Page 4 of 4 FirstFirst 1234
Results 31 to 38 of 38

Thread: Click.GiftLoad problem.

  1. #31
    Security Expert-Emeritus Dakeyras's Avatar
    Join Date
    Sep 2008
    Location
    The Tundra
    Posts
    1,173

    Default

    Hi.

    As a precaution move the MBR.dat(or similar) that aswMBR created to a form of removable storage media.

    Re-scan with aswMBR:

    • Right-click the aswMBR.exe select Run as Administrator to run it
    • Click the Scan button to start the scan.
    • On completion of the scan, click the Fix MBR button.
    • When the Fix MBR process has completed, please save the log file, to your desktop, as you did before.
    • Copy and paste the contents of the log file in your next reply.
    Next:

    Please reboot your machine and let myself know if any further issues? Still search engine redirects?
    Mammuthus Hibernian Scouserus, member of ASAP and UNITE.

  2. #32
    Junior Member
    Join Date
    Mar 2011
    Posts
    21

    Default

    After the reboot, I didn't have any search link re-directs. I tried clicking about 10 different links and they all went where they were supposed to.

    aswMBR Log #2:

    aswMBR version 0.9.4 Copyright(c) 2011 AVAST Software
    Run date: 2011-03-27 13:33:06
    -----------------------------
    13:33:06.722 OS Version: Windows 6.1.7600
    13:33:06.722 Number of processors: 2 586 0xF0D
    13:33:06.722 ComputerName: VEDA UserName:
    13:33:10.450 Initialize success
    13:33:13.196 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdePort0
    13:33:13.196 Disk 0 Vendor: ST3360320AS 3.CHN Size: 343399MB BusType: 3
    13:33:13.211 Device \Device\Ide\IdeDeviceP0T0L0-0 -> \??\IDE#DiskST3360320AS_____________________________3.CHN___#5&2aa567a1&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} not found
    13:33:15.239 Disk 0 MBR read successfully
    13:33:15.239 Disk 0 MBR scan
    13:33:15.239 Disk 0 TDL4@MBR code has been found
    13:33:15.255 Disk 0 MBR hidden
    13:33:15.255 Disk 0 MBR [TDL4] **ROOTKIT**
    13:33:15.271 Disk 0 trace - called modules:
    13:33:15.271 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x868e5439]<<
    13:33:15.286 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x868c7030]
    13:33:15.286 3 CLASSPNP.SYS[83f8c59e] -> nt!IofCallDriver -> [0x8675f918]
    13:33:15.286 5 ACPI.sys[83bbc3b2] -> nt!IofCallDriver -> \IdeDeviceP0T0L0-0[0x85ab0630]
    13:33:15.302 \Driver\atapi[0x868c7638] -> IRP_MJ_CREATE -> 0x868e5439
    13:33:15.817 Scan finished successfully
    13:34:15.892 Disk 0 fixing MBR
    13:34:25.923 Disk 0 MBR restored successfully
    13:34:25.923 Infection fixed successfully - please reboot ASAP

  3. #33
    Security Expert-Emeritus Dakeyras's Avatar
    Join Date
    Sep 2008
    Location
    The Tundra
    Posts
    1,173

    Default

    Hi.

    After the reboot, I didn't have any search link re-directs. I tried clicking about 10 different links and they all went where they were supposed to.
    Good, please re-run TFC(Temp File Cleaner) again as outlined here.

    Malwarebytes Anti-Malware:

    Note: Remember to right click MBAM and select Run As Administrator.
    • Launch the application, Check for Updates >> Perform quick scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. please copy and paste the log into your next reply.
    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

    When completed the above, please post back the following in the order asked for:
    • How is your computer performing now, any further symptoms and or problems encountered?
    • Malwarebytes Anti-Malware Log.
    Mammuthus Hibernian Scouserus, member of ASAP and UNITE.

  4. #34
    Junior Member
    Join Date
    Mar 2011
    Posts
    21

    Default

    How is your computer performing now, any further symptoms and or problems encountered?
    I have had no more problems since the last aswMBR scan.

    Malwarebytes Log:

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6187

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    3/27/2011 6:43:34 PM
    mbam-log-2011-03-27 (18-43-34).txt

    Scan type: Quick scan
    Objects scanned: 154201
    Time elapsed: 5 minute(s), 46 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

  5. #35
    Security Expert-Emeritus Dakeyras's Avatar
    Join Date
    Sep 2008
    Location
    The Tundra
    Posts
    1,173

    Default

    Hi.

    I have had no more problems since the last aswMBR scan.
    Good. After completing my below instructions/advice it would be prudent to use the installer you have for IE9 and install the browser. Also if not aware Service Pack One for Windows 7 is now available, you should be able to download and install it via Windows Update and or you could get it from here.

    Before actually installing the Service Pack it would be prudent to backup your system and temp' disable any security related applications before doing so as a precaution. The reason I am advising both of the aforementioned upgrades is these will increase the overall security of your machine whilst used online etc.

    Next:

    Congratulations your computer appears to be malware free!

    Now I have some tasks for your good self to carry out as part of a clean up process and some advice about online safety.

    Importance of Regular System Maintenance:

    I advice you read both of the below listed topics as this will go a long way to keeping your Computer performing well.

    Help! My computer is slow!

    Also so is this:

    What to do if your Computer is running slowly

    Reset SR Points/Clean up with OTL:
    • Right-click OTL and select Run as Administrator to start the program.
    • Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    Code:
    :Commands
    [ClearAllRestorePoints]
    • Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
    • Then click the red Run Fix button.
    • Let the program run unhindered. When finished click on OK and close the log that appears.
    • Note: I do not need to review the log produced.
    • Now close all other programs apart from OTL as this step will require a reboot.
    • On the OTL main screen, depress the CleanUp button.
    • Say Yes to the prompt and then allow the program to reboot your computer.
    The above process will flush old System Restore points and create a new clean one. It should also clean up and remove the vast majority of scanners used and logs created etc.

    Any left over merely delete yourself and empty the Recycle Bin.

    Now some advice for on-line safety:

    Malwarebyte's Anti-Malware:

    This is a excellent application and I advise you keep this installed. Check for updates and run a scan once a week.

    Other installed security software:

    Your presently installed security application, McAfee AntiVirus Plus automatically checks for updates and downloads/installs them with every system reboot and or periodically if the machine is left running providing a internet connection is active.

    I advise you also run a complete scan with this also once per week.

    Erunt:

    Emergency Recovery Utility NT, I advice you keep this installed as a means to keep a complete backup of your registry and restore it when needed.

    Myself I would actually create a new back up once per week as this along with System Restore may prove to be invaluable if something unforeseen occurs!

    Keep your system updated:

    Microsoft releases patches for Windows and other products regularly:

    • Click on Start(Windows 7 Orb) >> All Programs >> Windows Update.
    • In the navigation pane, click Check for updates.
    • After Windows Update has finished checking for updates, click View available updates.
    • Click to select the check box for any found, then click Install.
    • When completed Reboot(restart) your computer if not prompted to do so.
    Be careful when opening attachments and downloading files:

    Never open email attachments, not even if they are from someone you know. If you need to open them, scan them with your antivirus program before opening.
    Never open emails from unknown senders.
    Beware of emails that warn about viruses that are spreading, especially those from antivirus vendors. These email addresses can be easily spoofed. Check the antivirus vendor websites to be sure.
    Be careful of what you download. Only download files from known sources. Also, avoid cracked programs. If you need a particular program that costs too much for you, try finding free alternatives on Sourceforge or Pricelessware.

    Stop malicious scripts:

    Windows by default allow scripts (which is VBScript and JavaScript) to run and some of these scripts are malicious. Use Noscript by Symantec or Script Defender by AnalogX to handle these scripts.

    Avoid Peer to Peer software:

    P2P may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. My advice is avoid these types of software applications.

    Hosts File:

    A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your computer will look up the website's IP address before you can view the website.

    Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.

    Here are some Hosts files:


    Only use one of the above!

    Install WinPatrol:

    WinPatrol alerts you about possible system hijacks, malware attacks and critical changes made to your computer without your permission.

    Download it from here.

    You can find information about how WinPatrol works here.

    Next:

    This is a very helpful/useful set of advice from Microsoft: Microsoft Safety & Security Center

    Any questions? Feel free to ask, if not stay safe!
    Mammuthus Hibernian Scouserus, member of ASAP and UNITE.

  6. #36
    Junior Member
    Join Date
    Mar 2011
    Posts
    21

    Default

    No questions. Thank you very much for your assistance

  7. #37
    Security Expert-Emeritus Dakeyras's Avatar
    Join Date
    Sep 2008
    Location
    The Tundra
    Posts
    1,173

    Default

    You're welcome!
    Mammuthus Hibernian Scouserus, member of ASAP and UNITE.

  8. #38
    Security Expert-Emeritus Dakeyras's Avatar
    Join Date
    Sep 2008
    Location
    The Tundra
    Posts
    1,173

    Default

    Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

    Note: If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh set of DDS log and a link to your previous thread.

    If it has been less than four days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.
    Mammuthus Hibernian Scouserus, member of ASAP and UNITE.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •