GeekPolice Tech TutorialsLog in

 


Browser hijacked "Do Searches"

Share

descriptionBrowser hijacked "Do Searches" - Page 2 EmptyRe: Browser hijacked "Do Searches"

more_horiz
Here is the MBAM:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Έκδοση βάσης δεδομένων: v2013.10.13.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Vlad&Luciferia :: USER-HQAI7P9NL5 [διαχειριστής]

18/10/2013 10:11:19 μμ
mbam-log-2013-10-18 (22-11-19).txt

Τύπος σάρωσης: Πλήρης σάρωση (C:\|)
Ενεργοποιημένες επιλογές σάρωσης: Μνήμη | Εκκίνηση | Μητρώο | Σύστημα αρχείων | Ευρετική μέθοδος/Extra | Ευρετική μέθοδος/Shuriken | PUP | PUM
Απενεργοποιημένες επιλογές σάρωσης: P2P
Αντικείμενα που σαρώθηκαν: 232059
Χρόνος που έχει διανυθεί: 32 λεπτό(ά), 2 δευτερόλεπτο(α)

Εντοπίστηκαν διεργασίες στη μνήμη: 0
(Δεν εντοπίστηκαν επιβλαβή αντικείμενα)

Εντοπίστηκαν στοιχεία στη μνήμη: 0
(Δεν εντοπίστηκαν επιβλαβή αντικείμενα)

Εντοπίστηκαν κλειδιά στο μητρώο: 0
(Δεν εντοπίστηκαν επιβλαβή αντικείμενα)

Εντοπίστηκαν τιμές στο μητρώο: 0
(Δεν εντοπίστηκαν επιβλαβή αντικείμενα)

Εντοπίστηκαν αντικείμενα δεδομένων στο μητρώο: 0
(Δεν εντοπίστηκαν επιβλαβή αντικείμενα)

Εντοπίστηκαν φάκελοι: 0
(Δεν εντοπίστηκαν επιβλαβή αντικείμενα)

Εντοπίστηκαν αρχεία: 0
(Δεν εντοπίστηκαν επιβλαβή αντικείμενα)

(τέλος)

descriptionBrowser hijacked "Do Searches" - Page 2 EmptyRe: Browser hijacked "Do Searches"

more_horiz
I think that those are weird, what do you think :
Browser hijacked "Do Searches" - Page 2 Pncm

descriptionBrowser hijacked "Do Searches" - Page 2 EmptyRe: Browser hijacked "Do Searches"

more_horiz
You can try stopping those suspicious processes one at a time and see if it helps.

Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
*********************************************
I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan

•Click the Browser hijacked "Do Searches" - Page 2 EsetOnline button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

  • Click on Browser hijacked "Do Searches" - Page 2 EsetSmartInstall to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the Browser hijacked "Do Searches" - Page 2 EsetSmartInstallDesktopIcon-1 icon on your desktop.

•Check Browser hijacked "Do Searches" - Page 2 EsetAcceptTerms
•Click the Browser hijacked "Do Searches" - Page 2 EsetStart button.
•Accept any security warnings from your browser.

  • Leave the check mark next to Remove found threats.

•Check Browser hijacked "Do Searches" - Page 2 EsetScanArchives
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push Browser hijacked "Do Searches" - Page 2 EsetListThreats
•Push Browser hijacked "Do Searches" - Page 2 EsetExport, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the Browser hijacked "Do Searches" - Page 2 EsetBack button.
•Push Browser hijacked "Do Searches" - Page 2 EsetFinish
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

descriptionBrowser hijacked "Do Searches" - Page 2 EmptyRe: Browser hijacked "Do Searches"

more_horiz
I don't know why, but as I said on my previous posts, security check cannot run as it should and I get some kind of error inside the program saying "Could not locate the disk path"...
Browser hijacked "Do Searches" - Page 2 Rqb9

Eset:
C:\AdwCleaner\Quarantine\C\Documents and Settings\VLAD&L~1\LOCALS~1\Temp\eIntaller\A77CB00929914442BD038C99765B0F83\eGdpSvc.exe.vir a variant of Win32/ELEX.S application cleaned by deleting - quarantined
C:\Documents and Settings\Vlad&Luciferia\?? ??????? ???\Downloads\Windows XP Pro SP3, Activated, +genuine, +sata, (July 2013)\Windows_XP_Pro_SP3_activated.iso a variant of Win32/HackTool.WpaKill.E application deleted - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Vlad&Luciferia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fcgmehbfdnnenigpjeloaghefejfanka\1.6\zYiVoyT.js.vir Win32/Adware.MultiPlug.H application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Vlad&Luciferia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\iibljhbgeihagednfcefiohkkhlebafm\1.0\8OlTFzsklOl.js.vir Win32/Adware.MultiPlug.H application cleaned by deleting - quarantined
C:\System Volume Information\_restore{233CA534-2ECC-468B-9319-1BCF517C9EE4}\RP75\A0014268.exe Win32/SProtector.B application cleaned by deleting - quarantined
C:\System Volume Information\_restore{233CA534-2ECC-468B-9319-1BCF517C9EE4}\RP77\A0014337.exe a variant of Win32/Adware.SpeedingUpMyPC.C application cleaned by deleting - quarantined
C:\System Volume Information\_restore{233CA534-2ECC-468B-9319-1BCF517C9EE4}\RP77\A0014341.exe a variant of Win32/SpeedingUpMyPC application deleted - quarantined
C:\System Volume Information\_restore{233CA534-2ECC-468B-9319-1BCF517C9EE4}\RP84\A0014832.exe Win32/SProtector.B application cleaned by deleting - quarantined

descriptionBrowser hijacked "Do Searches" - Page 2 EmptyRe: Browser hijacked "Do Searches"

more_horiz
Virus still exists... Sad tearing

descriptionBrowser hijacked "Do Searches" - Page 2 EmptyRe: Browser hijacked "Do Searches"

more_horiz
security check cannot run as it should and I get some kind of error inside the program saying "Could not locate the disk path"...
Are you downloading the program directly to your computer or are you trying to run it from a CD?

* Go to Start > Run and type mrt.exe then press Enter on the keyboard).
* (Vista and Windows 7 users go to Start and type mrt.exe in the search box then press Enter on the keyboard.
* Click Next.
* Choose Full Scan and click Next.
* Once the scan is finished click View detailed results of the scan.

Look through the list and let me know if anything was found infected.

descriptionBrowser hijacked "Do Searches" - Page 2 EmptyRe: Browser hijacked "Do Searches"

more_horiz
I download the program and run it, no use of a cd..
I did what you said above and here is the result:
Browser hijacked "Do Searches" - Page 2 Tnn2
The above error says "Windows could not locate mrt.exe Make sure you typed correct the name and try later.

descriptionBrowser hijacked "Do Searches" - Page 2 EmptyRe: Browser hijacked "Do Searches"

more_horiz
You can download and install MRT here.

descriptionBrowser hijacked "Do Searches" - Page 2 EmptyRe: Browser hijacked "Do Searches"

more_horiz
With mrt all is good, no infection found

descriptionBrowser hijacked "Do Searches" - Page 2 EmptyRe: Browser hijacked "Do Searches"

more_horiz
Vladimir wrote:
With mrt all is good, no infection found
I need to know what Av you're using?

descriptionBrowser hijacked "Do Searches" - Page 2 EmptyRe: Browser hijacked "Do Searches"

more_horiz
I do not use any real time antivirus, I only scan my pc with MBAM and superantispyware.

descriptionBrowser hijacked "Do Searches" - Page 2 EmptyRe: Browser hijacked "Do Searches"

more_horiz
I do not use any real time antivirus, I only scan my pc with MBAM and superantispyware
That is not a very good idea. You can check your Add-ons in your browsers to see if there are any add-ons that could be causing that problem. I will cease help you with this problem until you install and activate one of these AV programs. I recommend MicroSoft Security Essentials.

Remember to only install one antivirus!

1) Avast! Home Edition
2) AVG Free Edition
3) Avira AntiVir Personal
4) MicroSoft Security Essentials  All versions and all languages.
5) Comodo Antivirus (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one)
6) PC Tools AntiVirus Free Edition

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.

descriptionBrowser hijacked "Do Searches" - Page 2 EmptyRe: Browser hijacked "Do Searches"

more_horiz
I download and install Comodo. What next? I do not use microsoft security essentials because of my windows beeing a cracked version..

descriptionBrowser hijacked "Do Searches" - Page 2 EmptyRe: Browser hijacked "Do Searches"

more_horiz
I checked my add-ons in my browser and all is ok, I do not have any unwanted add-on installed.. And virus is still active :/
We reached the limit? We cannot do sth else?

descriptionBrowser hijacked "Do Searches" - Page 2 EmptyRe: Browser hijacked "Do Searches"

more_horiz
Here is the troublesome virus that hijacks my browsers
Browser hijacked "Do Searches" - Page 2 7cas[/URL]

descriptionBrowser hijacked "Do Searches" - Page 2 EmptyRe: Browser hijacked "Do Searches"

more_horiz
Permissions in this forum:
You cannot reply to topics in this forum