IE redirect and QB issues-attachments provided

Discussion in 'Malware Help (A Specialist Will Reply)' started by rebeccaW, Mar 30, 2009.

  1. rebeccaW

    rebeccaW Private E-2

    Computer: Running XP on an office computer networked with 3 additional machines. We are all running McAfee. I have the virus software turned on on my machine and set for auto updating.

    ***not sure if relevant*** I connect to a host QB computer at work. 3 users (including myself) run live. 1 user is running on a daily backup copy and is not live. Last week the "non-live" user accidentally logged into the live file. It was noticed the next morning and he was logged back out and into his correct copy. At that time it was noticed that he had his virus software turned off.

    Symptoms:

    Early last week: a pop up notifying me that my virus software updated and needed to restart my computer keep coming up. I restarted at least twice.

    Last Thursday: I noticed problems starting with my QB. I was able to access the host and log in with my user/password, however I was unable to perform any action once in QB or I would be aborted and QB would close immediately. As a temp fix to this problem (as our "computer guy" thought our QB file might be too big and was causing that error) I have a temporary non-live version I am able to access.

    Last Friday: I noticed that in IE when using Google I was being redirected to advertisement type pages when I clicked on links.

    Today (Monday): It is still redirecting when I use a search engine (google, yahoo, etc) but now McAfee will pop up and notify me that I have a trojan and will shut down IE. I am able to access websites regularly if I type in the url. The trojan McAfee is identifying has been "Generic!Artemis" (and once "Lando"...this was after I followed the read and run thread). It says it is found at C:windows\system32\setup_u.exe.

    Attempted:
    I have attempted all of the following prior to finding this website.
    update McAfee
    run McAfee scan
    download and run Malewarebytes
    download Malewarebytes on a different computer, change file name, and run
    delete found trojan from McAfee
    reboot in safe mode, run both McAfee and Malewarebytes
    turn off system restore, run scans, turn on system restore

    I have also completed everything in the read and run thread. Attachements provided. Please note: it would not allow me to download the combofix.exe file (everytime I tried IE would autoshut down) it would also not complete the MGTools. I was able to get the log for the hijack this and the getunkey, but was unable to get logs for getrunkey and shownew.

    Any assistance would be very much appreciated!
     

    Attached Files:

    rebeccaW, Mar 30, 2009
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You need to give me the exact path that McAfee is reporting. You should also try using a different browser to download Combo.

    Did you disable McAfee when you ran the MGTools.exe? I need to know exactly what happened when you ran it as we will need to have the full logs.
     
    TimW, Apr 2, 2009
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds