vir"
sh=DBA7A4713FFDF69B366FCE44415010EBFC6B3C09 ft=1 fh=95c849217c479484 vn="a variant of Win32/DealPly.S potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Chris\AppData\Roaming\PennyBee\UpdateProc\UpdateTask.exe.vir"
sh=FA55D765ACECF0E142995558447BA1C0C64A95B9 ft=1 fh=8a5fed32a6adae19 vn="a variant of Win64/Systweak.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir
sh=E4027F8D6AA39634C594FDAE421CB337B7037D90 ft=1 fh=5ccd612001d97e3e vn="a variant of Win64/Riskware.NetFilter.E application" ac=I fn="C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\ssnfd_1_10_0_0.sys-k.mbam"
sh=E4027F8D6AA39634C594FDAE421CB337B7037D90 ft=1 fh=5ccd612001d97e3e vn="a variant of Win64/Riskware.NetFilter.E application" ac=I fn="C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\ssnfd_1_10_0_0.sys-r.mbam"
sh=E4027F8D6AA39634C594FDAE421CB337B7037D90 ft=1 fh=5ccd612001d97e3e vn="a variant of Win64/Riskware.NetFilter.E application" ac=I fn="C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\ssnfd_1_10_0_0.sys-u.mbam"
sh=E4027F8D6AA39634C594FDAE421CB337B7037D90 ft=1 fh=5ccd612001d97e3e vn="a variant of Win64/Riskware.NetFilter.E application" ac=I fn="C:\Users\All Users\Malwarebytes\Malwarebytes Anti-Malware\ssnfd_1_10_0_0.sys-k.mbam"
sh=E4027F8D6AA39634C594FDAE421CB337B7037D90 ft=1 fh=5ccd612001d97e3e vn="a variant of Win64/Riskware.NetFilter.E application" ac=I fn="C:\Users\All Users\Malwarebytes\Malwarebytes Anti-Malware\ssnfd_1_10_0_0.sys-r.mbam"
sh=E4027F8D6AA39634C594FDAE421CB337B7037D90 ft=1 fh=5ccd612001d97e3e vn="a variant of Win64/Riskware.NetFilter.E application" ac=I fn="C:\Users\All Users\Malwarebytes\Malwarebytes Anti-Malware\ssnfd_1_10_0_0.sys-u.mbam"
sh=9413821E4285C46DAF48156B472065FC2D763FE8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C potentially unwanted application" ac=I fn="C:\Users\Chris\AppData\Roaming\XXD"
sh=DDD7E789E67132CF6C5D8169B2F46E3498FCA60F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C potentially unwanted application" ac=I fn="C:\Users\Chris\AppData\Roaming\YXRXNRI"

Laptop Dell Latitude D620 Core2Duo
Windows XP Pro SP3
Desktop HP Pavilion p6533w
AMD Dual Core 3.0
Windows 7 Home Premium
Server Windows XP Pro SP3
3.0 Ghz 3 GB Ram

message edited by ChristopherTGarrett


Report •

#20
November 2, 2014 at 16:10:06
Most of that is just picking up what ADWCleaner has quarantined so they are harmless. It won't hurt to let it remove them though and will help see the wood for the trees.

Always pop back and let us know the outcome - thanks


Report •

#21
November 2, 2014 at 16:27:06
Adware that tells you that you are infected tries to get you to click on something which will install something worse or take you to their web page where they get you to click on a free scan which tells you that you have hundreds of things infecting your computer and you have to pay them to get rid of them. After you pay them, they turn off their warnings and reset a timer to warn you again in a month or so. After that they tell you that you really need their premium version and ask you for more money and they repeat it.
Never click on anything like that, just close the page or use task manager to close it and run a scan like Malwarebytes and make sure that you do not have any add ons in your browser to uninstall or disable.

You have to be a little bit crazy to keep you from going insane.


Report •

#22
November 4, 2014 at 15:03:51
I am still having issue's. with the ad ware. I opened the config page of my router in IE and chrome got add's even in the router config. So this is a browser infection problem. I have ran JRT adw cleaner Maleware bytes. Nothing is showing up. Im about to run in safemode.

Laptop Dell Latitude D620 Core2Duo
Windows XP Pro SP3
Desktop HP Pavilion p6533w
AMD Dual Core 3.0
Windows 7 Home Premium
Server Windows XP Pro SP3
3.0 Ghz 3 GB Ram


Report •

#23
November 4, 2014 at 18:59:39
Clean out Cookies, Histories, etc in your browsers.
Remove any add ons that you do not particularly need.
Run Malwarebytes and others in Safe Mode. Make sure that you update them first and make sure that 'root kit scanning' is checked off in Malwarebytes.

I recently had a stubborn problem (on a computer at home) that Malwarebytes was not detecting and I was not really sure it was updating so I did a system restore to a month back to 'deactivate' anything running. Then I went to run Malwarebytes and it could not run. I went to install the newest version over the current one and it could not uninstall the older version due to not finding files. I tried manually uninstalling it and came across the same issue. These point to an issue that the registry version was no longer the same as the files on the hard drive so I used revo uninstaller to get rid of the remains and registry entries. Then I was able to install a fresh copy of Malwarebytes and all was working correctly.
I am telling you this because if you get to a point that you cannot get rid of the main issue of malware, you might try a system restore to a date significantly far enough back to be before you began noticing the infection which worked for me, but there was this side issue that needed to be fixed (though not really a major issue). Running the cleaners again at the end is to make sure that there is no early version of the infection or little time bombs waiting around to be triggered all over again.

You have to be a little bit crazy to keep you from going insane.


Report •

#24
November 5, 2014 at 09:05:27
System restore was set to use not much space. I could not restore to a date before the infection. I am going to change that. Right now system restore is off so nothing will hide there. I am still working on the problem. I am off work next 2 days so I will have time. I will use revo to remove maleware bytes. I know this is crazy but I have thought about clicking and installing the fake updates it wants me to get getting the system real infected then trying to scan and remove with maleware bytes I know that sounds crazy but you never know it may work. It seems like I have tried everything though cleared history etc no luck.

Laptop Dell Latitude D620 Core2Duo
Windows XP Pro SP3
Desktop HP Pavilion p6533w
AMD Dual Core 3.0
Windows 7 Home Premium
Server Windows XP Pro SP3
3.0 Ghz 3 GB Ram


Report •

#25
November 5, 2014 at 11:22:35

Try a scan with hitmanpro 3 Unlimited free scanning and free 30-day version to remove detected malware.
Also try Norton Power Eraser if neither of these work then I suggest you download HiJackThis and find someone to look at the log files, DO NOT POST THEM ON HERE you can get an automated analysis by posting your log files Here

Help to avoid an infection use FREE protection
nowyoudo.co.uk


Report •

#26
November 5, 2014 at 13:57:56
I removed chrome and IE. The crazy thing is when I removed IE It did not go back to previous version. Now Internet explore will not re install. I was getting a message about
web-platform-customizations.

The error is Web Platform Customization s has been removed from this computer. Do you want to clean up your personalized settings for this computer?

Laptop Dell Latitude D620 Core2Duo
Windows XP Pro SP3
Desktop HP Pavilion p6533w
AMD Dual Core 3.0
Windows 7 Home Premium
Server Windows XP Pro SP3
3.0 Ghz 3 GB Ram

message edited by ChristopherTGarrett


Report •

#27
November 5, 2014 at 14:27:06
I just ran Norton Power Scrubber. The log was all wrote together. Just like Norton to be unorganized. The only useful tool Norton has is the removal tool. I am at my wits end. About decided to just run a system recovery and re install Windows. I have already pulled all important info off. Maybe that is best because I use this system a lot for banking and paying credit card bills.
Every time I run Windows Update and reboot I get the mentioned error message. The updates seem to install but Internet explore will not. I really really do not want to do a re install. It seems m spending time trying all these things when it would be faster to just re install Windows. It just blows my mind about Internet Explore being gone. Reminds me I had a problem like this with Windows 98 years ago.
Good News!!!
Internet Explore Installed :) no more of the above error. Not that I use Internet Explore it just didn't feel right not being able to install it.
And yes it still seems Infected.
OK I ran adw cleanerer again. Every time I have ran it it found something dealing with superfish. So I did regedit and manually deleted superfish. browser still seems infected.
Here is what I deleted.
HKCU\Software\Microsoft\Internet Exploer\LowRegistry\DOMStorage\superfish.com

HKCU\Software\Microsoft\Internet Exploer\LowRegistry\DOMStorage\www.superfish.com

Hitman pro also found superfish.

When I come back I am just editing this post. I will not reply until I get a reply just trying things and reporting back.
adw cleaner is still finding it.

message edited by ChristopherTGarrett


Report •

#28
November 5, 2014 at 16:31:27
Keep Rkill running when you are running ADW etc and do this from safe mode.

Always pop back and let us know the outcome - thanks


Report •

#29
November 5, 2014 at 17:49:49
I ran adw cleaner in safe mode along with rkill. It still does the same finds the super fish and cleans it but when I get back in Windows the super fish is back. I will try with maleware bytes.

Report •

#30
November 5, 2014 at 17:56:58
Have you been through this lot?:
http://malwaretips.com/blogs/superf...

It can often be important to follow the exact sequence.

Always pop back and let us know the outcome - thanks


Report •

#31
November 6, 2014 at 01:59:51
Problem solved now. Went to safe mode scanned with rkill and maleware bytes. I am posting from the computer that was infected. As far as the above removal superfish was not in add/remove I just looked it is still in the registry.

Report •

#32
November 6, 2014 at 07:27:32
That's good news but keep an eye on it. Without an in depth investigation you can never be quite certain that there is nothing more lurking.

Always pop back and let us know the outcome - thanks


Report •

#33
November 8, 2014 at 09:27:38
Yes I know and there was right after I posted that. I scanned again with maleware bytes and now everything seems good after a few days.

Report •

#34
November 8, 2014 at 09:47:06
OK thanks for feedback.

Always pop back and let us know the outcome - thanks


Report •

#35
November 9, 2014 at 06:06:06
I know this problem is solved. But who changed the subject line? This was not a problem with the Dell Latitude D620. I put in the subject Infected And Redirects. Someone changed the subject to "Dell Latitude D620 Laptop Infected And Redirects" I guess what I put was not good enough. Next time I will make the subject "I like my Grandma's cornbread"

Report •

#36
November 9, 2014 at 08:30:39
I can only guess. Only selected people can make these changes (not sure if mods is the right word). Because Del Latitude D620 appeared, for some reason or other, in the tags I imagine whoever changed it assumed that's what it was and would therefore help us.

The trick for the future is to give the make and model number of the computer with the problem somewhere in the initial post, although it did say desktop.

Always pop back and let us know the outcome - thanks

message edited by Derek


Report •

#37
November 9, 2014 at 09:43:29
I can see how the konphusion may have arisen. In your specs you list two systems, and the Dell is the first one...

Being "smart" after the fact... it might have been better to list only the specs for the system under discussion?

Incidentally - "Do you like your Grandma's corn bread?" Have to say it's one N. American "delicacy I just can't really enthuse over... But then it did take me a wee while to really enjoy corn on the cob; after a few less than exciting experiences with it the in UK. At least in Canada/USA pholks know how to cook and present it properly...


Report •

#38
November 9, 2014 at 10:35:18
I think folk often don't want to mess with specs on here for the occasional post about another computer. That's why a quick mention in the original post might be the neatest way to go.

Always pop back and let us know the outcome - thanks


Report •

Ask Question