Home > Google Redirect > Google Redirect + Protect.dll/msb.dll/autochk.dll Trojan (related?)

Google Redirect + Protect.dll/msb.dll/autochk.dll Trojan (related?)

Sign In Sign In Remember me Not recommended on shared computers Sign in anonymously Sign In Forgot your password? Usually located in c:\combofix.txt, please attach it to your next post.--------------------------------------------To Private Message me Click Here Report • #7 strychnine May 21, 2009 at 15:48:11 I'm running Norton and I did I tried all Safe Mode options, but I can't get the computer to boot...it just goes into an endless loop of getting to the XP screen, then bluescreen, then back to scan completed successfullyhidden files: 0**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------[HKEY_USERS\S-1-5-21-1844237615-2025429265-682003330-1003\Software\SecuROM\!CAUTION! news

Click the Download button to the right. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. Report • #14 neoark May 22, 2009 at 16:38:40 Still getting google redirected?--------------------------------------------To Private Message me Click Here Report • #15 strychnine May 22, 2009 at 18:54:27 No. Will report anything else I notice throughout the day Back to top Back to Virus, Trojan, Spyware, and Malware Removal Logs 6 user(s) are reading this topic 1 members, 5 guests, https://www.bleepingcomputer.com/forums/t/228624/infected-with-a-suspected-rootkit-virus/?view=getnextunread

Your computer will reboot after reboot check and see if you still get redirected.--------------------------------------------To Private Message me Click Here Report • Related Solutions› [Solved] Can't remove Google redirect virus › google Thanks for stiking with me through this. Spy Sweeper pops up with alerts roughly every couple of minutes because chkdsk.dll and autochk.dll keep trying to install themselves in the startup folder, no matter how many times they get HKU\S-1-5-21-503452509-3002992337-1118405479-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4BAAC1B8-0800-42C9-8FA6-08B211F356B8} => value removed successfully HKCR\CLSID\{4BAAC1B8-0800-42C9-8FA6-08B211F356B8} => key not found.

Anyway...on to the log output... Make sure the "Perform Quick Scan" option is selected. Click 'Show Results' to display all objects found". Seeing it happen maybe twice, it seems like it very quickly flashes a blue screen. 5) Cannot turn the computer off.

Fix result of Farbar Recovery Scan Tool (x64) Version: 22-01-2017 Ran by Russell (24-01-2017 11:25:21) Run:1 Running from C:\Users\Russell\Desktop Loaded Profiles: Russell (Available Profiles: Russell) Boot Mode: Normal ============================================== fixlist NEVER A OR CHANGE ANY KEY*]"??"=hex:d4,39,9a,e1,82,0c,a8,03,0e,12,3b,0a,e9,2a,c7,59,41,19,76,bb,49,f6,fa, f3,40,ac,69,b3,13,e2,65,10,cf,cd,dc,f3,c0,aa,ec,42,a0,43,cb,0a,ac,52,e0,2b,\"??"=hex:cb,72,68,35,76,aa,5a,d4,74,56,99,85,54,23,37,e4[HKEY_USERS\S-1-5-21-1844237615-2025429265-682003330-1003\Software\SecuROM\License information*]"datasecu"=hex:7e,8f,92,9c,7e,76,e5,86,f1,5a,60,65,a1,e6,b3,33,e4,ab,c7,b9,8c, 9c,b5,91,6f,2a,84,46,46,35,92,b2,f4,cd,03,1b,ef,f2,d4,84,82,8e,1a,11,c5,7b,\"rkeysecu"=hex:cf,fd,36,ed,8f,83,8f,67,d5,d5,68,a4,04,da,e7,c7.------------------------ Other Running Processes ------------------------.c:\program files\Avira\AntiVir Desktop\avguard.exec:\windows\system32\rundll32.exec:\windows\system32\nvsvc32.exec:\program files\Logitech\Video\FxSvr2.exec:\windows\system32\wdfmgr.exec:\windows\system32\wscntfy.exec:\windows\system32\msiexec.exe.**************************************************************************.Completion time: 2009-05-28 12:28 - machine was rebootedComboFix-quarantined-files.txt 2009-05-28 17:28ComboFix2.txt 2009-05-28 16:47Pre-Run: 14,112,165,888 bytes freePost-Run: 14,085,828,608 Completion time: 2009-05-01 18:58 - machine was rebooted ComboFix-quarantined-files.txt 2009-05-01 01:58 ComboFix2.txt 2009-04-30 02:06 Pre-Run: 52,114,325,504 bytes free Post-Run: 52,076,683,264 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Please do the following.

Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot. Share this post Link to post Share on other sites anonymousrex    New Member Topic Starter Members 7 posts ID: 3   Posted May 31, 2009 Much thanks! All rights reserved. After using the computer for a while the internet will no longer work.

waht should i learn? http://www.malwareremoval.com/forum/viewtopic.php?f=11&t=42741 I finally ran the Avira Rootkit detection program to get a better idea of what was going on. After reboot follow:1) Run this script in AVZ: begin CreateQurantineArchive('c:\quarantine.zip'); end. 2) A file called quarantine.zip should be created in C:\. Although the computer appears to be working okay for the most part (still able to boot into normal mode and not crashing), there are some anomalies: - When using IE, I'm

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. navigate to this website Last go through Malwarebytes labeled them as Worm.Autorun, Trojan.Dropper and Trojan,Agent, and keep finding something called "msb.dll" in the windows\temp folder, if that helps. Share this post Link to post Share on other sites victusdementis    Regular Member Topic Starter Honorary Members 62 posts ID: 17   Posted May 29, 2009 both avira and malwarebytes It even shows the red X over the ballon or whatever you want to call it showing it's disabled, and when I put the mouse over it, it says disabled but

You weren't senior in your first … PDF file: Access denied 14 replies Hi all, I have received an important email message with pdf file attachment. Short URL to this thread: https://techguy.org/822834 Log in with Facebook Log in with Twitter Log in with Google Your name or email address: Do you already have an account? Read the "Requirements and Limitations" then press the button. More about the author Please save this file to your desktop or "My Documents" folder.2) Next, unpack the file to a new folder using the Compressed (zipped) folders wizard built into Windows XP/Vista, or a

Make sure Combofix.exe is on your DESKTOP and not anywhere else. AssertNull 579 543 posts since Mar 2016 Community Member More Recommended Articles About Us Contact Us Donate Advertising Vendor Program Terms of Service API Newsletter Archive Community Forums Recent Articles Recommended I'm not engaging in sock-puppetry here and you won't find 100 upvotes and comments about how helpful AssertNull is in answering questions and I won't be answering programming questions under this

After exporting the keys to a safe location, I removed them.

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:38:29 PM, on 4/28/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe Join our site today to ask your question. Close any programs you may have running - especially your web browser. Done.C:\Program Files\Mozilla Firefox\extensions\{45AD7D9C-84A7-4F80-A697-64EFF280B1D2}->Backing up folder...

When I ran it, it would error, not be responsive and the scan wouldn't complete. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.ViewpointViewpoint ManagerViewpoint Media PlayerThen,* Open notepad - don't use any other texteditor than notepad As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged click site Started by victusdementis, May 25, 2009 19 posts in this topic victusdementis    Regular Member Topic Starter Honorary Members 62 posts ID: 1   Posted May 25, 2009 Logfile of Trend

I have no idea if this is related to the problem or just something else that I've managed to pick up. It smells that you may also be dealing with Virut.I really hope that's not the case here, because that would be a lost situation then. scan completed successfullyhidden files: 0**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]@Denied: (2) (LocalSystem)"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,34,da,52,7f,f0,d8,94,4a,99,83,36,\"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,34,da,52,7f,f0,d8,94,4a,99,83,36,\[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]@DACL=(02 0000)"Installed"="1"[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]@DACL=(02 0000)"Installed"="1""NoChange"="1"[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]@DACL=(02 0000)"Installed"="1".--------------------- DLLs Loaded Under Running Processes ---------------------- - - - - - - > Back to top #4 rschou2132 rschou2132 Topic Starter Members 7 posts ONLINE Local time:01:00 PM Posted Today, 11:53 AM Thank you!

I think that pretty much covers everything. Install Recovery Console and Run ComboFix Download Combofix from any of the links below, and save it to your desktop. C:\WINDOWS\Temp\_A00FE779D.exe (Trojan.Agent) -> Quarantined and deleted successfully. DP83815 NDIS 5.0 Miniport Driver;c:\windows\system32\drivers\DP83815.sys [5/20/2002 11:51 AM 16064]R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [3/13/2008 6:02 PM 26640]R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [4/30/2008 5:06 PM 24592]S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\progra~1\Belkin\BELKIN~1.11G\DNINDIS5.SYS [7/8/2008 5:07 PM

Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop. * DoubleClick mbam-setup.exe and follow the prompts to install MBA-M. * Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and You should get 2 choices one is Windows XP and the other is Recovery Console. Steve 05-01-2009, 01:28 PM #20 extremeboy Security Team Analyst Join Date: Jan 2009 Posts: 559 OS: N/A Okay. The only thing is that, it does not appear in the Combofix log.

Share this post Link to post Share on other sites miekiemoes    Forum Deity Moderators 8,338 posts Location: Belgium ID: 8   Posted May 27, 2009 Can you try in Windows I don't understand everything. If you're not already familiar with forums, watch our Welcome Guide to get started. BTW...thanks again for the quick reply...very much appreciated :-) .

Tech Support Guy is completely free -- paid for by advertisers and donations. scanning hidden files ... I got hit with several somethings a week or so ago, and I've managed to clean off most of it (I think), but one or two problems remain stubbornly, um, stubborn. I would much rather clarify instructions or explain them differently than have something important broken.

I believe the problem started yesterday. This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546I suggest you remove the program now.