GeekPolice Tech TutorialsLog in

 

Browser hijacked "Do Searches"

Share

descriptionRe: Browser hijacked "Do Searches"

more_horiz
Here is the MBAM:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Έκδοση βάσης δεδομένων: v2013.10.13.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Vlad&Luciferia :: USER-HQAI7P9NL5 [διαχειριστής]

18/10/2013 10:11:19 μμ
mbam-log-2013-10-18 (22-11-19).txt

Τύπος σάρωσης: Πλήρης σάρωση (C:\|)
Ενεργοποιημένες επιλογές σάρωσης: Μνήμη | Εκκίνηση | Μητρώο | Σύστημα αρχείων | Ευρετική μέθοδος/Extra | Ευρετική μέθοδος/Shuriken | PUP | PUM
Απενεργοποιημένες επιλογές σάρωσης: P2P
Αντικείμενα που σαρώθηκαν: 232059
Χρόνος που έχει διανυθεί: 32 λεπτό(ά), 2 δευτερόλεπτο(α)

Εντοπίστηκαν διεργασίες στη μνήμη: 0
(Δεν εντοπίστηκαν επιβλαβή αντικείμενα)

Εντοπίστηκαν στοιχεία στη μνήμη: 0
(Δεν εντοπίστηκαν επιβλαβή αντικείμενα)

Εντοπίστηκαν κλειδιά στο μητρώο: 0
(Δεν εντοπίστηκαν επιβλαβή αντικείμενα)

Εντοπίστηκαν τιμές στο μητρώο: 0
(Δεν εντοπίστηκαν επιβλαβή αντικείμενα)

Εντοπίστηκαν αντικείμενα δεδομένων στο μητρώο: 0
(Δεν εντοπίστηκαν επιβλαβή αντικείμενα)

Εντοπίστηκαν φάκελοι: 0
(Δεν εντοπίστηκαν επιβλαβή αντικείμενα)

Εντοπίστηκαν αρχεία: 0
(Δεν εντοπίστηκαν επιβλαβή αντικείμενα)

(τέλος)

descriptionRe: Browser hijacked "Do Searches"

more_horiz
I think that those are weird, what do you think :

descriptionRe: Browser hijacked "Do Searches"

more_horiz
You can try stopping those suspicious processes one at a time and see if it helps.

Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
*********************************************
I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan

•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.

•Check
•Click the button.
•Accept any security warnings from your browser.

  • Leave the check mark next to Remove found threats.

•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

descriptionRe: Browser hijacked "Do Searches"

more_horiz
I don't know why, but as I said on my previous posts, security check cannot run as it should and I get some kind of error inside the program saying "Could not locate the disk path"...


Eset:
C:\AdwCleaner\Quarantine\C\Documents and Settings\VLAD&L~1\LOCALS~1\Temp\eIntaller\A77CB00929914442BD038C99765B0F83\eGdpSvc.exe.vir a variant of Win32/ELEX.S application cleaned by deleting - quarantined
C:\Documents and Settings\Vlad&Luciferia\?? ??????? ???\Downloads\Windows XP Pro SP3, Activated, +genuine, +sata, (July 2013)\Windows_XP_Pro_SP3_activated.iso a variant of Win32/HackTool.WpaKill.E application deleted - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Vlad&Luciferia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fcgmehbfdnnenigpjeloaghefejfanka\1.6\zYiVoyT.js.vir Win32/Adware.MultiPlug.H application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Vlad&Luciferia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\iibljhbgeihagednfcefiohkkhlebafm\1.0\8OlTFzsklOl.js.vir Win32/Adware.MultiPlug.H application cleaned by deleting - quarantined
C:\System Volume Information\_restore{233CA534-2ECC-468B-9319-1BCF517C9EE4}\RP75\A0014268.exe Win32/SProtector.B application cleaned by deleting - quarantined
C:\System Volume Information\_restore{233CA534-2ECC-468B-9319-1BCF517C9EE4}\RP77\A0014337.exe a variant of Win32/Adware.SpeedingUpMyPC.C application cleaned by deleting - quarantined
C:\System Volume Information\_restore{233CA534-2ECC-468B-9319-1BCF517C9EE4}\RP77\A0014341.exe a variant of Win32/SpeedingUpMyPC application deleted - quarantined
C:\System Volume Information\_restore{233CA534-2ECC-468B-9319-1BCF517C9EE4}\RP84\A0014832.exe Win32/SProtector.B application cleaned by deleting - quarantined

descriptionRe: Browser hijacked "Do Searches"

more_horiz
Virus still exists... Sad tearing

descriptionRe: Browser hijacked "Do Searches"

more_horiz
security check cannot run as it should and I get some kind of error inside the program saying "Could not locate the disk path"...
Are you downloading the program directly to your computer or are you trying to run it from a CD?

* Go to Start > Run and type mrt.exe then press Enter on the keyboard).
* (Vista and Windows 7 users go to Start and type mrt.exe in the search box then press Enter on the keyboard.
* Click Next.
* Choose Full Scan and click Next.
* Once the scan is finished click View detailed results of the scan.

Look through the list and let me know if anything was found infected.

descriptionRe: Browser hijacked "Do Searches"

more_horiz
I download the program and run it, no use of a cd..
I did what you said above and here is the result:

The above error says "Windows could not locate mrt.exe Make sure you typed correct the name and try later.

descriptionRe: Browser hijacked "Do Searches"

more_horiz
You can download and install MRT here.

descriptionRe: Browser hijacked "Do Searches"

more_horiz
With mrt all is good, no infection found

descriptionRe: Browser hijacked "Do Searches"

more_horiz
Vladimir wrote:
With mrt all is good, no infection found
I need to know what Av you're using?

descriptionRe: Browser hijacked "Do Searches"

more_horiz
I do not use any real time antivirus, I only scan my pc with MBAM and superantispyware.

descriptionRe: Browser hijacked "Do Searches"

more_horiz
I do not use any real time antivirus, I only scan my pc with MBAM and superantispyware
That is not a very good idea. You can check your Add-ons in your browsers to see if there are any add-ons that could be causing that problem. I will cease help you with this problem until you install and activate one of these AV programs. I recommend MicroSoft Security Essentials.

Remember to only install one antivirus!

1) Avast! Home Edition
2) AVG Free Edition
3) Avira AntiVir Personal
4) MicroSoft Security Essentials  All versions and all languages.
5) Comodo Antivirus (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one)
6) PC Tools AntiVirus Free Edition

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.

descriptionRe: Browser hijacked "Do Searches"

more_horiz
I download and install Comodo. What next? I do not use microsoft security essentials because of my windows beeing a cracked version..

descriptionRe: Browser hijacked "Do Searches"

more_horiz
I checked my add-ons in my browser and all is ok, I do not have any unwanted add-on installed.. And virus is still active :/
We reached the limit? We cannot do sth else?

descriptionRe: Browser hijacked "Do Searches"

more_horiz
Here is the troublesome virus that hijacks my browsers
[/URL]

Permissions in this forum:
You cannot reply to topics in this forum