Sign in to follow this  
GarinW

Search engine searchs get redirected to unexpected sites even though system scans clean

Recommended Posts

System usually runs Norton antivirus and it claimed to have removed Suspicious.Cloud.7.EP a couple days ago but that removal status was posted as needing to be applied several times.

 

Any help you might be able to provide would be greatly appreciated.

 

-Garin

attach.txt

dds.txt

Share this post


Link to post
Share on other sites

Hi


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.


Please continue as follows:

  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.
  • Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

 

 

Share this post


Link to post
Share on other sites

Hi,

 

Sorry for a delay.

 

* Go here to run an online scanner from ESET.

  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is UNchecked and the option Scan unwanted applications is checkmarked.
  • Click Scan
  • Wait for the scan to finish. Copy-paste results back here.

 

Share this post


Link to post
Share on other sites

C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll a variant of Win32/Toolbar.Visicom.B application
C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\adawaretb.dll a variant of Win32/Toolbar.Visicom.A application
C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe a variant of Win32/Toolbar.Visicom.C application
C:\Users\Garin\AppData\Local\Google\Chrome\User Data\Default\Extensions\adhmhclafdhfabmmglbcngpddpdeijgd\npRivalGamingGC.dll a variant of Win32/Adware.Gamevance.DB application
C:\Users\Garin\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\components\xpcomponent.dll a variant of Win32/Adware.Gamevance.CZ application
F:\O\F\SES\DaveStuff\DICOM\rsoon.exe probably unknown NewHeur_PE virus
F:\O\F\Software\DRIVERS\Nero\Nero-9.4.12.3_free.exe Win32/Toolbar.AskSBar application
F:\O\F\ToddDrive\FTP Server\emedtech\pstools\psshutdown.exe Win32/RiskWare.PsShutdown.232 application
Operating memory multiple threats

 

Share this post


Link to post
Share on other sites

Hi again,


Open notepad and copy/paste the text in the quotebox below into it:

Suspect::
c:\users\Garin\AppData\Local\Microsoft\Apps\gbbjgadofc.dll
c:\users\Garin\AppData\Local\Adobe\nvdxgiwrap.dll

Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

CFScriptB-4.gif

Disable antivirus protection. Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe (let the tool to update itself if prompted).
Then post the resultant log.

 

 

Share this post


Link to post
Share on other sites

Hi,

1. Download TDSSKiller and extract its contents into a folder in desired location (i.e. c:\tdsskiller).
2. Execute the file TDSSKiller.exe.
3. Click Start Scan. If threats are found, select skip and click Continue (tool may prompt for a reboot).
4. Post back contents of log file in c: drive root (name should be in UtilityName.Version_Date_Time_log.txt format)

 

Share this post


Link to post
Share on other sites

Hi,

 

Please repeat the run with the 3.0 version.

Share this post


Link to post
Share on other sites

Hi,

 

That looks ok. Is the original problem still present?

Share this post


Link to post
Share on other sites

The problem does not seem to be occurring any more. Thank you for all the help and assistance at odd hours of the day. Is there anything more that should be done to verify the cleanliness of the system or are you comfortable that the recent scans indicate that there are no persisting problems?

 

 

-Garin

 

 

 

 

Share this post


Link to post
Share on other sites

Hi,

 

If no problems left let's see the final steps then :)


THESE STEPS ARE VERY IMPORTANT

Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

A To disable the System Restore feature:

1. Click on the Start button.
2. Hover over the Computer option, right click on it and then click Properties.
3. On the left hand side, click Advanced Settings.
4. If asked to permit the action, click on Allow.
5. Click on the System Protection tab.
6. Select c: drive and click Configure...
7. Select Turn off protection
8. Press OK.
Repeat steps 6-8 for each hard drive.

B. Reboot.

C Turn ON System Restore.
Follow the steps like you did when disabling system restore but on step 7. select Restore system settings and previous versions of files -option.



Now lets uninstall ComboFix:

  • Click START then RUN
  • Now copy-paste Combofix /uninstall in the runbox and click OK

You may delete TDSSKiller too.

UPDATING WINDOWS AND INTERNET EXPLORER

IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site to get the critical updates.



Download and run Secunia Personal Software Inspector (PSI) and fix its findings. Leave the program installed so you'll stay alarmed about vulnerable components in future too.


Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


Once again, please post and tell me how things are going with your system... problems etc.

Have a great day,
Blade B)

 

Share this post


Link to post
Share on other sites

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

 

If you're the topic starter, and need this topic reopened, please contact the staff member who was helping you with your issue.

 

Everyone else please begin a New Topic.

 

Thank you !

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this