Computer Infected with Trojan Horse PSW.OnlineGames4.ZUL

View previous topic View next topic Go down

Computer Infected with Trojan Horse PSW.OnlineGames4.ZUL

Post by Rigid on 12th July 2014, 1:59 pm

Yesterday I was infected with a virus, and when trying to remove it, AVG says to reboot to finish the removal process. I rebooted multiple times, but AVG still seems to detect it. I would appreciate some help, thanks!

Ok, I have the stuff I need to post, but I get this message, "New members are not allowed to post external links or emails for 7 days. Please contact the forum administrator for more information." I am going to try to post them in separate replies in this post.


Last edited by Rigid on 12th July 2014, 7:05 pm; edited 3 times in total (Reason for editing : Adding the stuff I need to add.)

Rigid
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2014-07-12
OS OS : Windows 8.1
Points Points : 8848
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Computer Infected with Trojan Horse PSW.OnlineGames4.ZUL

Post by Rigid on 12th July 2014, 7:06 pm

# AdwCleaner v3.215 - Report created 12/07/2014 at 14:02:29
# Updated 09/07/2014 by Xplode
# Operating System : Windows 8.1  (64 bits)
# Username : Samuel - SAMUEL-PC
# Running from : C:\Users\Samuel\Downloads\adwcleaner_3.215.exe
# Option : Scan

***** [ Services ] *****

Service Found : qknfd

***** [ Files / Folders ] *****

File Found : C:\Users\Samuel\AppData\Roaming\Mozilla\Firefox\Profiles\wro4htbi.default\user.js
Folder Found : C:\Users\Samuel\AppData\Local\PackageAware
Folder Found : C:\Users\Samuel\AppData\Roaming\Mysearchdial

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\InstallCore
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17126

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp: / / start . mysearchdial . com/?f=1&a=ir_14_19_ff&cd=2XzuyEtN2Y1L1Qzu0AyEtC0FyBtB0F0E0DyBtA0BtBtBtCyDtN0D0Tzu0SzzyCtBtN1L2XzutBtFtBtDtFzytFtBtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAyDtBzy0C0C0B0DtG0D0A0AyDtG0BzztCzytGtDzy0AyCtGtDyEtCtAyCzztB0ByC0E0E0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0Bzz0CyE0EyE0EtGyDzytB0CtG0AyEtA0DtGtD0AzytDtGtCyByCzzzz0BtB0CtA0CyC0B2Q&cr=1481719769&ir=
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp: / / start . mysearchdial . com/?f=1&a=ir_14_19_ff&cd=2XzuyEtN2Y1L1Qzu0AyEtC0FyBtB0F0E0DyBtA0BtBtBtCyDtN0D0Tzu0SzzyCtBtN1L2XzutBtFtBtDtFzytFtBtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAyDtBzy0C0C0B0DtG0D0A0AyDtG0BzztCzytGtDzy0AyCtGtDyEtCtAyCzztB0ByC0E0E0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0Bzz0CyE0EyE0EtGyDzytB0CtG0AyEtA0DtGtD0AzytDtGtCyByCzzzz0BtB0CtA0CyC0B2Q&cr=1481719769&ir=
Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp: / / start . mysearchdial . com/?f=1&a=ir_14_19_ff&cd=2XzuyEtN2Y1L1Qzu0AyEtC0FyBtB0F0E0DyBtA0BtBtBtCyDtN0D0Tzu0SzzyCtBtN1L2XzutBtFtBtDtFzytFtBtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAyDtBzy0C0C0B0DtG0D0A0AyDtG0BzztCzytGtDzy0AyCtGtDyEtCtAyCzztB0ByC0E0E0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0Bzz0CyE0EyE0EtGyDzytB0CtG0AyEtA0DtGtD0AzytDtGtCyByCzzzz0BtB0CtA0CyC0B2Q&cr=1481719769&ir=

-\\ Mozilla Firefox v30.0 (en-US)

[ File : C:\Users\Samuel\AppData\Roaming\Mozilla\Firefox\Profiles\wro4htbi.default\prefs.js ]

Line Found : user_pref("browser.search.defaultenginename", "Mysearchdial");
Line Found : user_pref("browser.search.selectedEngine", "Mysearchdial");
Line Found : user_pref("extensions.irmysearch.aflt", "ir_14_19_ff");
Line Found : user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1Qzu0AyEtC0FyBtB0F0E0DyBtA0BtBtBtCyDtN0D0Tzu0SzzyCtBtN1L2XzutBtFtBtDtFzytFtBtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAyDtBzy0C0C0B0DtG0D0A0AyDt[...]
Line Found : user_pref("extensions.irmysearch.cr", "1481719769");
Line Found : user_pref("extensions.irmysearch.instlRef", "140305_a");

*************************

AdwCleaner[R0].txt - [3285 octets] - [12/07/2014 14:02:29]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [3345 octets] ##########

Rigid
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2014-07-12
OS OS : Windows 8.1
Points Points : 8848
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Computer Infected with Trojan Horse PSW.OnlineGames4.ZUL

Post by Rigid on 12th July 2014, 7:12 pm

I am getting the message for Malwarebytes Anti-Malware post. Here is a screenshot of it

http: / / gyazo . com/818f01593f8c6fce97d308b0d26594e8

http: / / gyazo . com/b48176b62ba487c7efb72c7e00637882

I had to add spaces into the links (although this didn't work on the log I was supposed to post.)


Last edited by Rigid on 12th July 2014, 7:13 pm; edited 1 time in total

Rigid
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2014-07-12
OS OS : Windows 8.1
Points Points : 8848
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Computer Infected with Trojan Horse PSW.OnlineGames4.ZUL

Post by Rigid on 12th July 2014, 7:12 pm

Results of screen317's Security Check version 0.99.85
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG AntiVirus 2014
Windows Defender
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 55
Java version out of Date!
Adobe Flash Player 14.0.0.145
Adobe Reader XI
Mozilla Firefox (30.0)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbam.exe
AVG avgwdsvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

Rigid
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2014-07-12
OS OS : Windows 8.1
Points Points : 8848
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Computer Infected with Trojan Horse PSW.OnlineGames4.ZUL

Post by Superdave on 12th July 2014, 10:32 pm

Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
New members are not allowed to post external links or emails for 7 days.
All you need to do is copy and paste the logs in your replies.
Windows 8 comes with its own AV called Windows Defender. If you wish to run another AV you will need to disable Windows Defender. In my opinion, you're better off with Windows Defender because it also anti-spyware built into it.


Remove the Adware:

  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

*********************************************
Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.]
Double Click mbam-setup.exe to install the application.

  • It should update automatically if the computer is connected to the internet.
  • Click on Threat Scan and click on Scan Now.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete make sure all the infections have "quarantine" selected in the Action box.
  • Click on "Quarantine All" You may be asked to Restart your computer to completely remove the infections.
  • When disinfection is completed you can click on "Copy to Clipboard".
  • Paste the log in you next reply (CTRL+ V)

*************************************************
Please download [You must be registered and logged in to see this link.] to your desktop.

Warning! Once the scan is complete JRT will shut down your browser with NO warning.

Shut down your protection software now to avoid potential conflicts.

•Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click [You must be registered and logged in to see this link.] link to see a list of security programs that should be disabled and how to disable them.

•Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator

•The tool will open and start scanning your system.

•Please be patient as this can take a while to complete depending on your system's specifications.

•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

•Copy and Paste the JRT.txt log into your next message.
*****************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
******************************************
Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.


First [You must be registered and logged in to see this link.]

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the [You must be registered and logged in to see this link.].

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download [You must be registered and logged in to see this link.] and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: [You must be registered and logged in to see this link.] adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83201
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum