Search Engine Redirect Virus w/ Google

**jayescee316** · 2012-01-08, 23:36

ESET Log:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=1c050468b560a24e8eefc9dd82d7230d
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-01-08 10:28:12
# local_time=2012-01-08 02:28:12 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777175 100 0 5351676 5351676 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=32443
# found=7
# cleaned=0
# scan_time=997
C:\Documents and Settings\All Users\Application Data\DisplayBackupBackup.dll Win32/TrojanDownloader.Tracur.I trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\All Users\Application Data\privacy.exe a variant of Win32/Kryptik.VCJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\od56xxqk.default\extensions\{0d9fcb1e-8fe6-42ba-8e32-9e917e496c11}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\od56xxqk.default\extensions\{0d9fcb1e-8fe6-42ba-8e32-9e917e496c11}\chrome\xulcache.jar JS/Agent.NDO trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\User\Local Settings\Application Data\TCPIPWin32.dll a variant of Win32/Kryptik.UQZ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\User\Local Settings\Application Data\Adobe\AdobeUpdate\Adobeup.dll a variant of Win32/Kryptik.UQZ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\User\My Documents\Downloads\KeyFinderInstaller.exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I

**vict0r** · 2012-01-09, 20:29

Please start your computer in safe mode with networking.

Download ComboFix

A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use. ComboFix SHOULD NOT be used unless requested by a forum helper.

**IMPORTANT !!! Save ComboFix.exe to your Desktop**

Please download ComboFix from one of the following links, do not run the tool until your Anti Virus is disabled:

Link1
Link2

Disable Trend Micro AntiVirus

Right click on the Trend Micro Antivirus icon in the system tray and select Exit. Click Yes to confirm that you want to disable the program.

Run ComboFix

Double click the ComboFix icon on the desktop to run the tool and click Yes to the disclaimer.

Please install the Recovery Console if prompted.

The Windows Recovery Console will allow you to boot into a special recovery (repair) mode. This allows us to more easily help you if your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Please include the ComboFix log (C:\ComboFix.txt) in your next reply for further review.

**jayescee316** · 2012-01-09, 22:17

I am not able to disable Trend Micro (not on system tray on safe mode) or uninstall it from my computer because it is not letting me to do so.

**vict0r** · 2012-01-09, 22:30

Ok. Trend Micro is probably not running in safe mode. Go ahead and run Combofix. You will be alerted if it detects an active anti-virus.

**jayescee316** · 2012-01-09, 22:44

It did notify me about Trend Micro. Do you still want me to run ComboFix?

**vict0r** · 2012-01-09, 22:48

Go ahead and run Combofix. Remember to install the recovery console.

**jayescee316** · 2012-01-09, 23:38

I am posting this on another computer. ComboFix rebooted my computer and it asks me for a Windows Activation Key (which I don't have). Is that normal for ComboFix to do?

**vict0r** · 2012-01-10, 23:29

Originally Posted by jayescee316

I am posting this on another computer. ComboFix rebooted my computer and it asks me for a Windows Activation Key (which I don't have). Is that normal for ComboFix to do?

That should not happen.

I need to do more research before I can get back to you on the issue. I have some questions and your answers may help me in my research:

Which make and model is this computer?
Is there a sticker somewhere on the computer with a Windows product key?
When did you buy this computer?
Do you have any blank writeable cd's?
Does your other computer have the ability to write cd's?
Do you own a usb-stick or usb hard drive?

**jayescee316** · 2012-01-11, 02:20

Which make and model is this computer? It is a custom built computer
Is there a sticker somewhere on the computer with a Windows product key? No there isn't a sticker on the computer with a Windows product key
When did you buy this computer? I had the computer for 5 years
Do you have any blank writeable cd's? Yes I do
Does your other computer have the ability to write cd's? It can
Do you own a usb-stick or usb hard drive? I have an external hard drive

**vict0r** · 2012-01-11, 13:33

What happens if you start the computer in safe mode? Do you get blocked by the Activation wizard or are you allowed to reach the desktop?

Do you remember if Combofix successfully installed the Recovery Console?

Thread: Search Engine Redirect Virus w/ Google

Thread Tools

Display

ESET Scan Log

Posting Permissions