PDA

View Full Version : Google Re-directs



computer_user
2012-08-08, 08:10
I own an HP Compaq computer which uses Windows Vista and I use Firefox as my primary browser. On Monday 6 August 2012 I was searching the internet and was directed to a spam site, it happened several more times (taking me to different websites than the one I intended to visit). On Tuesday 7 August 2012 I ran spybot which found nothing, but a Malware Bytes scan found several trojans.

After Malware Bytes initially found the problem, I thought that it was removed but when I used Google it happened again, so I ran Malware Bytes which on the second run found nothing at all.

I did an online search (using Bing) and learned of something called the Google re-direct virus, I don't know if that particular bug is what I encountered but I need help with this problem.

I'm pasting a copy of my INITIAL Malware Bytes report which has information about the trojan:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.07.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Martin Family :: MARTINFAMILY-PC [administrator]

8/7/2012 8:04:32 AM
mbam-log-2012-08-07 (08-04-32).txt

Scan type: Full scan (C:\|D:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 675837
Time elapsed: 4 hour(s), 33 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 1
C:\Users\Martin Family\AppData\Local\Apple Computer\Apple\bknzynz.dll (Trojan.RedirRdll3.Gen) -> Delete on reboot.

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Apple (Trojan.RedirRdll3.Gen) -> Data: rundll32.exe "C:\Users\Martin Family\AppData\Local\Apple Computer\Apple\bknzynz.dll",CreateInstance -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Martin Family\AppData\Local\Apple Computer\Apple\bknzynz.dll (Trojan.RedirRdll3.Gen) -> Delete on reboot.

(end)

It's 12:08 AM and too late to run another scan but I wanted to post this information lest it be lost when I turn of my computer.

tashi
2012-08-08, 08:35
Hello computer_user,

Please refer to the forum sticky again and the instructions in post #2 on how to provide preliminary DDS and aswMBR logs used for analysis.
http://forums.spybot.info/showthread.php?t=288

Then start a new topic providing the logs as shown in that FAQ with a link back to this thread and a volunteer analyst will advise you when available. :)

Best regards.