WinFixer and Misc. Search Engines...

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by lesteravendano3n1, Oct 10, 2005.

  1. lesteravendano3n1

    lesteravendano3n1 Private E-2

    Recently, I've been getting these random search engine popups whenever I search on Google or Yahoo. For example, I'll search for a cell phone and when I click on one of the results, it brings me to a random search engine (RedZip.com, MorwillSearch.com) or it will give me an advertisement for a spyware cleaner (WinFixer, WinAntiSpyware). The url is correct, but the content of the page is one of the ones I just listed. I ran all 4 programs in safe mode and ran the two internet virus/trojan checkers and took the system off restore. However, after performing the above, I still receive the same random popups and random search engines. I did install HijackThis into a folder of its own and ran after everything was completed. The results of the 4 programs said that it did remove some severe spyware and cleaned out my registry, but I'm still experiencing the same problems. Any suggestions? Thanks!
     
    lesteravendano3n1, Oct 10, 2005
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Please follow the steps below:

    - Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

    Make sure you check version numbers and get all updates.

    - Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.


    After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis:

    Downloading, Installing, and Running HijackThis

    .
     
    chaslang, Oct 10, 2005
    #2
  3. lesteravendano3n1

    lesteravendano3n1 Private E-2

    Yes, I checked out the guide before I ran everything. I posted some of the results in my previous post. I was able to update everything and everything installed properly.
     
    lesteravendano3n1, Oct 10, 2005
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Then complete the rest of my previous message and attach your HJT log.

    Note there are also references in the READ ME to, Special Removal Procedures which has a link to a do it yourself guide for Virtumunde (aka Winfixer) problems.
     
    chaslang, Oct 10, 2005
    #4
  5. lesteravendano3n1

    lesteravendano3n1 Private E-2

    Here are the results from my HJT log file:

    Edit by chaslang; Inline log removed
    I've run HJT before and I don't remember seeing all of those protocols in the middle. Again, THANKS!
     
    Last edited by a moderator: Oct 10, 2005
    lesteravendano3n1, Oct 10, 2005
    #5
  6. lesteravendano3n1

    lesteravendano3n1 Private E-2

    Okay, I used the VundoFix file and here's the new HJT log.
     

    Attached Files:

    Last edited: Oct 10, 2005
    lesteravendano3n1, Oct 10, 2005
    #6
  7. lesteravendano3n1

    lesteravendano3n1 Private E-2

    Most Recent HJT Log...

    Alright...sorry for the multiple posts, but here's the most recent HJT log. I repeated the "safe mode strategy" and ran all 4 programs. This time around, the MS AntiSpyware program detected the Winfixer file and deleted it. I also ran the Vundofix program and after restarting my PC, it loads much quicker. I have also tried searching on Google to see if those random search engines and popups appear again and, so far, no trace of them. However, if you could still look at the log file to remove any questionable items that would be great. Thanks!
     

    Attached Files:

    lesteravendano3n1, Oct 10, 2005
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Re: Most Recent HJT Log...

    Have HJT fix all of the below lines and you should be all done.


    O1 - Hosts: .com
    O1 - Hosts: com
    O18 - Protocol: bw+0 - {EA0692C8-260A-47D6-8865-3C9BACAA21EE} - G:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {EA0692C8-260A-47D6-8865-3C9BACAA21EE} - G:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {EA0692C8-260A-47D6-8865-3C9BACAA21EE} - G:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {EA0692C8-260A-47D6-8865-3C9BACAA21EE} - G:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {EA0692C8-260A-47D6-8865-3C9BACAA21EE} - G:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {EA0692C8-260A-47D6-8865-3C9BACAA21EE} - G:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {EA0692C8-260A-47D6-8865-3C9BACAA21EE} - G:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {EA0692C8-260A-47D6-8865-3C9BACAA21EE} - G:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {EA0692C8-260A-47D6-8865-3C9BACAA21EE} - G:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {EA0692C8-260A-47D6-8865-3C9BACAA21EE} - G:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {EA0692C8-260A-47D6-8865-3C9BACAA21EE} - G:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {EA0692C8-260A-47D6-8865-3C9BACAA21EE} - G:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {EA0692C8-260A-47D6-8865-3C9BACAA21EE} - G:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {EA0692C8-260A-47D6-8865-3C9BACAA21EE} - G:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {EA0692C8-260A-47D6-8865-3C9BACAA21EE} - G:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {EA0692C8-260A-47D6-8865-3C9BACAA21EE} - G:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {EA0692C8-260A-47D6-8865-3C9BACAA21EE} - G:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {EA0692C8-260A-47D6-8865-3C9BACAA21EE} - G:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {EA0692C8-260A-47D6-8865-3C9BACAA21EE} - G:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {EA0692C8-260A-47D6-8865-3C9BACAA21EE} - G:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {EA0692C8-260A-47D6-8865-3C9BACAA21EE} - G:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {EA0692C8-260A-47D6-8865-3C9BACAA21EE} - G:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {EA0692C8-260A-47D6-8865-3C9BACAA21EE} - G:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {EA0692C8-260A-47D6-8865-3C9BACAA21EE} - G:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {EA0692C8-260A-47D6-8865-3C9BACAA21EE} - G:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {EA0692C8-260A-47D6-8865-3C9BACAA21EE} - G:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {EA0692C8-260A-47D6-8865-3C9BACAA21EE} - G:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {EA0692C8-260A-47D6-8865-3C9BACAA21EE} - G:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {EA0692C8-260A-47D6-8865-3C9BACAA21EE} - G:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {EA0692C8-260A-47D6-8865-3C9BACAA21EE} - G:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {EA0692C8-260A-47D6-8865-3C9BACAA21EE} - G:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {EA0692C8-260A-47D6-8865-3C9BACAA21EE} - G:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {EA0692C8-260A-47D6-8865-3C9BACAA21EE} - G:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {EA0692C8-260A-47D6-8865-3C9BACAA21EE} - G:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {EA0692C8-260A-47D6-8865-3C9BACAA21EE} - G:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {EA0692C8-260A-47D6-8865-3C9BACAA21EE} - G:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - G:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {EA0692C8-260A-47D6-8865-3C9BACAA21EE} - G:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {EA0692C8-260A-47D6-8865-3C9BACAA21EE} - G:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {EA0692C8-260A-47D6-8865-3C9BACAA21EE} - G:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {EA0692C8-260A-47D6-8865-3C9BACAA21EE} - G:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {EA0692C8-260A-47D6-8865-3C9BACAA21EE} - G:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {EA0692C8-260A-47D6-8865-3C9BACAA21EE} - G:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {EA0692C8-260A-47D6-8865-3C9BACAA21EE} - G:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {EA0692C8-260A-47D6-8865-3C9BACAA21EE} - G:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {EA0692C8-260A-47D6-8865-3C9BACAA21EE} - G:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {EA0692C8-260A-47D6-8865-3C9BACAA21EE} - G:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {EA0692C8-260A-47D6-8865-3C9BACAA21EE} - G:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {EA0692C8-260A-47D6-8865-3C9BACAA21EE} - G:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {EA0692C8-260A-47D6-8865-3C9BACAA21EE} - G:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {EA0692C8-260A-47D6-8865-3C9BACAA21EE} - G:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {EA0692C8-260A-47D6-8865-3C9BACAA21EE} - G:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {EA0692C8-260A-47D6-8865-3C9BACAA21EE} - G:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {EA0692C8-260A-47D6-8865-3C9BACAA21EE} - G:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {EA0692C8-260A-47D6-8865-3C9BACAA21EE} - G:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {EA0692C8-260A-47D6-8865-3C9BACAA21EE} - G:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {EA0692C8-260A-47D6-8865-3C9BACAA21EE} - G:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {EA0692C8-260A-47D6-8865-3C9BACAA21EE} - G:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {EA0692C8-260A-47D6-8865-3C9BACAA21EE} - G:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {EA0692C8-260A-47D6-8865-3C9BACAA21EE} - G:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {EA0692C8-260A-47D6-8865-3C9BACAA21EE} - G:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {EA0692C8-260A-47D6-8865-3C9BACAA21EE} - G:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {EA0692C8-260A-47D6-8865-3C9BACAA21EE} - G:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {EA0692C8-260A-47D6-8865-3C9BACAA21EE} - G:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {EA0692C8-260A-47D6-8865-3C9BACAA21EE} - G:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {EA0692C8-260A-47D6-8865-3C9BACAA21EE} - G:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {EA0692C8-260A-47D6-8865-3C9BACAA21EE} - G:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {EA0692C8-260A-47D6-8865-3C9BACAA21EE} - G:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {EA0692C8-260A-47D6-8865-3C9BACAA21EE} - G:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {EA0692C8-260A-47D6-8865-3C9BACAA21EE} - G:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {EA0692C8-260A-47D6-8865-3C9BACAA21EE} - G:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {EA0692C8-260A-47D6-8865-3C9BACAA21EE} - G:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {EA0692C8-260A-47D6-8865-3C9BACAA21EE} - G:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {EA0692C8-260A-47D6-8865-3C9BACAA21EE} - G:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {EA0692C8-260A-47D6-8865-3C9BACAA21EE} - G:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {EA0692C8-260A-47D6-8865-3C9BACAA21EE} - G:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {EA0692C8-260A-47D6-8865-3C9BACAA21EE} - G:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {EA0692C8-260A-47D6-8865-3C9BACAA21EE} - G:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    Afterwards it is recommended that you follow the guidelines in:

    How to Protect yourself from malware!
     
    chaslang, Oct 10, 2005
    #8
  9. lesteravendano3n1

    lesteravendano3n1 Private E-2

    Thanks!

    Thanks for all the help! :)
     
    lesteravendano3n1, Oct 10, 2005
    #9
  10. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Re: Thanks!

    You're welcome! Surf safely.
     
    chaslang, Oct 10, 2005
    #10

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds