Click.giftLoad

[redcar92]

Hello Jason
Great day here, hope yours is getting better.

Please do the following:
Please download Malwarebytes from Here or Here

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform quick scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected .
• When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
• Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

Post the report and also a new HJT log please

Next
Please use Internet Explorer to download and run the following scan: Eset Online Scanner

• Place a check mark in the box YES, I accept the Terms Of Use
• Click the Start button.
• Now click the Install button.
• Click Start. The scanner engine will initialize and update.
• Do Not place a check mark in the box beside Remove found threats.
• Click the Scan button. The scan will now run, please be patient.
• When the scan finishes click on List of found threats.
• Click Export to text file
• Copy and paste the contents of the C:\Program Files\ESET\log.txt into your next reply.

Logs to post:

• mbam.txt
• Eset report
• Please let me know how your PC is behaving now.

[jason2]

Hello

Below is the Malwarebytes' log. Is a HJT log created by HijackThis? You haven't instructed me to download or run this... or do you mean a DDS log?

Thanks,

Jason


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6568

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

5/13/2011 11:56:08 AM
mbam-log-2011-05-13 (11-56-08).txt

Scan type: Quick scan
Objects scanned: 192633
Time elapsed: 3 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\MSVolume.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

[redcar92]

My mistake, don't worry about HJT log that should not be there.
Apologies,
Bill
In Training at WTT Classroom

[jason2]

Ok, that's fine. Here's the Eset log:

C:\Qoobox\Quarantine\C\Documents and Settings\Owner.ME-SMA9H3N14HJC\Application Data\Adobe\plugs\KB935913343.exe.vir Win32/TrojanDownloader.Agent.QBO trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Owner.ME-SMA9H3N14HJC\Application Data\Adobe\plugs\KB935913625.exe.vir Win32/TrojanDropper.Agent.PEY trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Owner.ME-SMA9H3N14HJC\Application Data\Adobe\plugs\KB935913640.exe.vir Win32/TrojanDownloader.Agent.QBO trojan
C:\Qoobox\Quarantine\C\Program Files\HP\HP Software Update\HPWuSchd2.exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\Java\jre1.6.0_03\bin\jusched.exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\WINDOWS\Fonts\hGTkQBi4.com.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{1BE98D19-641F-4F03-A88C-F5C63C5AC0FA}\RP1935\A0155894.exe Win32/TrojanDownloader.Agent.QBO trojan
C:\System Volume Information\_restore{1BE98D19-641F-4F03-A88C-F5C63C5AC0FA}\RP1935\A0155895.exe Win32/TrojanDropper.Agent.PEY trojan
C:\System Volume Information\_restore{1BE98D19-641F-4F03-A88C-F5C63C5AC0FA}\RP1935\A0155896.exe Win32/TrojanDownloader.Agent.QBO trojan
C:\System Volume Information\_restore{1BE98D19-641F-4F03-A88C-F5C63C5AC0FA}\RP1935\A0155898.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{1BE98D19-641F-4F03-A88C-F5C63C5AC0FA}\RP1935\A0155899.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{1BE98D19-641F-4F03-A88C-F5C63C5AC0FA}\RP1935\A0155900.com Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{1BE98D19-641F-4F03-A88C-F5C63C5AC0FA}\RP1938\A0155996.exe Win32/TrojanDownloader.Unruy.BN trojan


The computer is running much better. Back up to speed when online and I no longer get redirects. I am also able to visit anti-virus/malware sites.

Thanks for your continued help

Jason

[redcar92]

Good news Jason,
Congratulations, your logs look all clean and you indicate that your system is running as expected.

Those items in ESET are isolated where they can do no harm, they will be removed shortly. But first:

Please download ATF Cleaner by Atribune to your desktop.

• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All
• Click the Empty Selected button.

Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up
Please note: If you use online banking or are registered online with any other organizations, ensure you have memorized password and other personal information as removing cookies will temporarily disable the auto-login facility.



Next
Your Java appears to be down level.
Navigate to Control Panel then open on Programs and Features.
Highlight eachJava then click on Uninstall in tool bar.
Visit this site to down load and install the latest Java.

Next
Your Adobe appears to be down level
Please visit this site http://www.adobe.com/downloads] Click on the Adobe Reader icon on the right side and you will be presented with the correct Adobe for your system.
Down load and install this Adobe please.

Next
I see that you have IE6 on your PC. You need to visit http://www.microsoft.com/downloads/e...3-08cdecd8852b to download and install IE8. IE8 is far more secure than IE6 or 7. You may not use IE as a browser but you PC uses for updates and it should be as secure as possible.

Next
I notice that you do not have any Anti-Virus program installed on your PC. Here is a list of 3, free, and good AVs. In order to provide maximum protection against virus and spyware you should select and install only one of them.
AVG
AVAST
AVIRA

Next
The following will implement some cleanup procedures as well as reset System Restore points it will also remove the infections seen in ESET:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

Next
To remove DDS, on your desktop right click on DDS.exe the click on delete. Do the same for DDS.txt, attach.txt and attach.zip
To remove aswMBR, on your desktop right click on aswMBR.exe the click on delete. Do the same for aswMBR.txt

You should keep ATF, Malwarebytes and ESET. Update and run them periodically to keep your system clean.

Here are some tips to reduce the potential for spyware infection in the future:

1. Make your Internet Explorer More Secure

• From within Internet Explorer click on the Tools menu and then click on Options.
• Click once on the Security tab.
• Click once on the Internet icon so it becomes highlighted.
• Click once on the Custom Level button.
  
  
  • Change the Download signed ActiveX controls to Prompt.
  • Change the Download unsigned ActiveX controls to Disable.
  • Change the Initialise and script ActiveX controls not marked as safe to Disable.
  • Change the Installation of desktop items to Prompt.
  • Change the Launching programs and files in an IFRAME to Prompt.
  • Change the Navigate sub-frames across different domains to Prompt.
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  
  
• Next press the Apply button and then the OK to exit the Internet Properties page.

2. Update your Anti-Virus Software - I can not overemphasize the need for you to update your Anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.

3. Make sure you keep your Windows OS current by visiting Windows update regularly to download and install any critical updates and service packs. Without these you are leaving the back door open.

4. Consider a custom hosts file such as MVPS HOSTS. This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
For information on how to download and install, please read this tutorial by WinHelp2002
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.

5. Download and install the free version of WinPatrol. This program protects your computer in a variety of ways and will work well with your existing security software. Have a look at this tutorial to help you get started with the program.

6. Install Spybot - Search and Destroy - Download and install Spybot - Search and Destroy with its TeaTimer option. This will provide real time spyware and hijacker protection on your computer alongside your virus protection. You should scan your computer with the program on a regular basis just as you would with your anti-virus software. A tutorial on installing and using this product can be found here:
Instructions for - Spybot S & D and Ad-aware

7. Finally, I strongly recommend that you read TonyKlein's good advice So how did I get infected in the first place?

If you have any questions or outstanding problems please let me know, otherwise this thread will close in a few days.

Thanks for all of your hard work and patience.

[jason2]

Thanks again for your generous help! I'm making my way through your list of tips and will make a donation as well.

Hope your day goes well,

Jason

[redcar92]

Thank you for the kind words. If you have no more questions or issues this thread will close in a few days.