Jump to content

Change Mode

Redirected Google selection


Recommended Posts

Hi there, here goes my first post!

 

I know that this issue has been posted before but a couple of things confuse me in my case! Firstly, this problem has hit both my desktop PC and laptop at the same time. Second when I take my laptop to Sweden where I work during the week there is no such problem. Really don't know where to start with this!

 

Thanks,

Roland

Link to post
Share on other sites

Sounds like a hijacked browser. Like law said, you should run those tools but make sure you save the log from MBAM. If this does not take care of the issue, I'd post a HijackThis log, and if that's necessary I'll post directions if you need me to.

Link to post
Share on other sites

Thanks Guys, ran the MBAM with Windows in Safe mode and seems to have done the job! It only found 1 infected file and I have pasted the log below so you can check it out.

Roland

 

Malwarebytes' Anti-Malware 1.30

Database version: 1401

Windows 5.1.2600 Service Pack 3

 

16/11/2008 08:21:11

mbam-log-2008-11-16 (08-21-11).txt

 

Scan type: Full Scan (C:\|D:\|)

Objects scanned: 160182

Time elapsed: 2 hour(s), 40 minute(s), 7 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

C:\WINDOWS\bitsadmin.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Link to post
Share on other sites

It looks like you will need to post a HijackThis log here

 

Click here to download HJTsetup.exe

  • Save HJTsetup.exe to your desktop.
  • Double click on the HJTsetup.exe icon on your desktop.
  • By default it will install to C:\Program Files\Hijack This.
  • Continue to click Next in the setup dialogue boxes until you get to the Select Additional Tasks dialogue.
  • Put a check by Create a desktop icon then click Next again.
  • Continue to follow the rest of the prompts from there.
  • At the final dialogue box click Finish and it will launch Hijack This.
  • Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
  • Click Save to save the log file and then the log will open in notepad.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
Link to post
Share on other sites

A quicker solution as it is your router that is infected

 

Disconnect your system from the internet, and your router, then…

 

Double Click mbam-setup.exe to install the application.

  • Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

===============================================

 

Next you must reset the router to its default configuration. This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds). If you don’t know the router's default password, you can look it up HERE

 

However, if there are other Zlob-infected machines using the same router, they will need to be cleared with the above steps before resetting the router. Otherwise, the malware will simply go back and change the router's DNS settings. You also need to reconfigure any security settings you had in place prior to the reset. Check out this site here for video tutorials on how to properly configure your router's encryption and security settings. You may also need to consult with your Internet service provider to find out which DNS servers your network should be using.

 

Once you have ran Malwarebytes' Anti-Malware on the infected system, and reset the router to its default configuration you can reconnect to the internet, and router. Then return to this site to post your logs.

 

===============================================

 

Please post the Malwarebytes log and let me know how things are running now :thumbsup:

Link to post
Share on other sites

Hi Essexboy,

 

thanks for the reply and sorry for the delay but been away all week! I attach the log as suggested and have reset the router. Intersting thing is all the router settings were retained even after pressing the reset Button?

However, at the moment all seems OK but this is sometimes the case and suddenly the problem returns. Do you think from the log this has been fixed?

 

Cheers,

Roland

 

Malwarebytes' Anti-Malware 1.30

Database version: 1414

Windows 5.1.2600 Service Pack 2

 

21/11/2008 09:31:06

mbam-log-2008-11-21 (09-31-06).txt

 

Scan type: Quick Scan

Objects scanned: 56658

Time elapsed: 5 minute(s), 38 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 0

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...