TheClickCheck Malware

Discussion in 'Malware Help (A Specialist Will Reply)' started by Korvost, Nov 7, 2009.

  1. Korvost

    Korvost Private E-2

    Some piece of malware redirects my google search results to a site called TheClickCheck, but also through some redirects before that one.
    I have done the full guide, except for the steps which cannot be done on a 64-bit system.
    Attaching logs, please help.

    Edit: I should mention I'm running Windows 7 Ultimate 64-bit.
     

    Attached Files:

    Korvost, Nov 7, 2009
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    You need to attach logs from SUPERAntiSpyware and Malwarebytes.

    There are no problems shown in MGlogs.zip. When did your problem begin and what did you download/install or where did you surf before the problem began? What browser do the redirects occur with?
     
    Last edited: Nov 9, 2009
    chaslang, Nov 9, 2009
    #2
  3. Korvost

    Korvost Private E-2

    The problem occurs in Firefox, I haven't downloaded anything infected as i have scanned everything i used. No page would have been able to do anything as I use Adblock and NoScript for protection.

    I'm in school right now so I can't really attach the logs, but all MBAM found was my remote admin software which I was going to use to control my home computer from school. SAS found nothing, I think. Gonna scan again later just to be sure.
     
    Korvost, Nov 10, 2009
    #3
  4. Korvost

    Korvost Private E-2

    At home now, here is the log.
     

    Attached Files:

    Korvost, Nov 10, 2009
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    If this were a truly correct assessment, you would not be having problems.;)

    Does the same problem occur if you use Internet Explore and have FireFox shutdown?


    I need to see the below logs from Malwarebytes:
    Code:
                                                                                 
1,152 2009-11-06 14:42:37  C:\Users\Hampus\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2009-11-06 (15-42-37).txt
 825 2009-11-06 14:55:13  C:\Users\Hampus\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2009-11-06 (15-55-13).txt
     
    chaslang, Nov 10, 2009
    #5
  6. Korvost

    Korvost Private E-2

    Well, something must have been infected but didn't show up in scan.
    Anyways, here are the requested logs!
     

    Attached Files:

    Korvost, Nov 10, 2009
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    There are no problems showing in your logs. Perhaps you should stop downloading keygens and cracks which could be the root of your problems. I cannot say for sure but these are the most frequent cause of people coming here with problems. Your logs show the below with at least one keygen. Not sure how much illegal software you have there but it is at a minimum very questionable.
    Code:
    ----a-w            94,208 2009-01-10 00:35:28  C:\Users\Hampus\Desktop\keygen.exe
----a-w                31 2009-11-05 08:01:24  C:\Users\Hampus\Desktop\kom ihåg.txt
d-----w                 0 2009-10-31 12:04:50  C:\Users\Hampus\Desktop\photopearls
----a-w        29,043,671 2009-10-31 12:08:44  C:\Users\Hampus\Desktop\photopearls.rar
----a-w         4,137,084 2003-08-08 07:13:12  C:\Users\Hampus\Desktop\pinsetup.exe
----a-w         1,400,788 2009-11-05 08:17:18  C:\Users\Hampus\Desktop\pivy.rar
d-----w                 0 2009-11-05 08:14:44  C:\Users\Hampus\Desktop\Plugins
----a-w               295 2009-11-05 14:57:17  C:\Users\Hampus\Desktop\Poison Ivy.ini
    You did not answer my question about whether the problem occurs with IE. So all I can suggest it that you uninstall FireFox, reboot, delete all folders related to FireFox. And then reinstall.
     
    chaslang, Nov 12, 2009
    #7
  8. Korvost

    Korvost Private E-2

    I've lost all hope, just going to reinstall Windows instead.

    Edit: Aaand about the keygens, the only one there is keygen.exe, the others was personal and remote admin stuff.
    Edit 2: And the keygen is clean, I'm 100% sure.
     
    Korvost, Nov 13, 2009
    #8
  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Good luck with your reinstall. It is probably the best and fastest alternative since there were no problems showing on your system.

    I will comment on one thing, keygens, are by definition, infections and they are illegal. Continuing to use them will only be causing you more problems and will also lead to not getting any help in forums like this as they all have policies like ours (see below) and some are even more strict.

    Warning about Porn, Keygens, Cracks, and other Illegal Software
     
    chaslang, Nov 15, 2009
    #9

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds