Results 1 to 4 of 4

Thread: Click.Giftload maka me angry

  1. 2011-04-04, 07:00 #1
    Macattak1
    Macattak1 is offline
    Junior Member
    Join Date
    Apr 2011
    Posts
    3

    Default Click.Giftload maka me angry

    Greetings, my dear wife was searching for food info on some TGIF salads. She got the popup junk, but it was way to fast for her. So she just

    turned off the PC. Anyway, it will not boot now.

    In trying to figure this out, I got it also. I backed up my files, but my PC is now infected as well.

    So, starting with the working PC. When I was screwing around, and of course you know what I mean (looking for info on it, finding nothing as

    I did not know what it was, doing the search she did and finding the virus.

    Basically, I can not do a search anymore as any search result is likely to take me anywhere.

    -My Avira, which I updated before I played with fire, caught this malware and quarantined it.
    JAVA/Dldr.Agent.Y
    JAVA/Formduce.A
    However, I still got infected and will not actually find it and clean it since that one time. Guessing that it caught what wanted to install

    something, but the something is still there.

    -Updated SB and Scanned. Found Click.GiftLoad, and fixed it, and immunized it, but still having same issue.

    -Used CC but maybe just some Reg entries removed.

    -downloaded Eset online scanner tool, but nothing.

    -Checked out PCTweaker antimalware? Found things, supposedly fixed them, then found more, fixed, more, fixed. Uninstalled.

    -Went to Cnet to see about best rated and most rated Malware SW.

    -Tried MalwareByte's AntiMallware. First time it found 4 files and removed them. But since then nothing.

    So at this point. Scans show nothing unless I do a search, get redirected, and Alt+F4 out. Then SBSD will find Click.GiftLoad again.

    -Avira scan always shows 1 Hidden file, but may not be related at all???

    -Followed the Before You Post thread and not sure if I was supposed to SBSD scan, copy what I find and THEN go into advance and turn off

    -TT, Reboot, and Scan again. What I posted was the former. If this is incorrect let me know and I will edit and put in post clipboard.

    -If I vomited too much info let me know and I will edit/del any info you dont need.

    Thanks Much!
    Peace and Blessings

    DDS file
    SBSD pre TT off scan

    Sorry, long day trying to get this cleared up on at least one machine.

    Attach.zip
    Here is SBSD post TT off and reboot.

    Click.GiftLoad: [SBI $89783858] User settings (Registry value, nothing done)
    HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\featurecontrol\FEATURE_BROWSER_EMULATION\svchost.exe


    --- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

    2009-01-26 blindman.exe (1.0.0.8)
    2009-01-26 SDFiles.exe (1.6.1.7)
    2009-01-26 SDMain.exe (1.0.0.6)
    2009-01-26 SDShred.exe (1.0.2.5)
    2009-01-26 SDUpdate.exe (1.6.0.12)
    2009-01-26 SpybotSD.exe (1.6.2.46)
    2009-03-05 TeaTimer.exe (1.6.6.32)
    2009-03-14 unins000.exe (51.49.0.0)
    2009-01-26 Update.exe (1.6.0.7)
    2009-11-04 advcheck.dll (1.6.5.20)
    2007-04-02 aports.dll (2.1.0.0)
    2008-06-14 DelZip179.dll (1.79.11.1)
    2009-01-26 SDHelper.dll (1.6.2.14)
    2008-06-19 sqlite3.dll
    2009-01-26 Tools.dll (2.1.6.10)
    2009-01-16 UninsSrv.dll (1.0.0.0)
    2011-03-18 Includes\Adware.sbi (*)
    2011-03-22 Includes\AdwareC.sbi (*)
    2010-08-13 Includes\Cookies.sbi (*)
    2010-12-14 Includes\Dialer.sbi (*)
    2011-03-08 Includes\DialerC.sbi (*)
    2011-02-24 Includes\HeavyDuty.sbi (*)
    2011-03-29 Includes\Hijackers.sbi (*)
    2011-03-29 Includes\HijackersC.sbi (*)
    2010-09-15 Includes\iPhone.sbi (*)
    2010-12-14 Includes\Keyloggers.sbi (*)
    2011-03-08 Includes\KeyloggersC.sbi (*)
    2004-11-29 Includes\LSP.sbi (*)
    2011-03-29 Includes\Malware.sbi (*)
    2011-03-29 Includes\MalwareC.sbi (*)
    2011-02-24 Includes\PUPS.sbi (*)
    2011-03-15 Includes\PUPSC.sbi (*)
    2010-01-25 Includes\Revision.sbi (*)
    2009-01-13 Includes\Security.sbi (*)
    2011-03-08 Includes\SecurityC.sbi (*)
    2008-06-03 Includes\Spybots.sbi (*)
    2008-06-03 Includes\SpybotsC.sbi (*)
    2011-02-24 Includes\Spyware.sbi (*)
    2011-03-15 Includes\SpywareC.sbi (*)
    2010-03-08 Includes\Tracks.uti
    2010-12-28 Includes\Trojans.sbi (*)
    2011-03-25 Includes\TrojansC-02.sbi (*)
    2011-03-29 Includes\TrojansC-03.sbi (*)
    2011-03-08 Includes\TrojansC-04.sbi (*)
    2011-03-29 Includes\TrojansC-05.sbi (*)
    2011-03-08 Includes\TrojansC.sbi (*)
    2008-03-04 Plugins\Chai.dll
    2008-03-05 Plugins\Fennel.dll
    2008-02-26 Plugins\Mate.dll
    2007-12-24 Plugins\TCPIPAddress.dll
    Last edited by tashi; 2011-04-04 at 07:25. Reason: Merged three posts :-)
  2. 2011-04-06, 13:14 #2
    ken545
    ken545 is offline
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default




    Please read Before You Post
    While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

    Please do not start any new threads, just post back here using the submit reply.

    Also do not attach any logs or reports we ask for, just copy and paste them directly into the forum

    We will work on your computer thats working, we just do one at a time, we cant work on two computers on the same thread so when we are done here you can start a new topic for the other one

    Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.


    Download DDS by sUBs from one of the following links. Save it to your desktop.
    • DDS.com
    • DDS.scr
    • DDS.pif
    • Double click on the DDS icon, allow it to run.
    • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
    • Notepad will open with the results, click no to the Optional_Scan
    • Follow the instructions that pop up for posting the results.
    • Close the program window, and delete the program from your desktop.

    Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

    Information on A/V control Here
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.
  3. 2011-04-07, 20:47 #3
    Macattak1
    Macattak1 is offline
    Junior Member
    Join Date
    Apr 2011
    Posts
    3

    Default

    This has been resolved.
    Thanks.

    Please close.
  4. 2011-04-07, 23:06 #4
    ken545
    ken545 is offline
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Hi,

    I have been at this for many many years and I cant tell you how many people have posted back and said to close the topic as its been resolved only to find out that there still infected.

    Your call, but if you want to make sure go ahead and post the DDS log, if I do not hear back from you in 24 hours than I will close this thread.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules