Trojan and redirect help

Hi,

About a week ago I started to have browser redirection problems (both IE and Firefox), and did a few things before I found your site.

I downloaded and ran ESET Online Scanner (see ESET online run1 log attached). This showed a Win32/Kryptik.QRB Trojan and Win32/TrojanDownloader.Tracur.F Trojan which it appeared to delete. I then decided to restore from a restore point about a month ago (not sure if this was a good idea?).

I then found your site, and completed all the steps to the walkthrough (see attached logs):

SuperANTIspyware – did not find anything

Malwarebytes – did not find anything

Combofix – hung up on Stage 4 and would not go further. I let it run for over an hour. Closed the window and tried again. Still hung on Stage 4 for over an hour. I could not find a log from the sessions.

Rootrepeal – I am running Windows 7 x64 so did not run

MGTools – ran fine, log attached.

After running the tools, I ran ESET Online Scanner again (see ESET online run2 log attached in post #2) for the heck of it and it found JS/Agent.NDJ Trojan and Eicar test file, both apparently removed. Not sure why the other tools didn’t detect this?

I am worried that there is more hiding somewhere!

Thanks for your help. I appreciate your time!

 

Here is the ESET #2 run attached. Thanks!

 

Hi TimW,

Thanks for the quick response.

I had not connected to the internet with the infected computer since the initial ESET scan. I just browsed with IE and firefox for around 5 min and had no google redirect problems (I had a redirect every other link before).

I do get a "The system can not find the specified file" error message on startup, which I did not get before the anti-spyware scans and reverting to the restore point. Could this be linked to Malware? Is there any way to diagnose this and fix?

Also,

1) Is there anyway to see if the Trojan's found by ESET:

Win32/Kryptik.QRB Trojan
Win32/TrojanDownloader.Tracur.F Trojan
JS/Agent.NDJ Trojan

compromised any files or information?

2) I was thinking about restoring the computer to factory condition since I have my data backed up and haven't installed many programs. Would this give me another level of protection or not really help?

Thanks!

 

Hi, the message at start up (after logining in and getting to the desktop) was a box with error at the top and a "X" within a red circle on the left hand side of the box with the words "The system can not find the specified file" to the right of the red circle with "X". It seems like it was associated with OpenOffice, and after I uninstalled OpenOffice, the message no longer appears.

I have not experienced any odd behavior since running ESET and the MajorGeeks scans (no browser redirects, no lag in tasks). I still can not get Combofix to run (gets stuck in Stage 4).

Do you reccomend anything else? Is there a way to figure out what the malware did when it was active? Thanks for the help, and maintaining all the great info on this site.