help..!!! Trojan.JS.Redirector.ar

View previous topic View next topic Go down

help..!!! Trojan.JS.Redirector.ar

Post by jada on Mon Jan 25, 2010 4:58 pm

Hi i was wondering if someone can help me get rid of this virus that i have it says Trojan.JS.Redirector.ar please help i would appreciate it sooo much...thanks Big Grin Thank You!

jada
Novice
Novice

Posts Posts : 15
Joined Joined : 2009-06-20
OS OS : xp
Points Points : 27365
# Likes # Likes : 0

View user profile

Back to top Go down

Re: help..!!! Trojan.JS.Redirector.ar

Post by Dr Jay on Mon Jan 25, 2010 6:03 pm

Please download [You must be registered and logged in to see this link.], and save to your Desktop.
  • Double-click on Cheetah-Anti-Rogue.zip, and extract the file to your Desktop.
  • Double-click on Cheetah-Anti-Rogue.cmd to start.
  • It will finish quickly and launch a log.
  • Post the contents of it in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: help..!!! Trojan.JS.Redirector.ar

Post by jada on Mon Jan 25, 2010 6:15 pm

Cheetah-Anti-Rogue v1.2.4
by DragonMaster Jay

Microsoft Windows [Version 6.0.6000]
Date: 01/25/2010 - Time: 11:14:55 - Arch.: x86


-- Malware tools check --
Malwarebytes' Anti-Malware


-- Known infection --

(HEUR:::AntiVir.RGE)


Extra message: Detection only.


EOF

jada
Novice
Novice

Posts Posts : 15
Joined Joined : 2009-06-20
OS OS : xp
Points Points : 27365
# Likes # Likes : 0

View user profile

Back to top Go down

Re: help..!!! Trojan.JS.Redirector.ar

Post by Dr Jay on Mon Jan 25, 2010 6:22 pm

Oh ok.

Please open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: help..!!! Trojan.JS.Redirector.ar

Post by jada on Mon Jan 25, 2010 6:35 pm

Malwarebytes' Anti-Malware 1.44
Database version: 3636
Windows 6.0.6000
Internet Explorer 8.0.6001.18882

1/25/2010 11:34:35 AM
mbam-log-2010-01-25 (11-34-35).txt

Scan type: Quick Scan
Objects scanned: 118564
Time elapsed: 6 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 20
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Program Files\EvenMoreMegaSwellAdsForYou\EvenMoreMegaSwellAdsForYou.dll (Adware.EvenMoreMegaSwellAdsForYou) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\TypeLib\{92f11f92-3d21-4da5-cf1d-ef228fb116a1} (Adware.EvenMoreMegaSwellAdsForYou) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{734e0875-865a-4287-dd87-2a9564e09db2} (Adware.EvenMoreMegaSwellAdsForYou) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{eb692fe4-6873-09e0-c127-95e8ba2f94ff} (Adware.EvenMoreMegaSwellAdsForYou) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{eb692fe4-6873-09e0-c127-95e8ba2f94ff} (Adware.EvenMoreMegaSwellAdsForYou) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{eb692fe4-6873-09e0-c127-95e8ba2f94ff} (Adware.EvenMoreMegaSwellAdsForYou) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{eb692fe4-6873-09e0-c127-95e8ba2f94ff} (Adware.EvenMoreMegaSwellAdsForYou) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\evenmoremegaswelladsforyou.evenmoremegaswelladsforyou (Adware.EvenMoreMegaSwellAdsForYou) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\evenmoremegaswelladsforyou.evenmoremegaswelladsforyou.1 (Adware.EvenMoreMegaSwellAdsForYou) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook (Adware.Ecobar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{4509d3cc-b642-4745-b030-645b79522c6d} (Adware.Ecobar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4897bba6-48d9-468c-8efa-846275d7701b} (Adware.Ecobar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ca3eb689-8f09-4026-aa10-b9534c691ce0} (Adware.Ecobar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook.1 (Adware.Ecobar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{418d86be-7386-4f1a-83e0-53604adbda74} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\EvenMoreMegaSwellAdsForYou.DLL (Adware.EvenMoreMegaSwellAdsForYou) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EvenMoreMegaSwellAdsForYou (Adware.EvenMoreMegaSwellAdsForYou) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\EvenMoreMegaSwellAdsForYou (Adware.EvenMoreMegaSwellAdsForYou) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PLayMP3z) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PlayMP3 (Adware.PLayMP3z) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\PlayMP3z (Adware.PLayMP3z) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlayMP3z (Adware.PLayMP3z) -> Quarantined and deleted successfully.
C:\Program Files\EvenMoreMegaSwellAdsForYou (Adware.EvenMoreMegaSwellAdsForYou) -> Delete on reboot.

Files Infected:
C:\Program Files\EvenMoreMegaSwellAdsForYou\EvenMoreMegaSwellAdsForYou.dll (Adware.EvenMoreMegaSwellAdsForYou) -> Delete on reboot.
C:\Program Files\Fast Browser Search\IE\tbhelper.dll (Adware.Ecobar) -> Quarantined and deleted successfully.
C:\Program Files\PlayMP3z\PlayMP3.exe (Adware.PLayMP3z) -> Quarantined and deleted successfully.
C:\Program Files\PlayMP3z\uninstall.exe (Adware.PLayMP3z) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlayMP3z\Run PlayMP3z.pif (Adware.PLayMP3z) -> Quarantined and deleted successfully.
C:\Program Files\EvenMoreMegaSwellAdsForYou\uninstall.exe (Adware.EvenMoreMegaSwellAdsForYou) -> Quarantined and deleted successfully.

jada
Novice
Novice

Posts Posts : 15
Joined Joined : 2009-06-20
OS OS : xp
Points Points : 27365
# Likes # Likes : 0

View user profile

Back to top Go down

Re: help..!!! Trojan.JS.Redirector.ar

Post by jada on Mon Jan 25, 2010 6:44 pm

it said i had to restart so i did

jada
Novice
Novice

Posts Posts : 15
Joined Joined : 2009-06-20
OS OS : xp
Points Points : 27365
# Likes # Likes : 0

View user profile

Back to top Go down

Re: help..!!! Trojan.JS.Redirector.ar

Post by Dr Jay on Mon Jan 25, 2010 7:07 pm

Hi again. Please do these steps in order.

1. Please download [You must be registered and logged in to see this link.] to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start
    button to begin the process. Depending on how often you clean temp
    files, execution time should be anywhere from a few seconds to a minute
    or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.


2. Please re-open Malwarebytes, click the Scanner tab, select Perform Full Scan, and press Scan. Remove selected, and post the log in your next reply.

3. Please visit this webpage for instructions for downloading and running SUPERAntiSpyware (SAS) to scan and remove malware from your computer:

[You must be registered and logged in to see this link.]

Post the log from SUPERAntiSpyware when you've accomplished that.

4. Please run a free online scan with the [You must be registered and logged in to see this link.]
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


5. Post the following in your next reply:
  • MBAM log
  • SAS log
  • ESET log

And, please tell me how your computer is doing.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: help..!!! Trojan.JS.Redirector.ar

Post by jada on Mon Jan 25, 2010 9:10 pm

Malwarebytes' Anti-Malware 1.44
Database version: 3636
Windows 6.0.6000
Internet Explorer 8.0.6001.18882

1/25/2010 2:09:47 PM
mbam-log-2010-01-25 (14-09-47).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 305381
Time elapsed: 1 hour(s), 6 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

jada
Novice
Novice

Posts Posts : 15
Joined Joined : 2009-06-20
OS OS : xp
Points Points : 27365
# Likes # Likes : 0

View user profile

Back to top Go down

Re: help..!!! Trojan.JS.Redirector.ar

Post by jada on Mon Jan 25, 2010 9:12 pm

do i still have to do steps 3,4,5???

jada
Novice
Novice

Posts Posts : 15
Joined Joined : 2009-06-20
OS OS : xp
Points Points : 27365
# Likes # Likes : 0

View user profile

Back to top Go down

Re: help..!!! Trojan.JS.Redirector.ar

Post by Lemmy21 on Mon Jan 25, 2010 9:18 pm

C:\programdata\ParetoLogic (ParetoLogic.RGE) i have scanned with cheetah and this is my scan report

Lemmy21
Beginner
Beginner

Posts Posts : 1
Joined Joined : 2010-01-25
OS OS : windows vista
Points Points : 25085
# Likes # Likes : 0

View user profile

Back to top Go down

Re: help..!!! Trojan.JS.Redirector.ar

Post by jada on Mon Jan 25, 2010 10:33 pm

SUPERAntiSpyware Scan Log
[You must be registered and logged in to see this link.]

Generated 01/25/2010 at 03:09 PM

Application Version : 4.33.1000

Core Rules Database Version : 4515
Trace Rules Database Version: 2327

Scan type : Complete Scan
Total Scan Time : 00:41:13

Memory items scanned : 919
Memory threats detected : 0
Registry items scanned : 8370
Registry threats detected : 21
File items scanned : 31789
File threats detected : 0

Browser Hijacker.Deskbar
HKCR\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}
HKCR\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}\1.0
HKCR\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}\1.0\0
HKCR\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}\1.0\0\win32
HKCR\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}\1.0\FLAGS
HKCR\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}\1.0\HELPDIR
HKCR\Interface\{9EBB289A-2D7B-465B-825F-1530B813E95A}
HKCR\Interface\{9EBB289A-2D7B-465B-825F-1530B813E95A}\ProxyStubClsid
HKCR\Interface\{9EBB289A-2D7B-465B-825F-1530B813E95A}\ProxyStubClsid32
HKCR\Interface\{9EBB289A-2D7B-465B-825F-1530B813E95A}\TypeLib
HKCR\Interface\{9EBB289A-2D7B-465B-825F-1530B813E95A}\TypeLib#Version
HKCR\Interface\{CD5C92AE-97B0-4BC3-BA65-BA0308D543BF}
HKCR\Interface\{CD5C92AE-97B0-4BC3-BA65-BA0308D543BF}\ProxyStubClsid
HKCR\Interface\{CD5C92AE-97B0-4BC3-BA65-BA0308D543BF}\ProxyStubClsid32
HKCR\Interface\{CD5C92AE-97B0-4BC3-BA65-BA0308D543BF}\TypeLib
HKCR\Interface\{CD5C92AE-97B0-4BC3-BA65-BA0308D543BF}\TypeLib#Version
HKCR\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
HKCR\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}\ProxyStubClsid
HKCR\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}\ProxyStubClsid32
HKCR\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}\TypeLib
HKCR\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}\TypeLib#Version

jada
Novice
Novice

Posts Posts : 15
Joined Joined : 2009-06-20
OS OS : xp
Points Points : 27365
# Likes # Likes : 0

View user profile

Back to top Go down

Re: help..!!! Trojan.JS.Redirector.ar

Post by Dr Jay on Tue Jan 26, 2010 12:16 am

Please post the ESET log. Also, please do the following:

Please download [You must be registered and logged in to see this link.], and save to your Desktop.
  • Double-click on vtool.zip, and extract the file to your Desktop.
  • Double-click on vtool.cmd to start.
  • !! IMPORTANT !!::: At each prompt ("Press any key to continue..."), wait 10 seconds before pressing a key. This tool needs time to process each prompt.
  • It will finish eventually and launch a log. Do NOT exit the tool. Allow it to finish. (vtool.txt)
  • Post the contents of it in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum