Redirect

Page 2 of 3 Previous  1, 2, 3  Next

View previous topic View next topic Go down

Redirect

Post by DJ Englewood on Sun 17 Oct 2010, 2:13 am

First topic message reminder :

i'm infected with something it keeps redirecting my searches

DJ Englewood

Rookie Surfer
Rookie Surfer

Posts : 128
Joined : 2010-02-09
Operating System : xp

View user profile

Back to top Go down


Re: Redirect

Post by DragonMaster Jay on Thu 28 Oct 2010, 3:26 pm

Looks like the malware killed sound.

Please download the latest version of Kaspersky GetSystemInfo (GSI) from Kaspersky and save it to your Desktop.

Note: please close all other applications running on your system.

Double click GetSystemInfo.exe to open it. It will display an agreement. Click on I Agree to continue.

Click the Settings button.



Set the slider to Maximum.



IMPORTANT! Then, click Customize - choose Driver / Ports tab and uncheck Scan Ports.




On the General tab, make sure all of the boxes are checked.




On the Misc tab, make sure all the checkboxes are checked.

Then, click OK on the windows that you launched.



Click Create Report to run it.


It will begin scanning.

It will create a zip folder called GetSystemInfo_XXXXXXXXXXXXXX.zip on your Desktop.

It should automatically upload it to [You must be registered and logged in to see this link.] If it does not, then please submit it manually by going to the site and doing the upload process.

It will redirect to a page, where it will provide a sharing URL for specialists. Copy and paste the url of the GSI Parser report in your next reply.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Redirect

Post by DJ Englewood on Thu 28 Oct 2010, 3:35 pm

ok

DJ Englewood

Rookie Surfer
Rookie Surfer

Posts : 128
Joined : 2010-02-09
Operating System : xp

View user profile

Back to top Go down

Re: Redirect

Post by DJ Englewood on Thu 28 Oct 2010, 4:19 pm

it wont let me post the report

DJ Englewood

Rookie Surfer
Rookie Surfer

Posts : 128
Joined : 2010-02-09
Operating System : xp

View user profile

Back to top Go down

Re: Redirect

Post by DJ Englewood on Thu 28 Oct 2010, 4:20 pm

if i copy and paste the report and hit send it just wont go threw

DJ Englewood

Rookie Surfer
Rookie Surfer

Posts : 128
Joined : 2010-02-09
Operating System : xp

View user profile

Back to top Go down

Re: Redirect

Post by DJ Englewood on Thu 28 Oct 2010, 4:34 pm

[You must be registered and logged in to see this link.]

DJ Englewood

Rookie Surfer
Rookie Surfer

Posts : 128
Joined : 2010-02-09
Operating System : xp

View user profile

Back to top Go down

Re: Redirect

Post by DragonMaster Jay on Sat 30 Oct 2010, 4:35 pm

Please do a scan with Kaspersky Online Scanner

Click on the Accept button and install any components it needs.

  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer.
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Note: If the scan freezes for more than 30 minutes, stop the scan, and report back to me.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Redirect

Post by DJ Englewood on Sat 30 Oct 2010, 4:42 pm

will do

DJ Englewood

Rookie Surfer
Rookie Surfer

Posts : 128
Joined : 2010-02-09
Operating System : xp

View user profile

Back to top Go down

Re: Redirect

Post by DJ Englewood on Wed 03 Nov 2010, 10:24 pm

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Wednesday, November 3, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, November 02, 2010 16:14:05
Records in database: 4203178
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan statistics:
Objects scanned: 189398
Threats found: 4
Infected objects found: 5
Suspicious objects found: 0
Scan duration: 09:28:30


File name / Threat / Threats count
C:\WINDOWS\system32\cryptnet32.dll/C:\WINDOWS\system32\cryptnet32.dll Infected: Trojan.Win32.Delf.aeyp 1
C:\Documents and Settings\Guest\Application Data\Sun\Java\Deployment\cache\6.0\12\38eba44c-641eeccd Infected: Trojan-Downloader.Java.Agent.hx 1
C:\System Volume Information\_restore{1820F488-9212-4A2F-9198-DF89AD58E60C}\RP1849\A0361961.exe Infected: Trojan.Win32.FakeAv.phm 1
C:\WINDOWS\system32\cryptnet32.dll Infected: Trojan.Win32.Delf.aeyp 1
C:\WINDOWS\Temp\_52.tmp Infected: Trojan-Dropper.Win32.Delf.gqd 1

Selected area has been scanned.

DJ Englewood

Rookie Surfer
Rookie Surfer

Posts : 128
Joined : 2010-02-09
Operating System : xp

View user profile

Back to top Go down

Re: Redirect

Post by DJ Englewood on Mon 08 Nov 2010, 12:08 pm


DJ Englewood

Rookie Surfer
Rookie Surfer

Posts : 128
Joined : 2010-02-09
Operating System : xp

View user profile

Back to top Go down

Re: Redirect

Post by DragonMaster Jay on Mon 08 Nov 2010, 3:43 pm

I was on vacation all week. Apparently the other helpers did not see this thread.

Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

  • Slow computer
  • Error messages
  • Fake antivirus alerts or the icon in the system tray
  • svchost.exe running at 100%
  • System crashes or blue screen of death


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Redirect

Post by DJ Englewood on Tue 09 Nov 2010, 4:28 am

# Fake antivirus alerts or the icon in the system tray


and firefox keeps crashing

and did kaspersky remove anything?

i see it found stuff but did it remove it?

DJ Englewood

Rookie Surfer
Rookie Surfer

Posts : 128
Joined : 2010-02-09
Operating System : xp

View user profile

Back to top Go down

Re: Redirect

Post by DragonMaster Jay on Tue 09 Nov 2010, 9:49 pm

Clean files with OTM

Please download OTM

  • Save it to your desktop.
  • Please double-click OTM to run it. (Note for Vista: Right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL C (or, after highlighting, right-click and choose Copy):

    :files
    C:\WINDOWS\system32\cryptnet32.dll
    C:\Documents and Settings\Guest\Application Data\Sun\Java\Deployment\cache\6.0\12\38eba44c-641eeccd
    C:\System Volume Information\_restore{1820F488-9212-4A2F-9198-DF89AD58E60C}\RP1849\A0361961.exe
    C:\WINDOWS\system32\cryptnet32.dll
    C:\WINDOWS\Temp\_52.tmp

    :Commands
    [emptytemp]
    [purity]
    [Reboot]

  • Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM and reboot your PC.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and
open the newest .log file present, and copy/paste the contents of that document back here in your next post.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Redirect

Post by DJ Englewood on Wed 10 Nov 2010, 4:44 am

All processes killed
========== FILES ==========
DllUnregisterServer procedure not found in C:\WINDOWS\system32\cryptnet32.dll
C:\WINDOWS\system32\cryptnet32.dll moved successfully.
C:\Documents and Settings\Guest\Application Data\Sun\Java\Deployment\cache\6.0\12\38eba44c-641eeccd moved successfully.
C:\System Volume Information\_restore{1820F488-9212-4A2F-9198-DF89AD58E60C}\RP1849\A0361961.exe moved successfully.
File/Folder C:\WINDOWS\system32\cryptnet32.dll not found.
C:\WINDOWS\Temp\_52.tmp moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Guest
->Temp folder emptied: 17402 bytes
->Temporary Internet Files folder emptied: 451934 bytes
->Java cache emptied: 488 bytes
->FireFox cache emptied: 17206651 bytes
->Flash cache emptied: 1113 bytes

User: Joe
->Temp folder emptied: 1821936782 bytes
->Temporary Internet Files folder emptied: 5250115 bytes
->Java cache emptied: 3073529 bytes
->FireFox cache emptied: 108919898 bytes
->Flash cache emptied: 80602 bytes

User: LocalService
->Temp folder emptied: 69832 bytes
->Temporary Internet Files folder emptied: 15357442 bytes
->Flash cache emptied: 33267 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 50418025 bytes
->Java cache emptied: 38 bytes
->Flash cache emptied: 73262 bytes

%systemdrive% .tmp files removed: 16777216 bytes
%systemroot% .tmp files removed: 1460996 bytes
%systemroot%\System32 .tmp files removed: 4182033 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 17044036 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 26550860 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 23601860 bytes
RecycleBin emptied: 1147527267 bytes

Total Files Cleaned = 3,109.00 mb


OTM by OldTimer - Version 3.1.17.2 log created on 11092010_112424

Files moved on Reboot...

Registry entries deleted on Reboot...




as soon as mozilla opened i got a Fake antivirus alerts

DJ Englewood

Rookie Surfer
Rookie Surfer

Posts : 128
Joined : 2010-02-09
Operating System : xp

View user profile

Back to top Go down

Re: Redirect

Post by DragonMaster Jay on Wed 10 Nov 2010, 5:27 pm

Investigate MBR/Check for TDL4

Please download Stealth MBR Rootkit Detector by GMER from GMER.net, and save to your Desktop.
  • Double-click mbr.exe to start the program.
  • When done scanning, it will save a log on the Desktop called mbr.log.
  • Please post the contents of that log in your next reply.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Redirect

Post by DJ Englewood on Thu 11 Nov 2010, 6:13 am

i downloaded GMER ran it then when i tried to get the report quik flash then blue screen of death a think now windows will not start

i tried to start it in all safe modes but no good is it dead?

DJ Englewood

Rookie Surfer
Rookie Surfer

Posts : 128
Joined : 2010-02-09
Operating System : xp

View user profile

Back to top Go down

Re: Redirect

Post by DragonMaster Jay on Thu 11 Nov 2010, 3:22 pm

Why did you download/run GMER? I said to download the Stealth MBR Rootkit/TDL4 Detector.

Do you have a XP cd or the Recovery Console installed?


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Redirect

Post by DJ Englewood on Thu 11 Nov 2010, 5:09 pm

Xp cd no Recovery Console. Not sure how would I find out from the state its in?

DJ Englewood

Rookie Surfer
Rookie Surfer

Posts : 128
Joined : 2010-02-09
Operating System : xp

View user profile

Back to top Go down

Re: Redirect

Post by DJ Englewood on Thu 11 Nov 2010, 5:12 pm

I did run the mbr from the link you posted

DJ Englewood

Rookie Surfer
Rookie Surfer

Posts : 128
Joined : 2010-02-09
Operating System : xp

View user profile

Back to top Go down

Re: Redirect

Post by DragonMaster Jay on Fri 12 Nov 2010, 10:19 pm

Reboot your computer.

Boot from the windows XP CD, press the "R" key in the setup in order to start the Recovery Console.

Select your windows XP installation from the list (usually 1). It will prompt for an administrator password. The password is probably blank, so just hit enter.

Enter the command: fixmbr at the input prompt and confirm the next question with a Y.

It should then reboot the computer. If it does not, then type exit.

Boot back in to the Normal XP.

=================

After that, please do the following:

Please run Stealth MBR Rootkit Detector
  • Double-click mbr.exe to start the program.
  • When done scanning, it will save a log on the Desktop called mbr.log.
  • Please post the contents of that log in your next reply.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Redirect

Post by DJ Englewood on Sat 13 Nov 2010, 2:11 am

if i dont have the cd are there any other options?

DJ Englewood

Rookie Surfer
Rookie Surfer

Posts : 128
Joined : 2010-02-09
Operating System : xp

View user profile

Back to top Go down

Re: Redirect

Post by DragonMaster Jay on Sat 13 Nov 2010, 9:38 pm

Yes. Would you rather burn a Recovery disc?


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Redirect

Post by DJ Englewood on Sun 14 Nov 2010, 1:22 am

well i have no choice where would i find it?

DJ Englewood

Rookie Surfer
Rookie Surfer

Posts : 128
Joined : 2010-02-09
Operating System : xp

View user profile

Back to top Go down

Re: Redirect

Post by DragonMaster Jay on Mon 15 Nov 2010, 1:45 pm

Download RC.ISO and save it somewhere you can find it.

Download MagicISO and install it.

Start MagicISO. When it asks you to register, just close that window...the
program should remain open. Click on "File" and then on "Open"...navigate to the RC.ISO file you downloaded, select it, and click "Open".

Click "File" on the toolbar and choose "Save As". Name the file RCplus and save it somewhere you can find it.

Put a blank CD-R disk in your CD burner and close the tray...when the AutoPlay window opens, close it.

Click "Tools" on the toolbar and choose "Burn CD/DVD with ISO". In the CD/DVD Image file area, click the little folder, navigate to the newly created
RCplus.iso image file, and click "Open". In the CD/DVD Writing Speed
drop-down menu, choose the top 8X setting. Format should have "Mode 1"
selected...if not, select it. Click on the "Burn It!" button.

Once this disk is burned, put it in the machine you're working on and restart. Boot to the CD and enter the Recovery Console.

When there, do this:

type in "fixmbr" and hit Enter.



Type 'y' if asked to, and allow it to do it's job.

Once it's done that and shows the next bit for another command, type "exit"

This will reboot your machine again, allow it to boot normally this time.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Redirect

Post by DJ Englewood on Tue 16 Nov 2010, 5:47 am

ITS BACK !!! WOOOHOOO

DJ Englewood

Rookie Surfer
Rookie Surfer

Posts : 128
Joined : 2010-02-09
Operating System : xp

View user profile

Back to top Go down

Re: Redirect

Post by DragonMaster Jay on Tue 16 Nov 2010, 6:08 am

Excellent. Now see if you can run this scan...

ESET Online Scan

Please run a free online scan with the ESET Online Scanner
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Redirect

Post by Sponsored content Today at 2:45 am


Sponsored content


Back to top Go down

Page 2 of 3 Previous  1, 2, 3  Next

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum