Malware Infection

Hi, here is the Kaspersky scan report.


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Tuesday, August 24, 2010
Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 2 (build 6002)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, August 24, 2010 17:23:00
Records in database: 4142486
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Objects scanned: 218565
Threats found: 1
Infected objects found: 1
Suspicious objects found: 0
Scan duration: 06:17:59


File name / Threat / Threats count
C:\Users\Darlin\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report1678f0c6\Report.cab Infected: Trojan.Win32.FakeAV.aam 1

Selected area has been scanned.
 
C:\Users\Darlin\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report1678f0c6\Report.cab <--Delete this file but leave it in the Recycle Bin for a few days in case we need to restore it.

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).




Then run DDS again and post a fresh log please
 
Last edited:
Hi,

I have had another helper look at this and offer some suggestions.

Follow the instruction on my prior post and run Goodedfix and post the report, but hold off at the moment running DDS, we can look at that as a final check when were done.

What I need you to do if you are using a router ( let me know if you are ) is to reset it, you had a hijack that hijacked your hosts file and it may have effected your router. There should be a little hole on the back of the router or it can be a little button, either way if its a button you need to press and hold if for about a minute and it will reset, if its a hole then you can insert a paper clip , that will reset it also, then you will have to reinstall it to get your internet back.


After you do that then run this quick scan and post the log, this will check your master boot record to see if its infected

Download MBRCheck to your desktop
  • Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
  • It will show a Black screen with some information that will contain either the below line if no problem is found:
  • Done! Press ENTER to exit...
  • Or you will see more information like below if a problem is found:
  • Found non-standard or infected MBR.
  • Enter 'Y' and hit ENTER for more options, or 'N' to exit:
  • Either way, just choose to exit the program at this point since we want to see only the scan results to begin with.
  • MBRCheck will create a log named similar to MBRCheck_07.16.10_00.32.33.txt which is random based on date and time.
  • Copy and Paste the log for me to see please
 
Hi. I haven't gotten to resetting the router yet because I am getting my desktop fixed. I am getting it back sometime next week. If there is any way to reinstall the router on my laptop, I will do it as soon as I get home from my trip. I did however run the Gooredfix. Here is the log.

GooredFix by jpshortstuff (03.07.10.1)
Log created at 09:02 on 25/08/2010 (Darlin)
Firefox version 3.6.6 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [21:43 04/03/2010]
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [18:15 21/08/2010]

C:\Users\Darlin\Application Data\Mozilla\Firefox\Profiles\15fd17a9.default\extensions\
FirefoxAddon@similarWeb.com [16:11 28/07/2010]
googletube@googletube.com [01:39 19/03/2010]
illimitux@illimitux.net [00:51 19/03/2010]
isreaditlater@ideashower.com [14:07 12/04/2010]
personas@christopher.beard [14:14 14/04/2010]
piclens@cooliris.com [20:36 29/06/2010]
piclens@cooliris.com-trash [20:36 29/06/2010]
SkipScreen@SkipScreen [01:42 25/08/2010]
smarterwiki@wikiatic.com [01:42 25/08/2010]
unplug@compunach [01:42 25/08/2010]
videosurf_enhanced@videosurf.com [19:38 16/06/2010]
YoutubeDownloader@PeterOlayev.com [01:42 25/08/2010]
{1a0c9ebe-ddf9-4b76-b8a3-675c77874d37} [01:42 25/08/2010]
{20a82645-c095-46ed-80e3-08825760534b} [21:10 27/04/2010]
{29c4afe1-db19-4298-8785-fcc94d1d6c1d} [00:51 19/03/2010]
{4176DFF4-4698-11DE-BEEB-45DA55D89593} [01:42 25/08/2010]
{46551EC9-40F0-4e47-8E18-8E5CF550CFB8} [01:42 25/08/2010]
{53A03D43-5363-4669-8190-99061B2DEBA5} [18:09 28/03/2010]
{635abd67-4fe9-1b23-4f01-e679fa7484c1} [03:04 01/08/2010]
{6AC85730-7D0F-4de0-B3FA-21142DD85326} [01:34 19/03/2010]
{9AA46F4F-4DC7-4c06-97AF-5035170634FE} [01:01 19/03/2010]
{ada4b710-8346-4b82-8199-5de2b400a6ae} [01:42 25/08/2010]
{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [16:11 28/07/2010]
{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B} [02:17 01/07/2010]
{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [16:11 28/07/2010]
{d47a9f51-8281-43fa-f450-f28ef8735e9a} [01:34 19/03/2010]
{DDC359D1-844A-42a7-9AA1-88A850A938A8} [23:11 02/06/2010]
{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [14:06 12/04/2010]
{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} [01:16 16/05/2010]
{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} [00:51 19/03/2010]
{EF522540-89F5-46b9-B6FE-1829E2B572C6} [16:11 28/07/2010]

C:\Users\Darlin\Application Data\Mozilla\Firefox\Profiles\ky0tyjts.default\extensions\
en-CA@dictionaries.addons.mozilla.org [22:20 04/03/2010]
firefox-extension@shareaholic.com [22:20 04/03/2010]
FirefoxAddon@myfacebook.com [21:52 04/03/2010]
FirefoxAddon@similarWeb.com [21:53 04/03/2010]
googletube@googletube.com [22:20 04/03/2010]
illimitux@illimitux.net [22:20 04/03/2010]
isreaditlater@ideashower.com [21:52 04/03/2010]
personas@christopher.beard [21:52 04/03/2010]
piclens@cooliris.com [21:52 04/03/2010]
quickdrag@mozilla.ktechcomputing.com [21:53 04/03/2010]
{1a0c9ebe-ddf9-4b76-b8a3-675c77874d37} [22:20 04/03/2010]
{20a82645-c095-46ed-80e3-08825760534b} [21:52 04/03/2010]
{29c4afe1-db19-4298-8785-fcc94d1d6c1d} [21:52 04/03/2010]
{2f17f610-5e97-4fed-828f-9940b7b577a4} [19:04 05/03/2010]
{46551EC9-40F0-4e47-8E18-8E5CF550CFB8} [21:52 04/03/2010]
{99210d54-6321-41e8-bd1b-2b4c55874efb} [22:20 04/03/2010]
{9AA46F4F-4DC7-4c06-97AF-5035170634FE} [22:20 04/03/2010]
{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B} [21:52 04/03/2010]
{EE223D7A-F30F-11DD-8F0A-D2AD55D89593} [22:20 04/03/2010]
{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} [21:52 04/03/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [17:05 22/08/2009]
"smartwebprinting@hp.com"="C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2" [20:51 11/09/2009]

-=E.O.F=-
 
Hi,

Your router should work on your laptop even though its disconnected from the desktop. It looks like its a wireless one. If its plugged into the power, can you access the internet on your laptop with it, if so is your laptop being redirected to the sites that your desktop is ?
 
My router still works even if it's not connected to my desktop. I can use it as long as it's plugged in. I talked to my brother and his desktop uses our WiFi too. He says he's also being redirected to the same sites.
 
Hi,

Looks like your router is infected and needs to be reset. Most times a wireless router can be set up on a desktop with that desktop gaining access to the internet through a cable unless the desktop has a wireless receiver. Once the router is set up, you can access that wireless signal with any laptop that is wireless capable.

This is what you need to do, all us forums work together, post here at WhatheTech in there Network forum, give them info on your router as far as make and model, you can link them to this thread and tell them that I helped you and we determined that the router is infected and needs to be reset and then reinstalled, you may or may not need the set up disk that came with your router. This site like Safer is free but you will need to register.
http://forums.whatthetech.com/index.php?showforum=128



Once they have you reset and reintalled, post back here and let me know how your doing
 
You must log in or register to reply here.
Back
Top