Unknown virus- search redirecting

View previous topic View next topic Go down

Re: Unknown virus- search redirecting

Post by AmmyK on 7th September 2009, 7:07 am

I disabled McAfee security centre, and it said Kaspersky and SUPERantipyware were running and to shut them, but I had uninstalled them yesterday.. although they still have folders in my program file folder and when trying to delete them they wouldn't delete, and when trying to start the programs through their folders it wouldn't open, so I couldn't figure out how to disable them both.. I just renamed their folders and did the scan even though it said they were still running..

I looked at the log and c:\windows\system32\filerenamerred.sys according to google is a trojan.. should I delete it?


ComboFix 09-09-06.03 - Ammy 07/09/2009 16:21.5.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.65.1033.18.2037.1242 [GMT 10:00]
Running from: c:\users\Ammy\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning enabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: Kaspersky Internet Security *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
SP: Kaspersky Internet Security *enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: McAfee VirusScan *disabled* (Updated) {C78B3C70-4777-4742-BB91-9D615CC575E6}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2880441570-389058512-4063806805-500
c:\$recycle.bin\S-1-5-21-3777358621-2682700068-859322637-1002
c:\$recycle.bin\S-1-5-21-3777358621-2682700068-859322637-1003
c:\$recycle.bin\S-1-5-21-3777358621-2682700068-859322637-500
c:\users\Ammy\Uninstall.exe
c:\windows\Installer\30962.msi
c:\windows\Installer\5c4a5.msi
c:\windows\Installer\a0625d.msi

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}


((((((((((((((((((((((((( Files Created from 2009-08-07 to 2009-09-07 )))))))))))))))))))))))))))))))
.

2009-09-07 06:29 . 2009-09-07 06:30 -------- d-----w- c:\users\Ammy\AppData\Local\temp
2009-09-07 06:29 . 2009-09-07 06:29 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-09-07 06:29 . 2009-09-07 06:29 -------- d-----w- c:\users\Guest\AppData\Local\temp
2009-09-07 06:29 . 2009-09-07 06:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-09-05 06:42 . 2009-09-05 06:42 -------- d-----w- c:\program files\SmartFTP Client 3.0 Setup Files
2009-09-03 02:31 . 2009-09-05 06:43 -------- d-----w- c:\program files\SmartFTP Client
2009-09-03 01:08 . 2009-09-03 01:08 -------- d-----w- c:\users\Ammy\.realobjects
2009-09-02 23:37 . 2009-09-02 23:37 -------- d-----w- c:\program files\Trend Micro
2009-09-02 09:30 . 2009-09-04 07:03 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-09-02 08:25 . 2009-09-04 07:13 -------- d-----w- c:\program files\Panda Security
2009-09-02 07:41 . 2009-09-02 07:41 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-09-02 07:41 . 2009-09-02 07:41 -------- d-----w- c:\users\Ammy\AppData\Roaming\SUPERAntiSpyware.com
2009-09-02 07:38 . 2009-09-02 07:38 -------- d-----w- c:\users\Ammy\AppData\Roaming\Malwarebytes
2009-09-02 07:38 . 2009-08-03 03:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-02 07:38 . 2009-09-04 00:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-02 07:38 . 2009-09-02 07:38 -------- d-----w- c:\programdata\Malwarebytes
2009-09-02 07:38 . 2009-08-03 03:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-02 05:57 . 2009-09-02 05:57 -------- d-----w- c:\programdata\SiteAdvisor
2009-09-02 05:57 . 2009-09-05 06:56 -------- d-----w- c:\program files\SiteAdvisor
2009-09-02 05:53 . 2009-07-08 03:44 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-09-02 05:53 . 2009-07-08 03:44 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-09-02 05:53 . 2009-07-08 03:44 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-09-02 05:53 . 2009-07-16 02:32 130424 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-09-02 05:53 . 2009-09-02 05:53 -------- d-----w- c:\program files\Common Files\McAfee
2009-09-02 05:53 . 2009-09-02 05:53 -------- d-----w- c:\program files\McAfee.com
2009-09-02 05:53 . 2009-09-07 02:06 -------- d-----w- c:\program files\McAfee
2009-09-02 05:52 . 2009-07-08 03:43 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-09-02 05:17 . 2009-09-02 08:54 -------- d-----w- c:\programdata\McAfee
2009-09-02 02:15 . 2009-09-02 02:15 604140 --sha-w- c:\windows\system32\drivers\ISwift3.dat
2009-09-02 01:57 . 2009-09-02 01:57 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2009-08-31 08:55 . 1999-03-22 02:29 233472 ----a-w- c:\windows\system32\Ilda32.dll
2009-08-31 08:55 . 1998-06-16 18:00 18944 ----a-w- c:\windows\system32\BORLNDMM.DLL
2009-08-31 08:55 . 2009-09-02 07:28 -------- d-----w- c:\users\Ammy\CoffeeCup Software
2009-08-26 22:30 . 2009-08-26 22:30 -------- d-----w- c:\users\Ammy\AIM Lite
2009-08-12 07:18 . 2009-09-03 00:30 -------- d-----w- C:\Removable Disk
2009-08-11 01:44 . 2009-08-11 01:44 -------- d-----w- c:\users\Officeworks\AppData\Roaming\InstallShield
2009-08-10 06:11 . 2009-08-10 06:12 -------- d-----w- c:\program files\InstantEyedropper

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-07 05:52 . 2008-01-09 10:39 -------- d-----w- c:\program files\Kaspedrsky Lab
2009-09-07 05:11 . 2008-01-09 10:39 -------- d-----w- c:\programdata\Kaspersky Lab
2009-09-05 01:11 . 2007-07-06 06:01 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-03 23:19 . 2009-03-14 23:39 -------- d-----w- c:\users\Officeworks\AppData\Roaming\Free Download Manager
2009-09-03 23:18 . 2007-08-28 12:46 8224 ----a-w- c:\users\Officeworks\AppData\Local\GDIPFONTCACHEV1.DAT
2009-09-03 01:11 . 2006-12-06 06:53 163856 ----a-w- c:\users\Ammy\AppData\Local\GDIPFONTCACHEV1.DAT
2009-09-02 07:37 . 2009-03-14 01:29 -------- d-----w- c:\users\Ammy\AppData\Roaming\Free Download Manager
2009-09-01 22:32 . 2008-01-09 10:39 66578208 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-08-25 23:13 . 2008-01-09 10:39 855524 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-08-17 09:06 . 2007-07-06 07:18 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-06 22:35 . 2009-08-06 22:35 -------- d-----w- c:\program files\MSECache
2009-07-31 06:16 . 2009-07-31 06:16 224 ----a-w- c:\windows\system32\filerenamerred.sys
2009-07-31 06:13 . 2009-07-31 06:11 2 ----a-w- c:\windows\system32\krx260.dat
2009-07-19 07:47 . 2009-06-10 01:02 -------- d-----w- c:\users\Ammy\AppData\Roaming\Apple Computer
2009-07-08 03:44 . 2009-07-08 03:44 214024 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-07-06 10:51 . 2008-10-23 03:18 680 ----a-w- c:\users\Ammy\AppData\Local\d3d9caps.dat
.

AmmyK
Novice
Novice

Posts Posts : 21
Joined Joined : 2009-09-02
Gender Gender : Female
OS OS : windows vista
Points Points : 26583
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unknown virus- search redirecting

Post by AmmyK on 7th September 2009, 7:07 am

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\{4BBAAAE9-0004-4000-9AA5-1BBD98C86E9B}]
@="{4BBAAAE9-0004-4000-9AA5-1BBD98C86E9B}"
[HKEY_CLASSES_ROOT\CLSID\{4BBAAAE9-0004-4000-9AA5-1BBD98C86E9B}]
2009-03-06 03:17 143160 ----a-w- c:\windows\System32\pfmshx_27B.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech Harmony Remote V5.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Harmony Remote V5.lnk
backup=c:\windows\pss\Logitech Harmony Remote V5.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Ammy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\users\Ammy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiSpywareOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"c:\\Program Files\\Logitech\\Harmony Remote\\HarmonyClient"= c:\program files\Logitech\Harmony Remote\HarmonyClient:*:Enabled:Logitech Harmony Remote Software
"c:\\Program Files\\Logitech\\Harmony Remote\\PatchHelper.exe"= c:\program files\Logitech\Harmony Remote\PatchHelper.exe:*:Enabled:Remote Control Software Patch Helper

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{B0D13AF7-D7B8-401E-98C2-E0C7C39D8387}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{7CC58E7F-73D3-4739-A60A-3A1E2AFA4E18}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{B623973A-0921-43A2-8083-ABB4E368E71B}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{BEE065E0-ABB0-45BC-B40A-CBA74C5EFFAB}"= Disabled:UDP:c:\program files\SPSSInc\SPSS16EV\SPSSWinWrapIDE.exe:SPSS Basic Script Editor (1033)
"{39D658C6-7556-4F8E-B78B-8145E537E6A6}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{69F6352A-20C3-4FF6-B77C-279563C17807}"= UDP:c:\program files\SmartFTP Client\SmartFTP.exe:SmartFTP Client
"{45BD984B-3968-46C1-9B7A-85EA9056D6EB}"= TCP:c:\program files\SmartFTP Client\SmartFTP.exe:SmartFTP Client

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\Logitech\\Harmony Remote\\HarmonyClient"= c:\program files\Logitech\Harmony Remote\HarmonyClient:*:Enabled:Logitech Harmony Remote Software
"c:\\Program Files\\Logitech\\Harmony Remote\\PatchHelper.exe"= c:\program files\Logitech\Harmony Remote\PatchHelper.exe:*:Enabled:Remote Control Software Patch Helper

R1 pfmfs_27B;pfmfs_27B;c:\windows\System32\drivers\pfmfs_27B.sys [26/4/2009 7:56 PM 179896]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [3/9/2009 4:51 PM 210216]
R3 HssDrv;Hotspot Shield Helper Miniport;c:\windows\System32\drivers\hssdrv.sys [1/2/2009 6:57 PM 31704]
S2 0032191252289196mcinstcleanup;McAfee Application Installer Cleanup (0032191252289196);c:\windows\TEMP\0032191252289196mcinst.exe c:\progra~1\COMMON~1\McAfee\Installer\cleanup.ini -cleanup -nolog -service --> c:\windows\TEMP\0032191252289196mcinst.exe c:\progra~1\COMMON~1\McAfee\Installer\cleanup.ini -cleanup -nolog -service [?]
S4 HssSrv;Hotspot Shield Helper Service;c:\program files\Hotspot Shield\HssWPR\hsssrv.exe [6/2/2009 7:56 AM 117208]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-09-02 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-09-02 11:26]

2009-09-02 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-09-02 11:26]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = local;192.168.1.1
IE: Download all with Free Download Manager - [You must be registered and logged in to see this link.] files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager
IE: Download video with Free Download Manager
IE: Download with Free Download Manager - [You must be registered and logged in to see this link.] files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Ammy\AppData\Roaming\Mozilla\Firefox\Profiles\5piqf0py.default\
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\users\Ammy\AppData\Roaming\Mozilla\Firefox\Profiles\5piqf0py.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
FF - component: c:\users\Ammy\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\users\Ammy\plugins\np-mswmp.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-09-07 16:30
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(1968)
c:\program files\McAfee\SiteAdvisor\saHook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\windows\System32\rundll32.exe
c:\progra~1\McAfee\VirusScan\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\McAfee\MSK\msksrver.exe
c:\windows\System32\drivers\XAudio.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\McAfee.com\Agent\mcagent.exe
c:\program files\Windows Live\Messenger\usnsvc.exe
c:\program files\McAfee\VirusScan\mcsysmon.exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
c:\program files\Common Files\McAfee\MNA\McNASvc.exe
.
**************************************************************************
.
Completion time: 2009-09-07 16:32 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-07 06:32

Pre-Run: 11,003,375,616 bytes free
Post-Run: 11,123,302,400 bytes free

260 --- E O F --- 2008-02-26 09:09

AmmyK
Novice
Novice

Posts Posts : 21
Joined Joined : 2009-09-02
Gender Gender : Female
OS OS : windows vista
Points Points : 26583
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unknown virus- search redirecting

Post by AmmyK on 7th September 2009, 7:10 am

It says in the log "Running from: c:\users\Ammy\Desktop\ComboFix.exe" but I was sure I renamed combofix to what I was supposed to.. please let me know if I should try it again. Thanks for the help.

AmmyK
Novice
Novice

Posts Posts : 21
Joined Joined : 2009-09-02
Gender Gender : Female
OS OS : windows vista
Points Points : 26583
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unknown virus- search redirecting

Post by Belahzur on 7th September 2009, 9:01 pm

Submit a file for analysis.

  1. Please visit this website: [You must be registered and logged in to see this link.]
  2. Press the "Browse" button and locate the following file in bold:
    C:\WINDOWS\system32\pfmshx_27B.dll
  3. Press the "Submit File button to submit the file for analysis.
  4. Allow it to be scanned, it could take a few minutes depending on server load.
  5. Copy and paste the result back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Unknown virus- search redirecting

Post by AmmyK on 7th September 2009, 10:50 pm

Thanks Belahzur.

All of the scanners found nothing.
Additional info
File size: 143160 bytes
Filetype: PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
MD5: 9e715ae9868acc8f6bbd2afc28e6e342
SHA1: 527137c27d2194d85072efe6af8f2c43699abdb2

AmmyK
Novice
Novice

Posts Posts : 21
Joined Joined : 2009-09-02
Gender Gender : Female
OS OS : windows vista
Points Points : 26583
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unknown virus- search redirecting

Post by Belahzur on 7th September 2009, 11:22 pm

Hello.

  • Click Start >> Control Panel.
  • Under the Programs click Uninstall a Program
  • Highlight the following:

    Java(TM) 6 Update 3
    Java(TM) SE Runtime Environment 6

  • Click on the Uninstall/Change button at the top.

You are running two antivirus', I see from the uninstall list you have Mcafee installed, along with Kaspersky. This is a bad idea as they can conflict and cause more problems. I recommend that one of them is removed.

Which one do you use the most?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Unknown virus- search redirecting

Post by AmmyK on 7th September 2009, 11:38 pm

Thanks Belahzur,

I've uninstalled both of the Javas.

I'm planning on using Mcafee, I uninstalled Kaspersky and SUPERAntiSpyware a few days ago but their folders are still in my program folders and won't delete, saying I need permission to perform that action.. I guess there are some processes of them still running but I can't identify them in my processes list so I don't know how to get rid of it or disable it.

AmmyK
Novice
Novice

Posts Posts : 21
Joined Joined : 2009-09-02
Gender Gender : Female
OS OS : windows vista
Points Points : 26583
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unknown virus- search redirecting

Post by Belahzur on 8th September 2009, 1:19 am

Are you sure you uninstalled it? The uninstall log from page 2 still shows it, so it's still there under the uninstall key in the registry; which means it should be on the uninstall list too.

Kaspersky Internet Security 7.0


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Unknown virus- search redirecting

Post by AmmyK on 8th September 2009, 1:30 am

I'm not sure why it didn't work.. I uninstalled them both through control panel -> programs and features -> then right clicked it and uninstalled it, it went through successfully and is no longer listed as a program in the uninstall or change a program list.. so I can't think of how else to get rid of it.. if it matters both Kaspersky and SUPERantispyware stopped working after the virus stopped them midway through scan.. so the programs themselves wouldn't open properly after that and just came up with the message saying I need permission to open it like it's saying now with Internet Explorer. I don't have a system restore point where I can go back to when they all worked so I can't think of anything I can do about it, I might try downloading them again and then uninstalling them while they're still working..

AmmyK
Novice
Novice

Posts Posts : 21
Joined Joined : 2009-09-02
Gender Gender : Female
OS OS : windows vista
Points Points : 26583
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unknown virus- search redirecting

Post by Metalmusk on 8th September 2009, 2:19 am

Ammy, The malware you got is a New one. It succeeded over most of the Antivirus Engines. Mcafee is one among its Hit list.

I personally recommend Kaspersky when compared with Mcafee. Still its your wish.

And the programs which you get Error message like "permission denied" wont work again. Reinstallaion of those programs is the only way to Fix it.

Metalmusk
Novice
Novice

Posts Posts : 43
Joined Joined : 2009-06-21
OS OS : XP
Points Points : 27950
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unknown virus- search redirecting

Post by AmmyK on 8th September 2009, 4:42 am

I've uninstalled Mcafee and freshly installed Kaspersky and IE, the search redirect isn't happening anymore.. thanks again for your help, it's much appreciated Smile

AmmyK
Novice
Novice

Posts Posts : 21
Joined Joined : 2009-09-02
Gender Gender : Female
OS OS : windows vista
Points Points : 26583
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum