google redirect logs

Discussion in 'Malware Help (A Specialist Will Reply)' started by alienkitty, Jun 10, 2009.

  1. alienkitty

    alienkitty Private E-2

    I was getting redirected to random sites whenever I clicked a link in a search engine. After going through the procedure on the website everything seems fine but I thought I'd post my logs anyway just to be sure. Thank you, you're awesome.

    Some notes I took while going through the steps:
    superantispyware got a 'has encountered an error and
    needs to close' window when tried to install, renamed
    and it worked, after install tried to open and got same
    error window, renamed in program files and worked.
    Scanned and upon restart saw a blue screen flash for a
    moment before it restarted again and brought me to the
    menu to choose normal start up or safe mode. I chose
    normal.
    When running combofix said something about detected rootkit activity and asked me to write down 3 file names and restarted the computer. It resumed scanning and i noticed it deleted those 3 files plus 2 others.
     

    Attached Files:

    alienkitty, Jun 10, 2009
    #1
  2. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Hi there and welcome. I am currently reviewing your logs, and will get back to you with a set of instructions as soon as possible. Thanks for your patience during this time.

    Kes13!
     
    Kestrel13!, Jun 12, 2009
    #2
  3. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    The scans did their job, just a couple things left to do now:

    Could you tell me if the below file for BlackIce actually exist?

    C:\blackice\rapapp.exe

    Your desktop could do with a clean up:

    What are the below files? Did you create them?

    "D:\Documents and Settings\hedgie\Desktop\"

    huhfhf.txt Sep 1 2008 144 "huhfhf.txt"
    jghjgh.txt Jun 2 2009 54 "jghjgh.txt"

    1. Please go to Add/Remove Programs and uninstall the below older versions of Java:

    • Java(TM) 6 Update 13
    • Java(TM) 6 Update 4
    • Java(TM) 6 Update 6
    • Java(TM) 6 Update 7

    2. Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    After clicking Fix exit HJT.


    3. Now we need to use ComboFix to remove a malware file, take out some old services from once running Nod32 and also tidy your registry up a little.

    • Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
    • If it is not on your Desktop, the below will not work.
    • Open Notepad and copy/paste the text in the below code box into it
    (make sure you scroll all the way down in the code box to get all lines selected ):
    Code:
    KILLALL::

Driver::
epfwtdir
ekrn
EhttpSrv

DirLook::
D:\Documents and Settings\hedgie\Desktop\gryff_svn

File::
d:\windows\IFinst27.exe
d:\windows\system32\drivers\epfwtdir.sys
d:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe

Folder::
d:\program files\ESET

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] 
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
    • Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    • You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    • Now use your mouse to drag CFscript.txt on top of ComboFix.exe

      http://farm4.static.flickr.com/3014/3035535531_512f04c6a2_o.gif

    • Follow the prompts.
    • When it finishes, a log will be produced named c:\combofix.txt
    • I will ask for this log below

    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.

    4. Now reboot your machine and install the most current and up to date version of Java available here at the below link:

    Java Runtime 6

    5. Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this and also attach the log from Combofix.

    6. Let us know of any problems you may have encountered with the above instructions and also let me know how things are running now.
     
    Kestrel13!, Jun 15, 2009
    #3

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds