PDA

View Full Version : Redirects, Worms, Trojans, Unknown Possible Virus'...



Ridacumondo
2009-06-15, 23:14
So.. My little Prince of a computer has long been known to be clogged with sadists little love-joy's, recently it began to express vast wrongness in it its browser orientation. Constant redirects between Google of the Mozilla variety and its searches were common between ave99.com, shopica.com, toseeka.com, etc etc.

This problem was not fixed by Malware-Bytes... it was not fixed by Spyware Doctor..Spybot effectively searched... and its destruction took forever but eventually a virtumonde.dll/sci/dat/blah blah blah was remove.. amongst others. Alas, the redirections were still occurring.. FixVundu.. which I used before Spybot.. did not find a vundu... and yet spybot.. were certain there was one.. Iffy, potentially!


Now a while back I ran RegCure... which apparently you say is reduced in practicality ideal thing action to make... so that could have done something...

CCleaner.. removed a million and a half cookies.. but that was about all...and SpywareBlaster did nothing.. at all..

ESET something or other Online Scanner... produced this... txt file:

C:\Spyware Doctor 3.2.2.417 for Windows.zip multiple threats deleted - quarantined
C:\Documents and Settings\Jes\Application Data\Google\Local Search History\fbabj0 probably a variant of Win32/TrojanDownloader.Agent trojan cleaned by deleting - quarantined
C:\Documents and Settings\Jes\Application Data\Google\Local Search History\ptnmsn64 a variant of Win32/TrojanDownloader.FakeAlert.YR trojan cleaned by deleting - quarantined
C:\Documents and Settings\Jes\Desktop\frostwire-4.17.0.windows.exe a variant of Win32/AdInstaller application deleted - quarantined
C:\Documents and Settings\Jes\Desktop\HexalotSetup-dm.exe Win32/Adware.Trymedia application cleaned by deleting - quarantined
C:\Downloads\PrimeSuspectsGENSetup-dm[1].exe Win32/Adware.Trymedia application cleaned by deleting - quarantined
C:\Program Files\AMT\AmtSetup.exe probably a variant of Win32/Spy.Agent trojan cleaned by deleting - quarantined
C:\Program Files\Mozilla Firefox\a.exe a variant of Win32/Kryptik.OG trojan cleaned by deleting - quarantined
C:\Program Files\MyEmoticons\uninstall.exe probably a variant of Win32/VB trojan cleaned by deleting - quarantined
C:\Program Files\podmena\podmena.dll Win32/Tinxy.AF trojan cleaned by deleting (after the next restart) - quarantined
C:\Program Files\podmena\podmena.sys Win32/Tinxy.AF trojan cleaned by deleting - quarantined
C:\Spyware Doctor 3.2.2.417 for Windows\Spyware Doctor 3.2.2.417 for Windows\Crack\swdoctor.exe probably unknown NewHeur_PE virus deleted - quarantined
C:\WINDOWS\freddy46.exe probably a variant of Win32/Koobface.NBG worm cleaned by deleting - quarantined
C:\WINDOWS\ld09.exe a variant of Win32/Koobface.NBQ worm cleaned by deleting - quarantined
C:\WINDOWS\mstre19.exe a variant of Win32/Koobface.NBQ worm cleaned by deleting - quarantined
C:\WINDOWS\SYSTEM32\zedozugu.exe a variant of Win32/Koobface.NBQ worm cleaned by deleting - quarantined


and apparently it claims that have removed my whore status as a PC User.. but I am not tech-savvy and do not know what to do next..as I did not run anything in safe mode.. and was web surfing at the same time the scan was going on for... I have not made a new system restore point.. nor deleting old one's with disc cleanup.


Also I recently upgrade AVG 8.5 and have no idea how to run it.. or how to scan my music files to see if they contain virus'.. as I always turn off my firewall because it stop downloading all together...



PLEASE RECOVER MY MESS WITH ME!
http://forums.spybot.info/showthread.php?t=49386

tashi
2009-06-16, 02:17
Hello Ridacumondo,

Please follow the instructions in this link to produce a HJT log: "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)
Then start a new topic, copy paste the log into it and one of our volunteer analysts will advise you as soon as available.

Regards.