WiredWX Hobby Weather ToolsLog in

 


Browser is redirecting - AntiVirus Trigger?

3 posters

descriptionSolvedRe: Browser is redirecting - AntiVirus Trigger?

more_horiz
I see it was hooked up when CF was run.

Once we clean these leftovers, we need to protect the drives again, so DO NOT surf the net until we are done here.

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs if present.

  • AVG8



Now open a new notepad file.
Input this into the notepad file:

KILLALL::

Driver::
navigator
deebn

File::
C:\diopero.exe
c:\windows\Tasks\durwbwtc.job
c:\windows\fd.dll
c:\documents and settings\HP_Administrator\S87ekhV.exe

Folder::
C:\_OTMoveIt
c:\program files\AVG
c:\documents and settings\HP_Administrator\Application Data\AVGTOOLBAR
c:\documents and settings\All Users\Application Data\avg8

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{173ffb8a-d0af-11dd-8965-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d2663234-d0af-11dd-bf98-806d6172696f}]
[-HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msqpdxserv.sys]


Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:
Browser is redirecting - AntiVirus Trigger? - Page 2 Sfxdaw

This will open combofix.exe again, agree to it's terms and allow it to run, it may want to reboot after it's done. Post the resulting log back here.

descriptionSolvedRe: Browser is redirecting - AntiVirus Trigger?

more_horiz
Part 1

ComboFix 08-12-24.01 - HP_Administrator 2008-12-25 9:50:49.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.959.587 [GMT -5:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\HP_Administrator\Desktop\CFscript.txt
* Created a new restore point

FILE ::
C:\diopero.exe
c:\documents and settings\HP_Administrator\S87ekhV.exe
c:\windows\fd.dll
c:\windows\Tasks\durwbwtc.job
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\_OTMoveIt
c:\_otmoveit\MovedFiles\12242008_215010.log
c:\_otmoveit\MovedFiles\12242008_215010.res
c:\_otmoveit\MovedFiles\12242008_215010\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\_hphtra07.log
c:\_otmoveit\MovedFiles\12242008_215010\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\hpodvd09.log
c:\_otmoveit\MovedFiles\12242008_215010\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll
c:\_otmoveit\MovedFiles\12242008_215010\WINDOWS\temp\Perflib_Perfdata_c80.dat
C:\diopero.exe
c:\documents and settings\All Users\Application Data\avg8
c:\documents and settings\All Users\Application Data\avg8\AvgAm\avgam.lck
c:\documents and settings\All Users\Application Data\avg8\dumps\avgscanx.exe_128746305608281250.dmp
c:\documents and settings\All Users\Application Data\avg8\dumps\avgwdsvc.exe_128746315134843750.dmp
c:\documents and settings\All Users\Application Data\avg8\Log\avgam.log
c:\documents and settings\All Users\Application Data\avg8\Log\avgcore.log
c:\documents and settings\All Users\Application Data\avg8\Log\avgcore.log.1
c:\documents and settings\All Users\Application Data\avg8\Log\avgcore.log.3
c:\documents and settings\All Users\Application Data\avg8\Log\avgcore.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avgns.log
c:\documents and settings\All Users\Application Data\avg8\Log\avgrs.log
c:\documents and settings\All Users\Application Data\avg8\Log\history.xml
c:\documents and settings\HP_Administrator\Application Data\AVGTOOLBAR
c:\documents and settings\HP_Administrator\S87ekhV.exe
c:\program files\AVG
c:\program files\AVG\AVG8\dfncfg.dat.install_backup
c:\windows\fd.dll
c:\windows\Tasks\durwbwtc.job

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NAVIGATOR
-------\Service_deebn
-------\Service_navigator


((((((((((((((((((((((((( Files Created from 2008-11-25 to 2008-12-25 )))))))))))))))))))))))))))))))
.

2008-12-25 09:31 . c:\windows\LastGood.Tmp
2008-12-25 09:25 . 2008-12-25 09:26 1,393 --a------ c:\windows\imsins.BAK
2008-12-25 09:16 . 2008-12-25 09:15 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-25 09:16 . 2008-12-25 09:15 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-12-24 21:13 . 2008-12-24 21:13 d-------- C:\Trend Micro
2008-12-24 19:16 . 2008-12-24 19:16 d-------- c:\program files\Avira
2008-12-24 19:16 . 2008-12-24 19:16 d-------- c:\documents and settings\All Users\Application Data\Avira
2008-12-24 03:03 . 2008-12-24 03:03 d-------- c:\program files\Lavasoft
2008-12-24 03:03 . 2008-12-24 03:03 d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-24 02:31 . 2008-12-24 02:31 d-------- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes
2008-12-24 02:19 . 2008-12-24 02:19 d-------- c:\program files\Spybot - Search & Destroy
2008-12-24 02:19 . 2008-12-24 18:26 d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-24 02:18 . 2008-12-24 02:18 d-------- c:\program files\CCleaner
2008-12-24 02:05 . 2008-12-24 02:05 d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-24 01:58 . 2008-12-24 01:58 d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-24 01:58 . 2008-12-24 01:58 d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-24 01:58 . 2008-12-24 01:58 d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
2008-12-24 01:58 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-24 01:58 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-24 00:55 . 2008-12-24 00:55 d-------- c:\documents and settings\Administrator\Application Data\HPQ
2008-12-24 00:53 . 2008-12-24 00:53 d-------- c:\documents and settings\Administrator\Application Data\Webroot
2008-12-24 00:19 . 2008-12-24 00:19 d-------- c:\documents and settings\All Users\Application Data\TEMP
2008-12-23 12:32 . 2008-12-23 12:32 d---s---- c:\documents and settings\HP_Administrator\UserData
2008-12-23 07:11 . 2008-12-23 07:24 d-------- c:\windows\system32\CatRoot_bak
2008-12-23 00:09 . 2004-08-04 02:08 31,616 --------- c:\windows\system32\drivers\usbccgp.sys
2008-12-23 00:09 . 2004-08-04 02:01 25,856 --------- c:\windows\system32\drivers\usbprint.sys
2008-12-22 22:49 . 2008-12-25 09:26 d-------- c:\windows\system32\dllcache
2008-12-22 21:57 . 2005-05-10 20:49 37,376 --------- c:\windows\system32\hpz3l3xu.dll
2008-12-22 21:55 . 2007-08-12 13:47 79,368 --------- c:\windows\hpfins05.dat.temp
2008-12-22 21:55 . 2005-07-15 17:15 1,350 --------- c:\windows\hpfmdl05.dat.temp
2008-12-22 21:54 . 2005-04-27 20:38 372,736 --------- c:\windows\system32\hpzidi01.dll
2008-12-22 21:54 . 2005-04-27 20:37 77,824 --------- c:\windows\system32\hpzids01.dll
2008-12-22 21:16 . 2008-12-22 21:16 1,931 --------- c:\windows\system32\drivers\103C_HP_CPC_EL470AA-ABA A1340N_YC_0Pavi_QMXK604_E61NAemMPC2_48_IAsterope_SHewleet-Packard_V1.0_B3.05_T051202_WXP2_L409_M960_J320_7Intel_8Pentium 4_93.2_#070805_N10EC8139_Z11C10620_G10025A61.MRK
2008-12-22 21:13 . 2005-12-27 15:57 d-------- c:\documents and settings\HP_Administrator\WINDOWS
2008-12-22 21:13 . 2008-12-22 21:18 d-------- c:\documents and settings\HP_Administrator\Application Data\Symantec
2008-12-22 21:13 . 2008-12-22 21:17 d-------- c:\documents and settings\HP_Administrator\Application Data\Intuit
2008-12-22 21:13 . 2008-12-22 21:17 d-------- c:\documents and settings\HP_Administrator\Application Data\Digital Interactive Systems Corporation
2008-12-22 21:13 . 2008-12-25 09:51 d-------- c:\documents and settings\HP_Administrator
2008-12-22 21:12 . 2005-12-27 15:57 d-------- c:\windows\system32\config\systemprofile\WINDOWS
2008-12-22 21:12 . 2005-12-27 16:16 d-------- c:\windows\system32\config\systemprofile\Application Data\Symantec
2008-12-22 21:12 . 2005-12-27 15:59 d-------- c:\windows\system32\config\systemprofile\Application Data\Intuit
2008-12-22 21:12 . 2005-12-27 15:43 d-------- c:\windows\system32\config\systemprofile\Application Data\Digital Interactive Systems Corporation
2008-12-22 18:44 . 2008-12-24 19:50 d-------- c:\program files\Smart-Shopper
2008-12-22 18:44 . 2008-12-24 19:50 d-------- c:\program files\Seekeen
2008-12-22 18:44 . 2008-12-24 02:54 d-------- c:\program files\Free Offers from Freeze.com
2008-12-22 18:44 . 2008-12-22 18:46 d-------- c:\documents and settings\HP_Administrator\Application Data\Smart-Shopper

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-25 14:18 --------- d-----w c:\program files\Java
2008-12-25 02:52 --------- d-----w c:\program files\Symantec
2008-12-25 02:44 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-12-25 02:30 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2008-12-23 17:30 --------- d-----w c:\program files\PartyGaming
2008-12-23 03:58 --------- d-----w c:\program files\PC-Doctor 5 for Windows
2008-12-22 23:44 --------- d-----w c:\program files\Freeze.com
2008-12-11 08:06 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-09 03:55 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\Corel
2008-11-11 00:51 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\Move Networks
2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 13:01 283,648 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-16 22:13 202,776 ------w c:\windows\system32\wuweb.dll
2008-10-16 22:13 1,809,944 ------w c:\windows\system32\wuaueng.dll
2008-10-16 22:12 561,688 ------w c:\windows\system32\wuapi.dll
2008-10-16 22:12 323,608 ------w c:\windows\system32\wucltui.dll
2008-10-16 22:09 92,696 ------w c:\windows\system32\cdm.dll
2008-10-16 22:09 51,224 ------w c:\windows\system32\wuauclt.exe
2008-10-16 22:09 43,544 ------w c:\windows\system32\wups2.dll
2008-10-16 22:08 34,328 ------w c:\windows\system32\wups.dll
2008-10-16 22:08 34,328 ------w c:\windows\system32\dllcache\wups.dll
2008-10-15 16:57 332,800 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-03 10:15 247,326 ------w c:\windows\system32\strmdll.dll
2008-10-03 10:15 247,326 ------w c:\windows\system32\dllcache\strmdll.dll
2008-09-30 21:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-06-24 00:27 2,028 ------w c:\program files\Blake.Christine.p12
2008-06-18 02:51 39,001,600 ------w c:\program files\SnoodDeluxe.msi
2008-11-28 04:17 67,696 ------w c:\program files\mozilla firefox\components\jar50.dll
2008-11-28 04:17 54,376 ------w c:\program files\mozilla firefox\components\jsd3250.dll
2008-11-28 04:17 34,952 ------w c:\program files\mozilla firefox\components\myspell.dll
2008-11-28 04:17 46,720 ------w c:\program files\mozilla firefox\components\spellchk.dll
2008-11-28 04:17 172,144 ------w c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((( snapshot@2008-12-25_ 9.33.53.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-21 01:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
+ 2008-12-25 14:53:43 16,384 ----atw c:\windows\temp\Perflib_Perfdata_848.dat
+ 2008-12-25 14:54:16 16,384 ----atw c:\windows\temp\Perflib_Perfdata_d4c.dat
.

descriptionSolvedRe: Browser is redirecting - AntiVirus Trigger?

more_horiz
PART 2

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"DISCover"="c:\program files\DISC\DISCover.exe" [2005-09-27 1060864]
"DiscUpdateManager"="c:\program files\DISC\DiscUpdateMgr.exe" [2005-09-27 61440]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-09-21 1605740]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 49152]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-25 136600]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 c:\windows\arpwrmsg.exe]

c:\documents and settings\MCX1\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-12-27 27136]

c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Extender Resource Monitor.lnk - c:\windows\ehome\RMSysTry.exe [2005-10-20 18432]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 282624]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-02-20 282624]
KODAK Software Updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 16423]
Updates from HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2005-12-27 36903]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpSvc.exe"=
"c:\\WINDOWS\\arservice.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

.
Contents of the 'Scheduled Tasks' folder

2008-12-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]

2008-12-23 c:\windows\Tasks\Easy Internet Sign-up.job
- c:\program files\Hewlett-Packard\SDP\HPSdpApp.exe [2005-09-08 22:23]

2008-12-14 c:\windows\Tasks\EasyShare Registration Task.job
- c:\windows\system32\rundll32.exe [2004-08-10 07:00]

2008-12-20 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - HP_Administrator.job
- c:\progra~1\NORTON~1\Navw32.exe [2006-09-07 00:38]

2008-12-25 c:\windows\Tasks\PCConfidential.job
- c:\program files\Winferno\PC Confidential\PCConfidential.exe []

2008-12-22 c:\windows\Tasks\wrSpySweeper_L2161AAF8B1474C36923AAD0BB24E16F2.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2007-07-19 21:54]

2008-12-22 c:\windows\Tasks\wrSpySweeper_L2161AAF8B1474C36923AAD0BB24E16F2.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2007-07-19 21:54]

2008-12-22 c:\windows\Tasks\wrSpySweeper_L2161AAF8B1474C36923AAD0BB24E16F2.job
- c:\","d:\","e:\","f:\","g:\","h:\","i:\","j:\","K:\" []

2008-12-22 c:\windows\Tasks\wrSpySweeper_L460ACE2D27ED4B848A79461E6646C160.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2007-07-19 21:54]

2008-12-22 c:\windows\Tasks\wrSpySweeper_L460ACE2D27ED4B848A79461E6646C160.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2007-07-19 21:54]

2008-12-22 c:\windows\Tasks\wrSpySweeper_L460ACE2D27ED4B848A79461E6646C160.job
- c:\","d:\","e:\","f:\","g:\","h:\","i:\","j:\","K:\" []
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://hp-desktop.aol.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-25 09:53:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(756)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\windows\arservice.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\HPZipm12.exe
c:\windows\ehome\ehmsas.exe
c:\program files\DISC\DiscStreamHub.exe
c:\hp\KBD\kbd.exe
c:\windows\RTHDCPL.EXE
c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
.
**************************************************************************
.
Completion time: 2008-12-25 9:56:25 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-25 14:56:22
ComboFix2.txt 2008-12-25 14:34:33

Pre-Run: 290,913,579,008 bytes free
Post-Run: 290,845,229,056 bytes free

269 --- E O F --- 2008-12-25 14:26:37

descriptionSolvedRe: Browser is redirecting - AntiVirus Trigger?

more_horiz
Delete this folder in bold:
C:\Qoobox

Please download Flash_Disinfector from HERE

  • First, download it to your desktop.
  • Now double click it to run it and will tell it you what to do when you open it.
  • It will temporarily kill explorer.exe and your desktop will go blank.
  • Let Flash_Disinfector do it's job and it will restart explorer.exe for you.
  • It will make a dummy autorun.inf in the root of every drive.
  • You can now delete Flash_Disinfector.exe.


Still getting re-directs?

descriptionSolvedRe: Browser is redirecting - AntiVirus Trigger?

more_horiz
No more redirects, thank you very, very much. Merry Christmas to you and yours!

descriptionSolvedRe: Browser is redirecting - AntiVirus Trigger?

more_horiz
We need to make a new restore point.

To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

Now we need to make a new restore point.
To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (To turn on System Restore), and then click OK.

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers. Goofy

1) Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
https://addons.mozilla.org/en-US/firefox/addon/722
https://addons.mozilla.org/en-US/firefox/addon/1865

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

5) Finally, consider maintaining a firewall. Some good free firewalls are Kerio, or
Outpost
A tutorial on understanding and using firewalls may be found here.

Please also read Tony Klein's excellent article: How I got Infected in the First Place

Hopefully this should take care of your problems! Good luck. Big Grin

descriptionSolvedRe: Browser is redirecting - AntiVirus Trigger?

more_horiz
Since this issue is resolved, this topic is closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else, please open a new topic for your questions.

descriptionSolvedRe: Browser is redirecting - AntiVirus Trigger?

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum