Jump to content

Trojan infection - please help


Recommended Posts

Try starting with this > Download Malwarebytes Anti-Malware and save it to your desktop. Double-click mbam-setup.exe and follow the prompts to install the program.At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select Perform quick scan, then click Scan.When the scan is complete, click OK, then Show Results to view the results.Be sure that everything is checked, and click Remove Selected.When completed, a log will open in Notepad. Please save it to a convenient location and post the results in your next post...

 

 

 

 

:geezer:

Link to post
Share on other sites

Hi , Thanks for the reply - here is the log

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300www.malwarebytes.orgDatabase version: v2013.09.12.03Windows 7 Service Pack 1 x64 NTFSInternet Explorer 10.0.9200.16686James :: JAMES-PC [administrator]Protection: Enabled12/09/2013 07:33:38mbam-log-2013-09-12 (07-33-38).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 222382Time elapsed: 2 minute(s), 15 second(s)Memory Processes Detected: 1C:Program Files (x86)LinkSwiftupdateLinkSwift.exe (PUP.Optional.LinkSwift.A) -> 1504 -> Delete on reboot.Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 10HKLMSYSTEMCurrentControlSetServicesUpdate LinkSwift (PUP.Optional.LinkSwift.A) -> Quarantined and deleted successfully.HKCRCLSID{323420b6-65e5-4657-8106-a27392d4d4aa} (PUP.Optional.LinkSwift.A) -> Quarantined and deleted successfully.HKCRTypeLib{49fb101a-0a00-4e85-a807-8785c2d32604} (PUP.Optional.LinkSwift.A) -> Quarantined and deleted successfully.HKCRInterface{339CA35C-F74A-44C3-BD78-9CE3E8C9C560} (PUP.Optional.LinkSwift.A) -> Quarantined and deleted successfully.HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{323420B6-65E5-4657-8106-A27392D4D4AA} (PUP.Optional.LinkSwift.A) -> Quarantined and deleted successfully.HKCUSOFTWAREMicrosoftWindowsCurrentVersionExtSettings{323420B6-65E5-4657-8106-A27392D4D4AA} (PUP.Optional.LinkSwift.A) -> Quarantined and deleted successfully.HKCUSOFTWAREMicrosoftWindowsCurrentVersionExtStats{323420B6-65E5-4657-8106-A27392D4D4AA} (PUP.Optional.LinkSwift.A) -> Quarantined and deleted successfully.HKCRCLSID{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} (PUP.Optional.BrowseFox.A) -> Quarantined and deleted successfully.HKCRCLSID{4AA46D49-459F-4358-B4D1-169048547C23} (PUP.Optional.BrowseFox.A) -> Quarantined and deleted successfully.HKCUSOFTWARELINKSWIFT (PUP.Optional.LinkSwift.A) -> Quarantined and deleted successfully.Registry Values Detected: 1HKCUSoftwareLinkSwift|iid (PUP.Optional.LinkSwift.A) -> Data: def_LinkSwift -> Quarantined and deleted successfully.Registry Data Items Detected: 4HKCUSOFTWAREMicrosoftInternet ExplorerSearch|SearchAssistant (PUP.Optional.Snapdo) -> Bad: (http://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=GB&userid=d20e3007-4bb8-561c-4849-6fc671c31731&searchtype=ds&q={searchTerms}&installDate=31/08/2013) Good: (http://www.google.com) -> No action taken.HKCUSOFTWAREMicrosoftInternet ExplorerMain|Search Page (PUP.Optional.Snapdo) -> Bad: (http://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=GB&userid=d20e3007-4bb8-561c-4849-6fc671c31731&searchtype=ds&q={searchTerms}&installDate=31/08/2013) Good: (http://www.google.com) -> Quarantined and repaired successfully.HKCUSOFTWAREMicrosoftInternet ExplorerMain|Search Bar (PUP.Optional.Snapdo) -> Bad: (http://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=GB&userid=d20e3007-4bb8-561c-4849-6fc671c31731&searchtype=ds&q={searchTerms}&installDate=31/08/2013) Good: (http://www.google.com) -> Quarantined and repaired successfully.HKCUSOFTWAREMicrosoftInternet ExplorerSearch|Default_Search_URL (PUP.Optional.Snapdo) -> Bad: (http://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=GB&userid=d20e3007-4bb8-561c-4849-6fc671c31731&searchtype=ds&q={searchTerms}&installDate=31/08/2013) Good: (http://www.google.com) -> Quarantined and repaired successfully.Folders Detected: 1C:Program Files (x86)LinkSwift (PUP.Optional.LinkSwift.A) -> Delete on reboot.Files Detected: 18C:Program Files (x86)LinkSwiftupdateLinkSwift.exe (PUP.Optional.LinkSwift.A) -> Delete on reboot.C:Program Files (x86)LinkSwiftLinkSwiftBHO.dll (PUP.Optional.LinkSwift.A) -> Quarantined and deleted successfully.C:UsersJamesAppDataLocalTempICReinstall_ZipOpenerSetup.exe (PUP.Optional.InstallCore) -> Quarantined and deleted successfully.C:UsersJamesAppDataLocalTemp3062A8F8-BAB0-7891-BDDA-2519BFEE8912LatestBabMaint.exe (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.C:UsersJamesAppDataLocalTemp3062A8F8-BAB0-7891-BDDA-2519BFEE8912LatestBUSolution.dll (PUP.Optional.BabSolution.A) -> Quarantined and deleted successfully.C:UsersJamesAppDataLocalTemp3062A8F8-BAB0-7891-BDDA-2519BFEE8912LatestenhancedNT.dll (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.C:UsersJamesAppDataLocalTemp3062A8F8-BAB0-7891-BDDA-2519BFEE8912LatestSetup.exe (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.C:UsersJamesDownloadsopenofficesuite-setup.exe (PUP.DownloadAdmin) -> Quarantined and deleted successfully.C:UsersJamesDownloadsZipOpenerSetup.exe (PUP.Optional.InstallCore) -> Quarantined and deleted successfully.C:UsersJamesLocal SettingsTemporary Internet FilesContent.IE567Z7AYMTSetup[1].exe (PUP.Optional.LinkSwift.A) -> Quarantined and deleted successfully.C:UsersJamesLocal SettingsTemporary Internet FilesContent.IE5EHHYCAORpack[1].7z (PUP.Optional.BrowserProtect.A) -> Quarantined and deleted successfully.C:Program Files (x86)LinkSwiftupdateLinkSwift.InstallState (PUP.Optional.LinkSwift.A) -> Quarantined and deleted successfully.C:Program Files (x86)LinkSwiftLinkSwift.Common.dll (PUP.Optional.LinkSwift.A) -> Delete on reboot.C:Program Files (x86)LinkSwiftLinkSwift.ico (PUP.Optional.LinkSwift.A) -> Quarantined and deleted successfully.C:Program Files (x86)LinkSwiftLinkSwiftUninstall.exe (PUP.Optional.LinkSwift.A) -> Quarantined and deleted successfully.C:Program Files (x86)LinkSwiftMicrosoft.Win32.TaskScheduler.dll (PUP.Optional.LinkSwift.A) -> Quarantined and deleted successfully.C:Program Files (x86)LinkSwiftodpccdgkmiicgocepijnaeihjnjnomca.crx (PUP.Optional.LinkSwift.A) -> Quarantined and deleted successfully.C:Program Files (x86)LinkSwiftsqlite3.exe (PUP.Optional.LinkSwift.A) -> Quarantined and deleted successfully.(end)

Link to post
Share on other sites

Whoa Nellie!! That's a bunch.... O.K. so now we need to download and run DDS > Download DDS

 

Download DDS and save it to your desktop. Disable any script blocking protection (How to Disable your Security Programs)Vista/Win7 right click on the DDS icon and select "Run as Administrator" to run the tool (may take up to 3 minutes to run). XP just double click the icon to run the tool.When done, DDS.txt will open.After a few moments, attach.txt will open in a second window.Save both reports to your desktop.Please post the contents of the DDS.txt and Attach.txt logs in a new thread that you start here > http://forums.pcpits...-been-hijacked/

 

Please wait for help there from one of our Trusted Malware Techs, they work other forums also and are quite busy.

 

 

 

 

:geezer:

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...