Macattak1
2011-04-04, 08:00
Greetings, my dear wife was searching for food info on some TGIF salads. She got the popup junk, but it was way to fast for her. So she just
turned off the PC. Anyway, it will not boot now.
In trying to figure this out, I got it also. I backed up my files, but my PC is now infected as well.
So, starting with the working PC. When I was screwing around, and of course you know what I mean (looking for info on it, finding nothing as
I did not know what it was, doing the search she did and finding the virus. :)
Basically, I can not do a search anymore as any search result is likely to take me anywhere.
-My Avira, which I updated before I played with fire, caught this malware and quarantined it.
JAVA/Dldr.Agent.Y
JAVA/Formduce.A
However, I still got infected and will not actually find it and clean it since that one time. Guessing that it caught what wanted to install
something, but the something is still there.
-Updated SB and Scanned. Found Click.GiftLoad, and fixed it, and immunized it, but still having same issue.
-Used CC but maybe just some Reg entries removed.
-downloaded Eset online scanner tool, but nothing.
-Checked out PCTweaker antimalware? Found things, supposedly fixed them, then found more, fixed, more, fixed. Uninstalled.
-Went to Cnet to see about best rated and most rated Malware SW.
-Tried MalwareByte's AntiMallware. First time it found 4 files and removed them. But since then nothing.
So at this point. Scans show nothing unless I do a search, get redirected, and Alt+F4 out. Then SBSD will find Click.GiftLoad again.
-Avira scan always shows 1 Hidden file, but may not be related at all???
-Followed the Before You Post thread and not sure if I was supposed to SBSD scan, copy what I find and THEN go into advance and turn off
-TT, Reboot, and Scan again. What I posted was the former. If this is incorrect let me know and I will edit and put in post clipboard.
-If I vomited too much info let me know and I will edit/del any info you dont need.
Thanks Much!
Peace and Blessings
DDS file
SBSD pre TT off scan
Sorry, long day trying to get this cleared up on at least one machine.
Attach.zip
Here is SBSD post TT off and reboot.
Click.GiftLoad: [SBI $89783858] User settings (Registry value, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\featurecontrol\FEATURE_BROWSER_EMULATION\svchost.exe
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-03-14 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2011-03-18 Includes\Adware.sbi (*)
2011-03-22 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2011-03-08 Includes\DialerC.sbi (*)
2011-02-24 Includes\HeavyDuty.sbi (*)
2011-03-29 Includes\Hijackers.sbi (*)
2011-03-29 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2010-12-14 Includes\Keyloggers.sbi (*)
2011-03-08 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2011-03-29 Includes\Malware.sbi (*)
2011-03-29 Includes\MalwareC.sbi (*)
2011-02-24 Includes\PUPS.sbi (*)
2011-03-15 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2011-03-08 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2011-02-24 Includes\Spyware.sbi (*)
2011-03-15 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2010-12-28 Includes\Trojans.sbi (*)
2011-03-25 Includes\TrojansC-02.sbi (*)
2011-03-29 Includes\TrojansC-03.sbi (*)
2011-03-08 Includes\TrojansC-04.sbi (*)
2011-03-29 Includes\TrojansC-05.sbi (*)
2011-03-08 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
turned off the PC. Anyway, it will not boot now.
In trying to figure this out, I got it also. I backed up my files, but my PC is now infected as well.
So, starting with the working PC. When I was screwing around, and of course you know what I mean (looking for info on it, finding nothing as
I did not know what it was, doing the search she did and finding the virus. :)
Basically, I can not do a search anymore as any search result is likely to take me anywhere.
-My Avira, which I updated before I played with fire, caught this malware and quarantined it.
JAVA/Dldr.Agent.Y
JAVA/Formduce.A
However, I still got infected and will not actually find it and clean it since that one time. Guessing that it caught what wanted to install
something, but the something is still there.
-Updated SB and Scanned. Found Click.GiftLoad, and fixed it, and immunized it, but still having same issue.
-Used CC but maybe just some Reg entries removed.
-downloaded Eset online scanner tool, but nothing.
-Checked out PCTweaker antimalware? Found things, supposedly fixed them, then found more, fixed, more, fixed. Uninstalled.
-Went to Cnet to see about best rated and most rated Malware SW.
-Tried MalwareByte's AntiMallware. First time it found 4 files and removed them. But since then nothing.
So at this point. Scans show nothing unless I do a search, get redirected, and Alt+F4 out. Then SBSD will find Click.GiftLoad again.
-Avira scan always shows 1 Hidden file, but may not be related at all???
-Followed the Before You Post thread and not sure if I was supposed to SBSD scan, copy what I find and THEN go into advance and turn off
-TT, Reboot, and Scan again. What I posted was the former. If this is incorrect let me know and I will edit and put in post clipboard.
-If I vomited too much info let me know and I will edit/del any info you dont need.
Thanks Much!
Peace and Blessings
DDS file
SBSD pre TT off scan
Sorry, long day trying to get this cleared up on at least one machine.
Attach.zip
Here is SBSD post TT off and reboot.
Click.GiftLoad: [SBI $89783858] User settings (Registry value, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\featurecontrol\FEATURE_BROWSER_EMULATION\svchost.exe
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-03-14 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2011-03-18 Includes\Adware.sbi (*)
2011-03-22 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2011-03-08 Includes\DialerC.sbi (*)
2011-02-24 Includes\HeavyDuty.sbi (*)
2011-03-29 Includes\Hijackers.sbi (*)
2011-03-29 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2010-12-14 Includes\Keyloggers.sbi (*)
2011-03-08 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2011-03-29 Includes\Malware.sbi (*)
2011-03-29 Includes\MalwareC.sbi (*)
2011-02-24 Includes\PUPS.sbi (*)
2011-03-15 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2011-03-08 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2011-02-24 Includes\Spyware.sbi (*)
2011-03-15 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2010-12-28 Includes\Trojans.sbi (*)
2011-03-25 Includes\TrojansC-02.sbi (*)
2011-03-29 Includes\TrojansC-03.sbi (*)
2011-03-08 Includes\TrojansC-04.sbi (*)
2011-03-29 Includes\TrojansC-05.sbi (*)
2011-03-08 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll