rl.webtracer.cc/-/?bayrzm

Discussion in 'Malware Help (A Specialist Will Reply)' started by middle earth, May 6, 2005.

  1. middle earth

    middle earth Private E-2

    The above mentioned site has taken over my home page in IE. It's adding lots of other sites to my favorites folder. Also the attachments in yahoo mail are being hijacked to open non-desired sites.

    I have used the link to run all the basic Trojan/virus runs. here's the summary of issues:

    Trend Micro - found Troj_Blobus.A virus at c:\windows\system32\out.exe - NOT CLEARABLE

    Adaware - Few tracking cookies - they seems to appear again whne Adaware is run next time

    Spybot - detects rl.webtracer.cc once - cleans it but appears again.

    Rest of the checks went without any issue. I have even updated to sun java.

    Hijack it is detecting above virus, say it deleted it but appears and detected again next time.
     
    middle earth, May 6, 2005
    #1
  2. jarcher

    jarcher I can't handle a title

    Have you already gone through this sticky? If not please do so. . .
    READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal:
    if you have double check everything and make sure you did do everything
    and all software is up to date

    and run through this before attaching a log
    NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting:
    *Note that your HijackThis should be up-to-date (v1.99.1) and MUST be extracted to its own safe folder - C:\Program Files\HijackThis! Please do this!!!*
     
    jarcher, May 6, 2005
    #2
  3. middle earth

    middle earth Private E-2

    Yes I have gone through the exercise as posted and identified a issue which Trend Micro picked up but couldn't clear.
     
    middle earth, May 6, 2005
    #3
  4. jarcher

    jarcher I can't handle a title

    if you have gone completely through the sticky:
    READ ME FIRST BEFORE ASKING FOR SUPPORT

    then attach a log
    as I stated in my first post

     
    jarcher, May 6, 2005
    #4
  5. middle earth

    middle earth Private E-2

    Hijack This log file attaches as prescribed.
     

    Attached Files:

    middle earth, May 9, 2005
    #5
  6. jarcher

    jarcher I can't handle a title

    make sure you have your system restore disabled

    end this process in your task manager
    BackWeb-1940576.exe

    close everything except hjt scan and check these:
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://rl.webtracer.cc/-/?bayzm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://rl.webtracer.cc/-/?bayzm
    O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
    O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2.dll


    click fix

    reboot
     
    jarcher, May 9, 2005
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds