Getting redirected frequently

[Moonbaby312]

And what are some other signs of a rogue partition infection?

[ken545]

Great,

Go ahead and try running Malwarebytes normally, make sure you check for updates first, if a no go than try Chameleon

[Moonbaby312]

Okay, MBAM froze up halfway through again, so I was forced to run Chameleon. Chameleon worked and caused MBAM to complete a scan. It found a trojan, I removed it within MBAM, and MBAM prompted me to restart the computer. Below is the log.

(It says no action taken on the file, because I performed the deletion action after saving the log.)

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.06.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Owner :: OWNER-PC [administrator]

10/6/2012 8:14:44 PM
mbam-log-2012-10-06 (20-33-59).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 218312
Time elapsed: 18 minute(s), 43 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\$RECYCLE.BIN\S-1-5-21-1305488097-3109156302-1678457371-1000\$RFCQCVT.exe (Trojan.Zbot) -> No action taken.

(end)

[ken545]

Hi,

Even though you say the redirects are gone, have a read here
http://www.f-secure.com/v-descs/troj...w32_zbot.shtml
http://www.anvisoft.com/wiki/how-to-...ojan-zbot.html

These backdoor trojans are capable of many things from stealing credit card numbers, Bank account numbers, log on info for different sites and downloading other bad programs, I would strongly urge you to change all your passwords that you use especially for online shopping and banking.


What Malwarebytes found was in the recycle bin, it may have been the trojan that was removed with the malicious software removal tool that you mentioned, wouldnt hurt to flush out your recycle bin in case there is any more garbage in there.


Lets make sure there is no more to remove


Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
• See this Link for programs that need to be disabled and instruction on how to disable them.
• Remember to re-enable them when we're done.
  
  
• Double click on ComboFix.exe & follow the prompts.
  
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

[Moonbaby312]

Thanks for the input. I'll do this step tomorrow or the day after tomorrow, time permitting.

[Moonbaby312]

Hello Ken. I wanted to apologize for the long delay. I still haven't had time to run combofix, mainly due to me being sick for the past few days. I will probably get it done this weekend though.

Thanks for the patience.

[ken545]

Due to inactivity, this thread will now be closed.

If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a new DDS log with a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.