Search engine Trojan

Discussion in 'Malware Help (A Specialist Will Reply)' started by georgetyrrell, Nov 29, 2007.

  1. georgetyrrell

    georgetyrrell Private E-2

    Hello, I'm new to MG and as I've been having a problem lately I thought I'd post looking for a solution. when I use an internet browser like google or yahoo and enter a searchword, all search results link to the same page of 'premium listings' with an added item up the top of the screen informing that some girl etc wants to chat blah blah. I possess Eset Nod32 but I don't think it was running when I caight this. I initially tried spyware doctor and it outlined CWS.trojan and Backdoor.Agent.ALM as problems. I have completed in full the Read and Run page to a tee and it is still present. AVG and Spyware s&d both found nothing, while ComboFix deleted several folders. I attach relevant logs as produced by MGtools and I hope that somebody can point me in the direction of the answer,
    Many thanks in advance
    George Tyrrell
     

    Attached Files:

    georgetyrrell, Nov 29, 2007
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You need to attach the MGLogs.zip .....
     
    TimW, Nov 29, 2007
    #2
  3. georgetyrrell

    georgetyrrell Private E-2

    Yeah sorry about that here they are
     

    Attached Files:

    georgetyrrell, Nov 30, 2007
    #3
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Your GetRunKeys log is empty so do the following:
    Download the attached GetRunKeys.zip file into your I:\MGtools folder. Extract the GetRunKey.bat file from the ZIP file into the I:\MGtools folder thus overwriting the current version that is there.

    Now run the I:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new I:\MGlogs.zip file that will be created by running this.
    Please use add/remove programs to uninstall:
    J2SE Runtime Environment 5.0 Update 3
    Java 2 Runtime Environment, SE v1.4.2_05

    Reboot and install:
    Java Runtime 6

    Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    O2 - BHO: AcroIEHelper - {F3CFA533-7680-4943-A863-B8216390E847} - C:\WINDOWS\system32\AcroIEHelper.dll

    NOTE: HJT may popup an error about the AppInit_DLLs line. Ignore it and click OK to continue.

    After clicking Fix, exit HJT.

    Are you still having problems?

    Run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this.
     
    TimW, Nov 30, 2007
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds