I need virus help!

May 15, 2009 at 20:59:55
Specs: Windows XP
I have a virus that redirects links from yahoo search, etc. I'm a young woman without computer training. Please can someone help me remove it? I've run spybot, malwarebytes' antimalware and antivir pe classic without luck.

See More: I need virus help!

Report •


#1
May 15, 2009 at 21:04:35
I also tried system restore, but the virus doesn't allow me to restore. So frustrating!

Report •

#2
May 15, 2009 at 21:18:06
Hi,
Can you please post your AVZ log:

1) To create the logfile, download AVZ by clicking HERE. Please save this file to your desktop or "My Documents" folder.

2) Next, unpack the file to a new folder using the Compressed (zipped) folders wizard built into Windows XP/Vista, or a zip utility of your choice.

3) Once you have unpacked the contents of the zip archive, please launch the file AVZ.exe by double clicking on it or right clicking and selecting Open.
Note: If you are running Windows vista launch AVZ.exe by right clicking and selecting Run as Administrator

You should now see the main window of the AVZ utility. Please navigate to File->Custom Scripts. Copy the script below by using the keyboard shortcut CTRL+C or the corresponding option via right click.

begin
ExecuteStdScr(3);
RebootWindows(true);
end.

Paste the script into the execution window by using CTRL+V keyboard shortcut, or the "paste" option via the right click menu. Click on Run to run the script, the PC will reboot. After the reboot the LOG subfolder is created in the folder with AVZ, with a file called virusinfo_syscure.zip inside. Upload that file to rapidshare.com and paste the link here.

Image Tutorial


Report •

#3
May 16, 2009 at 08:01:37
Thank you so much for your help! Here is the file you requested:

http://rapidshare.com/files/2336702...


Report •

Related Solutions

#4
May 16, 2009 at 08:22:09
Log Seems clean. Follow this steps:

1) Change your dns server to opendns. http://www.opendns.com/start/

2) download http://devbuilds.kaspersky-labs.com...

Select all the areas to scan -> press scan. Post the screenshot/log of detected items.

Also fix the detected with what kaspersky recommends.


Report •

#5
May 16, 2009 at 08:38:54
I can't seem to change the DNS server. Do I actually delete the numbers and trype in "OpenDNS" in their place? Or do I just copy the numbers they list? If I'm supposed to just copy the numbers they list, I already have the same numbers in there.

Report •

#6
May 16, 2009 at 08:43:27
https://www.opendns.com/start/device/windows-xp you need numbers. If its same leave it. Proceed to part 2 and if you can post your malwarebyte log from last scan.

Report •

#7
May 16, 2009 at 23:00:35
Here ae the results of the two scans:

1. Malwarebytes'

Malwarebytes' Anti-Malware 1.33
Database version: 1692
Windows 5.1.2600 Service Pack 3

5/14/2009 4:35:27 PM
mbam-log-2009-05-14 (16-35-27).txt

Scan type: Full Scan (C:\|)
Objects scanned: 157082
Time elapsed: 1 hour(s), 3 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

2. Kaspersky:

deleted: Trojan program Backdoor.Win32.Neakse.ej File: C:\Qoobox\Quarantine\C\WINDOWS\system32\ovfsthxsoqmppsh.dll.vir
deleted: Trojan program Trojan.Win32.Tdss.acsz File: C:\Qoobox\Quarantine\C\WINDOWS\system32\ovfsthxulegigqa.dll.vir

Thanks again for your help!


Report •

#8
May 17, 2009 at 04:23:03
Can you also post combo fix log.

Report •

#9
May 17, 2009 at 08:47:32
Here is the combofix log. Thanks!

ComboFix 09-05-16.05 - Jim 05/17/2009 8:34.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.640 [GMT -7:00]
Running from: c:\documents and settings\Jim\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((( Files Created from 2009-04-17 to 2009-05-17 )))))))))))))))))))))))))))))))
.

2009-05-16 22:30 . 2009-05-17 15:39 8583200 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-05-16 15:50 . 2008-07-08 21:54 148496 ----a-w c:\windows\system32\drivers\98049959.sys
2009-05-15 18:51 . 2009-05-15 18:51 -------- d-sh--w c:\documents and settings\NetworkService\IETldCache
2009-05-15 16:51 . 2009-05-15 17:20 -------- d-----w c:\documents and settings\Jim\SmitfraudFix
2009-05-15 16:39 . 2009-05-17 15:34 -------- d-----w c:\windows\system32\CatRoot2
2009-05-15 16:31 . 2009-05-15 16:31 912 ----a-w c:\documents and settings\Jim\TEMP.BAT
2009-05-15 16:25 . 2009-05-15 16:25 -------- d-----w C:\ea
2009-05-15 14:43 . 2009-05-15 14:43 -------- d-sh--w c:\documents and settings\LocalService\IETldCache
2009-05-12 15:23 . 2009-05-12 15:23 -------- d-sh--w c:\documents and settings\Jim\IECompatCache
2009-05-12 15:12 . 2009-05-12 15:37 -------- d-----w c:\program files\Windows Live Safety Center
2009-05-07 14:49 . 2009-05-07 16:15 -------- d-----w c:\windows\system32\796525
2009-05-04 14:53 . 2009-05-04 14:53 -------- d-sh--w c:\windows\system32\config\systemprofile\PrivacIE
2009-05-03 14:01 . 2009-05-03 14:01 -------- d-sh--w c:\documents and settings\Jim\Local Settings\Application Data\.#
2009-04-30 16:26 . 2009-03-11 05:18 453512 ----a-w c:\windows\system32\KB905474\wgasetup.exe
2009-04-30 16:26 . 2009-05-01 02:32 -------- d-----w c:\windows\system32\KB905474
2009-04-30 16:17 . 2009-04-30 16:17 -------- d-----w c:\windows\system32\XPSViewer
2009-04-30 16:16 . 2009-04-30 16:16 -------- d-----w c:\program files\MSBuild
2009-04-30 16:16 . 2009-04-30 16:16 -------- d-----w c:\program files\Reference Assemblies
2009-04-30 16:15 . 2008-07-06 12:06 117760 ------w c:\windows\system32\prntvpt.dll
2009-04-30 16:15 . 2008-07-06 12:06 89088 -c----w c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-04-30 16:15 . 2008-07-06 10:50 597504 -c----w c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-04-30 16:15 . 2008-07-06 12:06 575488 -c----w c:\windows\system32\dllcache\xpsshhdr.dll
2009-04-30 16:15 . 2008-07-06 12:06 575488 ------w c:\windows\system32\xpsshhdr.dll
2009-04-30 16:15 . 2008-07-06 12:06 1676288 -c----w c:\windows\system32\dllcache\xpssvcs.dll
2009-04-30 16:15 . 2008-07-06 12:06 1676288 ------w c:\windows\system32\xpssvcs.dll
2009-04-30 16:15 . 2009-04-30 16:16 -------- d-----w C:\7ca572eed919562721d9bd8c69
2009-04-30 15:31 . 2009-04-30 15:33 -------- d-----w C:\Rooter$
2009-04-29 18:24 . 2009-04-29 18:24 -------- d-sh--w c:\documents and settings\Administrator\IETldCache
2009-04-29 15:03 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-29 15:03 . 2009-02-06 10:39 35328 -c----w c:\windows\system32\dllcache\sc.exe
2009-04-29 15:03 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-29 15:03 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-04-29 15:03 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-29 15:03 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-29 15:03 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-29 15:03 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-29 15:03 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-29 15:03 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-29 15:02 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-29 15:02 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-28 17:06 . 2009-04-28 17:06 -------- d-sh--w c:\documents and settings\Jim\PrivacIE
2009-04-28 17:05 . 2009-04-28 17:05 -------- d-sh--w c:\windows\system32\config\systemprofile\IETldCache
2009-04-28 17:04 . 2009-04-28 17:04 -------- d-sh--w c:\documents and settings\Jim\IETldCache
2009-04-28 16:53 . 2009-04-28 16:58 -------- dc-h--w c:\windows\ie8
2009-04-18 16:28 . 2009-04-18 16:28 -------- d-----w c:\program files\Enigma Software Group

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-17 07:08 . 2009-05-16 22:30 68060 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-05-17 07:07 . 2005-08-05 05:22 -------- d-----w c:\program files\Apoint
2009-05-12 18:27 . 2006-10-26 02:46 -------- d-----w c:\program files\Palm
2009-04-30 16:34 . 2005-10-07 13:10 -------- d-----w c:\program files\Microsoft Works
2009-04-30 15:38 . 2006-02-07 16:30 -------- d-----w c:\program files\Common Files\Real
2009-04-29 15:33 . 2009-01-23 06:12 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-28 16:07 . 2009-01-25 17:04 -------- d-----w c:\program files\Panda Security
2009-03-11 05:18 . 2009-03-11 05:18 239496 ------w c:\windows\system32\SETB.tmp
2009-03-08 11:34 . 2005-08-05 12:08 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 11:34 . 2005-08-05 12:08 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 11:33 . 2005-08-05 12:08 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 11:33 . 2005-08-05 12:08 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 11:32 . 2005-08-05 12:08 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 11:32 . 2005-08-05 12:08 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 11:31 . 2005-08-05 12:08 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 11:31 . 2005-08-05 12:08 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 11:31 . 2005-08-05 12:08 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 11:22 . 2005-08-05 12:08 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:22 . 2005-08-05 12:08 284160 ----a-w c:\windows\system32\pdh.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-05-16_22.38.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-17 07:10 . 2009-05-17 07:10 16384 c:\windows\Temp\Perflib_Perfdata_7b4.dat
+ 2009-05-17 07:09 . 2009-05-17 07:09 16384 c:\windows\Temp\Perflib_Perfdata_6e0.dat
+ 2009-05-17 07:07 . 2003-06-03 07:55 87821 c:\windows\system32\ReinstallBackups\[u]0[/u]013\DriverFiles\Vxdif.dll
+ 2009-05-17 07:07 . 2008-04-13 18:39 23040 c:\windows\system32\ReinstallBackups\[u]0[/u]013\DriverFiles\i386\mouclass.sys
+ 2009-05-17 07:07 . 2008-04-13 19:18 52480 c:\windows\system32\ReinstallBackups\[u]0[/u]013\DriverFiles\i386\i8042prt.sys
+ 2009-05-17 07:07 . 2002-07-11 05:04 65536 c:\windows\system32\ReinstallBackups\[u]0[/u]013\DriverFiles\EzAuto.dll
+ 2009-05-17 07:07 . 1998-08-24 14:37 91136 c:\windows\system32\ReinstallBackups\[u]0[/u]013\DriverFiles\Elprop.dll
+ 2009-05-17 07:07 . 2003-02-26 18:08 45056 c:\windows\system32\ReinstallBackups\[u]0[/u]013\DriverFiles\ApntEx.exe
+ 2009-05-17 07:07 . 2003-09-29 20:31 94601 c:\windows\system32\ReinstallBackups\[u]0[/u]013\DriverFiles\Apfiltr.sys
- 2004-08-03 22:58 . 2008-04-13 18:39 23040 c:\windows\system32\drivers\mouclass.sys
+ 2004-08-03 22:58 . 2008-04-13 17:39 23040 c:\windows\system32\drivers\mouclass.sys
- 2004-08-03 23:14 . 2008-04-13 19:18 52480 c:\windows\system32\drivers\i8042prt.sys
+ 2004-08-03 23:14 . 2008-04-13 18:18 52480 c:\windows\system32\drivers\i8042prt.sys
+ 2004-08-03 22:58 . 2008-04-13 17:39 23040 c:\windows\system32\dllcache\mouclass.sys
+ 2004-08-03 23:14 . 2008-04-13 18:18 52480 c:\windows\system32\dllcache\i8042prt.sys
- 2005-08-05 12:33 . 2009-05-16 14:54 49152 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2005-08-05 12:33 . 2009-05-17 06:27 49152 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2005-08-05 12:33 . 2009-05-16 14:54 98304 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2005-08-05 12:33 . 2009-05-17 06:27 98304 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2005-08-05 12:33 . 2009-05-17 06:27 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2005-08-05 12:33 . 2009-05-16 14:54 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-05-17 07:07 . 1999-01-14 01:41 6144 c:\windows\system32\ReinstallBackups\[u]0[/u]013\DriverFiles\ApWheel.dll
+ 2009-05-17 07:07 . 2003-06-03 20:36 188416 c:\windows\system32\ReinstallBackups\[u]0[/u]013\DriverFiles\Uninstap.exe
+ 2009-05-17 07:07 . 2003-10-30 18:06 204800 c:\windows\system32\ReinstallBackups\[u]0[/u]013\DriverFiles\EzLaunch.dll
+ 2009-05-17 07:07 . 2003-10-29 23:11 151552 c:\windows\system32\ReinstallBackups\[u]0[/u]013\DriverFiles\Ezcapt.exe
+ 2009-05-17 07:07 . 2000-09-08 18:34 167936 c:\windows\system32\ReinstallBackups\[u]0[/u]013\DriverFiles\Apvfb.exe
+ 2009-05-17 07:07 . 2003-11-08 00:21 114688 c:\windows\system32\ReinstallBackups\[u]0[/u]013\DriverFiles\Apoint.exe
+ 2009-05-17 07:07 . 2004-01-27 17:58 118784 c:\windows\system32\ReinstallBackups\[u]0[/u]013\DriverFiles\Apoint.dll
+ 2009-04-28 17:05 . 2009-05-17 06:27 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2009-04-28 17:05 . 2009-05-16 14:54 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2009-05-17 07:07 . 2003-10-31 23:30 1351680 c:\windows\system32\ReinstallBackups\[u]0[/u]013\DriverFiles\ApRes.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2003-11-08 114688]

c:\documents and settings\Jim\Start Menu\Programs\Startup\
is-PO742.lnk - c:\documents and settings\Jim\Desktop\Virus Removal Tool\is-PO742\startup.exe [2009-5-16 65536]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-6-21 487424]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2005-05-21 00:42 73728 ----a-w c:\windows\system32\VESWinlogon.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 is-PO742drv;is-PO742drv;c:\windows\system32\drivers\98049959.sys [5/16/2009 08:50 AM 148496]
R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [8/5/2005 05:09 AM 71961]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [8/5/2005 05:09 AM 214272]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S3 SEMWModem;Sony Ericsson SEMWModem;c:\windows\system32\drivers\GCXX.sys [10/7/2005 06:27 AM 114944]
S3 SEMWWNIC;Sony Ericsson SEMWWNIC;c:\windows\system32\drivers\GCXXNet.sys [10/7/2005 06:27 AM 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2008-10-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 22:57]

2005-11-09 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2005-08-05 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.com/
TCP: {B15379A7-2C04-4536-8AE3-B69FF7564694} = 4.2.2.2,4.2.2.1
TCP: {D3B6EB92-4EB8-4777-860B-AC14940CAD94} = 4.2.2.2,4.2.2.1
FF - ProfilePath - c:\documents and settings\Jim\Application Data\Mozilla\Firefox\Profiles\o7uo0zsv.default\
FF - prefs.js: browser.startup.homepage - hxxp://yahoo.com
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-17 08:38
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2808042790-732575869-2769339560-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:04,2e,f1,80,95,21,86,27,d3,fd,7f,29,50,3e,42,61,0c,a6,71,d8,48,50,10,
4f,60,fd,64,d3,d6,30,88,e3,d7,38,37,a0,64,2c,0a,f5,88,6d,c6,80,08,ee,f2,fe,\
"??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(980)
c:\windows\system32\VESWinlogon.dll

- - - - - - - > 'explorer.exe'(3528)
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-05-17 8:41
ComboFix-quarantined-files.txt 2009-05-17 15:41
ComboFix2.txt 2009-05-16 22:41

Pre-Run: 33,850,814,464 bytes free
Post-Run: 33,866,665,984 bytes free

193


Report •

#10
May 17, 2009 at 09:06:28
Run this scrip same way as Response Number 2.


begin
SetAVZGuardStatus(True);
SearchRootkit(true, true);
QuarantineFile('c:\windows\system32\drivers\98049959.sys','');
QuarantineFile('c:\windows\system32\SETB.tmp','');
DeleteFile('c:\windows\system32\SETB.tmp');
DeleteFile('c:\windows\system32\drivers\98049959.sys');
BC_ImportDeletedList;
ExecuteSysClean;
ExecuteRepair(2);
ExecuteRepair(3);
ExecuteRepair(4);
ExecuteRepair(14);
ExecuteRepair(15);
BC_Activate;
RebootWindows(true);
end.

Your computer will reboot once its back check and see if problem still persist.


Report •

#11
May 17, 2009 at 09:22:34
I'm not sure if you wanted me to load this file, but I followed step 2 again:

http://rapidshare.com/files/2340619...


Report •

#12
May 17, 2009 at 09:28:15
No run the script in Response Number 10 in AVZ same way you ran other script.

Report •

#13
May 17, 2009 at 09:32:45
Yes, I did that. My computer rebooted and I then uploaded the logfile. I didn't know if you wanted me to post the new log file is what I was saying.

Report •

#14
May 17, 2009 at 09:36:06
No that script doesn't generate log.

"I have a virus that redirects links from yahoo search, etc. "

^^ Do you still have that problem?


Report •

#15
May 17, 2009 at 10:50:40
It wil take some time to be 100% sure, but I tried some links and no redirects! It looks like it worked! Thank you so much for taking the time to help me!

Report •

#16
May 17, 2009 at 10:58:09
1) Run this script in AVZ:


begin
CreateQurantineArchive('c:\quarantine.zip');
end.

2) A file called quarantine.zip should be created in C:\. Then please zip up C:\qoobox\quarantine and upload both it and C:\quarantine.zip to a filehost such as http://rapidshare.com/ Then, Private Message me the Download link to the uploaded file.

3) Lastly, uninstall Combofix by: pause Antivirus/Sypware programs (http://www.bleepingcomputer.com/forums/topic114351.html Programs to disable) > Start > run > type combofix /u > ok. Or Start > run > type combofix.exe /u > ok.

4) Delete AVZ folder.


Report •

#17
May 17, 2009 at 23:16:52
I was on the computer tonight and got some redirects. Then a message popped up starting a scan and saying my computer has malware. I closed out of it as quickly as I could b/c I know it's the virus. I didn't run the last script you suggested b/c I didn't know if I was supposed to that if the computer was not yet clean. Should I still run it? Any other things I can try to get rid of it? Thanks again!

Report •

#18
May 18, 2009 at 05:17:01
Yes run that script in Response Number 16. Did you do part 2 of Response Number 4? If not do that after.

Also you might be redirect by website not virus on your pc. Please make sure you run ad-blocker and good antivirus..


Report •

#19
May 18, 2009 at 08:36:45
Yes, I ran Kaspersky and posted the result at the bottom of response 7. I uploaded the 2 files to rapidshare, but for some reason, the site won't let me PM you, but instead tells me to reply here. Is it okay to post the rapidshare links here? Should I still delete combofix and avz? I currently use malwarebytes as an antimalware and antivir pe classic (free version) as my antivirus. Are those good or should I be using something else to protect my computer?

Report •

#20
May 18, 2009 at 08:43:22
Private Message Or post the links here. Yes uninstall combofix and AVZ. Those two are good free options malwarebytes and pe classic.

Private message


Report •

#21
May 18, 2009 at 10:38:32
I sent you the files via PM. Unfortunately, I'm still getting redirects.

Report •

#22
May 18, 2009 at 10:52:20
Redirects what sites and if you can post screen shots.

--------------------------------------------
To Private Message me Click Here


Report •


Ask Question