Google Redirect

Discussion in 'Malware Help (A Specialist Will Reply)' started by jham.utd, Jan 28, 2013.

  1. jham.utd

    jham.utd Private E-2

    Google redirect and general slowness. Logs provided. tdsskiller clean.

    EDIT: overlooked MGtools step. In progess right now.
     

    Attached Files:

    jham.utd, Jan 28, 2013
    #1
  2. jham.utd

    jham.utd Private E-2

    MGlog
     

    Attached Files:

    jham.utd, Jan 28, 2013
    #2
  3. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Did you fix the items Malware Bytes found in the end or not?

    http://img805.imageshack.us/img805/9659/rktigzy.gif Fix items using RogueKiller.

    Double-click RogueKiller.exe to run. (Vista/7 right-click and select Run as Administrator)
    When it opens, press the Scan button
    Now click the Registry tab and locate these 5 detections:

    • [RUN][SUSP PATH] HKCU\[...]\Run : PowerMenu (RUNDLL32.EXE C:\Users\Jamie\AppData\Local\PowerMenu\coojifgi.dll,??0CIcdSpiAuto2@@QAE@J@Z) -> FOUND
    • [RUN][SUSP PATH] HKCU\[...]\Run : Ykrin (C:\Users\Jamie\AppData\Roaming\Vedu\azomh.exe) -> FOUND
    • [RUN][SUSP PATH] HKLM\[...]\Wow6432Node\RunOnce : InnoSetupRegFile.0000000001 ("C:\Windows\is-JJPR8.exe" /REG /REGSVRMODE) -> FOUND
    • [RUN][SUSP PATH] HKCU\[...]\Policies\Explorer\\Run : Listen (C:\Users\Jamie\AppData\Roaming\A24544\A24544.exe) -> FOUND
    • [RUN][SUSP PATH] HKUS\S-1-5-21-2329831545-4254132686-2021290773-1000[...]\Policies\Explorer\\Run : Listen (C:\Users\Jamie\AppData\Roaming\A24544\A24544.exe)

    Place a checkmark each of these items, leave the others unchecked.
    Now press the Delete button.

    ...and the same for items on files/folders tab please...

    • [ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-2329831545-4254132686-2021290773-1000\$74f4a01bbd7bec64a1c9bcef9b72b3e2\@ --> FOUND
    • [ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-18\$74f4a01bbd7bec64a1c9bcef9b72b3e2\U --> FOUND
    • [ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-2329831545-4254132686-2021290773-1000\$74f4a01bbd7bec64a1c9bcef9b72b3e2\U --> FOUND
    • [ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-18\$74f4a01bbd7bec64a1c9bcef9b72b3e2\L --> FOUND
    • [ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-2329831545-4254132686-2021290773-1000\$74f4a01bbd7bec64a1c9bcef9b72b3e2\L --> FOUND

    When it is finished, there will be a log on your desktop called: RKreport[2].txt
    Attach RKreport[2].txt to your next message. (How to attach)
    Reboot the machine.


    Download and run OTM.

    Download OTM by Old Timer and save it to your Desktop.


    Code:
    :Files
C:\ProgramData\ecacefee27.nls
C:\Users\Jamie\AppData\Local\PowerMenu
C:\Users\Jamie\AppData\Roaming\Vedu
C:\Users\Jamie\AppData\Roaming\A24544

:Commands
[emptytemp]
[Reboot]
    • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
    • Push the large http://farm3.static.flickr.com/2782/4174320048_f01c448b32_o.png button.
    • OTM may ask to reboot the machine. Please do so if asked.
    • Copy everything in the Results window (under the green bar), and paste it in your next reply.


    • Re run Hitman (just a scan) and attach the log for me.
    • Re run RogueKiller (just a scan) and attach that log too please.
    • Describe how things are running.
     
    Kestrel13!, Jan 29, 2013
    #3

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds