Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

got some sort of redirct malware on my browers IE and mozil

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: got some sort of redirct malware on my browers IE and m

Unread postby stingerbud » February 23rd, 2011, 1:08 am

tdsskiller
nothing found



vira AntiVir Personal
Report file date: Tuesday, February 22, 2011 20:01

Scanning for 2425460 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows Vista
Windows version : (Service Pack 2) [6.0.6002]
Boot mode : Normally booted
Username : SYSTEM
Computer name : JUNECALL-PC

Version information:
BUILD.DAT : 10.0.0.611 31824 Bytes 1/14/2011 13:42:00
AVSCAN.EXE : 10.0.3.5 435368 Bytes 1/10/2011 20:23:31
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 18:57:04
LUKE.DLL : 10.0.3.2 104296 Bytes 1/10/2011 20:23:40
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 05:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 15:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 20:23:50
VBASE002.VDF : 7.11.3.0 1950720 Bytes 2/9/2011 04:09:23
VBASE003.VDF : 7.11.3.1 2048 Bytes 2/9/2011 04:09:23
VBASE004.VDF : 7.11.3.2 2048 Bytes 2/9/2011 04:09:23
VBASE005.VDF : 7.11.3.3 2048 Bytes 2/9/2011 04:09:23
VBASE006.VDF : 7.11.3.4 2048 Bytes 2/9/2011 04:09:24
VBASE007.VDF : 7.11.3.5 2048 Bytes 2/9/2011 04:09:24
VBASE008.VDF : 7.11.3.6 2048 Bytes 2/9/2011 04:09:24
VBASE009.VDF : 7.11.3.7 2048 Bytes 2/9/2011 04:09:24
VBASE010.VDF : 7.11.3.8 2048 Bytes 2/9/2011 04:09:24
VBASE011.VDF : 7.11.3.9 2048 Bytes 2/9/2011 04:09:25
VBASE012.VDF : 7.11.3.10 2048 Bytes 2/9/2011 04:09:25
VBASE013.VDF : 7.11.3.59 157184 Bytes 2/14/2011 04:09:39
VBASE014.VDF : 7.11.3.97 120320 Bytes 2/16/2011 04:08:58
VBASE015.VDF : 7.11.3.148 128000 Bytes 2/19/2011 03:19:22
VBASE016.VDF : 7.11.3.183 140288 Bytes 2/22/2011 01:59:04
VBASE017.VDF : 7.11.3.184 2048 Bytes 2/22/2011 01:59:05
VBASE018.VDF : 7.11.3.185 2048 Bytes 2/22/2011 01:59:05
VBASE019.VDF : 7.11.3.186 2048 Bytes 2/22/2011 01:59:05
VBASE020.VDF : 7.11.3.187 2048 Bytes 2/22/2011 01:59:05
VBASE021.VDF : 7.11.3.188 2048 Bytes 2/22/2011 01:59:05
VBASE022.VDF : 7.11.3.189 2048 Bytes 2/22/2011 01:59:06
VBASE023.VDF : 7.11.3.190 2048 Bytes 2/22/2011 01:59:06
VBASE024.VDF : 7.11.3.191 2048 Bytes 2/22/2011 01:59:06
VBASE025.VDF : 7.11.3.192 2048 Bytes 2/22/2011 01:59:06
VBASE026.VDF : 7.11.3.193 2048 Bytes 2/22/2011 01:59:06
VBASE027.VDF : 7.11.3.194 2048 Bytes 2/22/2011 01:59:07
VBASE028.VDF : 7.11.3.195 2048 Bytes 2/22/2011 01:59:07
VBASE029.VDF : 7.11.3.196 2048 Bytes 2/22/2011 01:59:07
VBASE030.VDF : 7.11.3.197 2048 Bytes 2/22/2011 01:59:07
VBASE031.VDF : 7.11.3.198 2048 Bytes 2/22/2011 01:59:07
Engineversion : 8.2.4.170
AEVDF.DLL : 8.1.2.1 106868 Bytes 1/10/2011 20:23:26
AESCRIPT.DLL : 8.1.3.53 1282427 Bytes 2/16/2011 04:09:55
AESCN.DLL : 8.1.7.2 127349 Bytes 1/10/2011 20:23:26
AESBX.DLL : 8.1.3.2 254324 Bytes 1/10/2011 20:23:26
AERDL.DLL : 8.1.9.2 635252 Bytes 1/10/2011 20:23:25
AEPACK.DLL : 8.2.4.9 512374 Bytes 2/16/2011 04:09:54
AEOFFICE.DLL : 8.1.1.16 205179 Bytes 2/16/2011 04:09:53
AEHEUR.DLL : 8.1.2.78 3277175 Bytes 2/18/2011 04:40:56
AEHELP.DLL : 8.1.16.1 246134 Bytes 2/16/2011 04:09:47
AEGEN.DLL : 8.1.5.2 397683 Bytes 2/16/2011 04:09:47
AEEMU.DLL : 8.1.3.0 393589 Bytes 1/10/2011 20:23:18
AECORE.DLL : 8.1.19.2 196983 Bytes 2/16/2011 04:09:46
AEBB.DLL : 8.1.1.0 53618 Bytes 1/10/2011 20:23:18
AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/10/2011 20:23:32
AVPREF.DLL : 10.0.0.0 44904 Bytes 1/10/2011 20:23:30
AVREP.DLL : 10.0.0.8 62209 Bytes 6/17/2010 20:27:13
AVREG.DLL : 10.0.3.2 53096 Bytes 1/10/2011 20:23:31
AVSCPLR.DLL : 10.0.3.2 84328 Bytes 1/10/2011 20:23:31
AVARKT.DLL : 10.0.22.6 231784 Bytes 1/10/2011 20:23:27
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/10/2011 20:23:28
SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 20:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 1/10/2011 20:23:31
NETNT.DLL : 10.0.0.0 11624 Bytes 6/17/2010 20:27:21
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 19:10:20
RCTEXT.DLL : 10.0.58.0 97128 Bytes 1/10/2011 20:23:52

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Tuesday, February 22, 2011 20:01

Starting search for hidden objects.
c:\windows\system32\regsvr32.exe
c:\windows\system32\regsvr32.exe
[NOTE] The process is not visible.

The scan of running processes will be started
Scan process 'taskeng.exe' - '24' Module(s) have been scanned
Scan process 'svchost.exe' - '30' Module(s) have been scanned
Scan process 'vssvc.exe' - '49' Module(s) have been scanned
Scan process 'avscan.exe' - '77' Module(s) have been scanned
Scan process 'avscan.exe' - '29' Module(s) have been scanned
Scan process 'avcenter.exe' - '74' Module(s) have been scanned
Scan process 'iexplore.exe' - '130' Module(s) have been scanned
Scan process 'AAM Updates Notifier.exe' - '69' Module(s) have been scanned
Scan process 'svchost.exe' - '42' Module(s) have been scanned
Scan process 'mozybackup.exe' - '29' Module(s) have been scanned
Scan process 'mozybackup.exe' - '53' Module(s) have been scanned
Scan process 'hphc_service.exe' - '43' Module(s) have been scanned
Scan process 'svchost.exe' - '21' Module(s) have been scanned
Scan process 'ehmsas.exe' - '23' Module(s) have been scanned
Scan process 'ONENOTEM.EXE' - '18' Module(s) have been scanned
Scan process 'mozystat.exe' - '36' Module(s) have been scanned
Scan process 'ehtray.exe' - '26' Module(s) have been scanned
Scan process 'sidebar.exe' - '55' Module(s) have been scanned
Scan process 'avgnt.exe' - '53' Module(s) have been scanned
Scan process 'AdobeARM.exe' - '47' Module(s) have been scanned
Scan process 'taskeng.exe' - '80' Module(s) have been scanned
Scan process 'WiFiMsg.exe' - '36' Module(s) have been scanned
Scan process 'Explorer.EXE' - '163' Module(s) have been scanned
Scan process 'Dwm.exe' - '37' Module(s) have been scanned
Scan process 'QPSched.exe' - '40' Module(s) have been scanned
Scan process 'SDWinSec.exe' - '47' Module(s) have been scanned
Scan process 'hpqwmiex.exe' - '32' Module(s) have been scanned
Scan process 'xaudio.exe' - '14' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '62' Module(s) have been scanned
Scan process 'svchost.exe' - '27' Module(s) have been scanned
Scan process 'svchost.exe' - '45' Module(s) have been scanned
Scan process 'RichVideo.exe' - '22' Module(s) have been scanned
Scan process 'QPCapSvc.exe' - '78' Module(s) have been scanned
Scan process 'svchost.exe' - '42' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '23' Module(s) have been scanned
Scan process 'svchost.exe' - '48' Module(s) have been scanned
Scan process 'FileZilla Server.exe' - '18' Module(s) have been scanned
Scan process 'rundll32.exe' - '46' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '33' Module(s) have been scanned
Scan process 'taskeng.exe' - '48' Module(s) have been scanned
Scan process 'atashost.exe' - '26' Module(s) have been scanned
Scan process 'avshadow.exe' - '33' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '47' Module(s) have been scanned
Scan process 'avguard.exe' - '65' Module(s) have been scanned
Scan process 'svchost.exe' - '54' Module(s) have been scanned
Scan process 'svchost.exe' - '60' Module(s) have been scanned
Scan process 'sched.exe' - '56' Module(s) have been scanned
Scan process 'spoolsv.exe' - '95' Module(s) have been scanned
Scan process 'svchost.exe' - '97' Module(s) have been scanned
Scan process 'svchost.exe' - '87' Module(s) have been scanned
Scan process 'SLsvc.exe' - '23' Module(s) have been scanned
Scan process 'svchost.exe' - '156' Module(s) have been scanned
Scan process 'svchost.exe' - '115' Module(s) have been scanned
Scan process 'svchost.exe' - '64' Module(s) have been scanned
Scan process 'svchost.exe' - '47' Module(s) have been scanned
Scan process 'svchost.exe' - '38' Module(s) have been scanned
Scan process 'nvvsvc.exe' - '23' Module(s) have been scanned
Scan process 'svchost.exe' - '43' Module(s) have been scanned
Scan process 'winlogon.exe' - '31' Module(s) have been scanned
Scan process 'lsm.exe' - '22' Module(s) have been scanned
Scan process 'lsass.exe' - '62' Module(s) have been scanned
Scan process 'services.exe' - '33' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'wininit.exe' - '26' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '1918' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\ProgramData\DC7F29D69C33F0E97134B8C0E4B078E6\b\bint1
[DETECTION] Is the TR/Katusha.2.27 Trojan
C:\Qoobox\Quarantine\C\ProgramData\SysWoW32\_u1045610869v3.vir
[0] Archive type: ZIP
[DETECTION] Is the TR/Katusha.2.23 Trojan
--> setup.exe
[DETECTION] Is the TR/Katusha.2.23 Trojan
C:\Users\june call\AppData\Local\Microsoft\Windows Mail\Local Folders\Junk E-mail\45091238-0000475A.eml
[0] Archive type: MIME
[DETECTION] Contains recognition pattern of the PHISH/cbn.A phishing file/email
--> DR.OLUSEGUN AGANGA.txt
[DETECTION] Contains recognition pattern of the PHISH/cbn.A phishing file/email
[WARNING] This file is a mailbox. To avoid damaging your emails this file will not be repaired or deleted.
Begin scan in 'D:\' <HP_RECOVERY>

Beginning disinfection:
C:\Users\june call\AppData\Local\Microsoft\Windows Mail\Local Folders\Junk E-mail\45091238-0000475A.eml
[DETECTION] Contains recognition pattern of the PHISH/cbn.A phishing file/email
[WARNING] The file was ignored!
C:\Qoobox\Quarantine\C\ProgramData\SysWoW32\_u1045610869v3.vir
[DETECTION] Is the TR/Katusha.2.23 Trojan
[NOTE] The file was moved to the quarantine directory under the name '48e231f2.qua'.
C:\ProgramData\DC7F29D69C33F0E97134B8C0E4B078E6\b\bint1
[DETECTION] Is the TR/Katusha.2.27 Trojan
[NOTE] The file was moved to the quarantine directory under the name '50321e41.qua'.


End of the scan: Tuesday, February 22, 2011 23:02
Used time: 2:32:14 Hour(s)

The scan has been done completely.

30705 Scanned directories
890950 Files were scanned
3 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
2 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
890947 Files not concerned
47430 Archives were scanned
1 Warnings
2 Notes
862201 Objects were scanned with rootkit scan
1 Hidden objects were found

Thanks
James
Jwilkes@comcast.net
stingerbud
Active Member
 
Posts: 11
Joined: February 13th, 2011, 1:14 am
Advertisement
Register to Remove

Re: got some sort of redirct malware on my browers IE and m

Unread postby stingerbud » February 23rd, 2011, 1:12 am

tdsskiller
nothing found


vira AntiVir Personal
Report file date: Tuesday, February 22, 2011 20:01

Scanning for 2425460 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows Vista
Windows version : (Service Pack 2) [6.0.6002]
Boot mode : Normally booted
Username : SYSTEM
Computer name : JUNECALL-PC

Version information:
BUILD.DAT : 10.0.0.611 31824 Bytes 1/14/2011 13:42:00
AVSCAN.EXE : 10.0.3.5 435368 Bytes 1/10/2011 20:23:31
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 18:57:04
LUKE.DLL : 10.0.3.2 104296 Bytes 1/10/2011 20:23:40
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 05:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 15:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 20:23:50
VBASE002.VDF : 7.11.3.0 1950720 Bytes 2/9/2011 04:09:23
VBASE003.VDF : 7.11.3.1 2048 Bytes 2/9/2011 04:09:23
VBASE004.VDF : 7.11.3.2 2048 Bytes 2/9/2011 04:09:23
VBASE005.VDF : 7.11.3.3 2048 Bytes 2/9/2011 04:09:23
VBASE006.VDF : 7.11.3.4 2048 Bytes 2/9/2011 04:09:24
VBASE007.VDF : 7.11.3.5 2048 Bytes 2/9/2011 04:09:24
VBASE008.VDF : 7.11.3.6 2048 Bytes 2/9/2011 04:09:24
VBASE009.VDF : 7.11.3.7 2048 Bytes 2/9/2011 04:09:24
VBASE010.VDF : 7.11.3.8 2048 Bytes 2/9/2011 04:09:24
VBASE011.VDF : 7.11.3.9 2048 Bytes 2/9/2011 04:09:25
VBASE012.VDF : 7.11.3.10 2048 Bytes 2/9/2011 04:09:25
VBASE013.VDF : 7.11.3.59 157184 Bytes 2/14/2011 04:09:39
VBASE014.VDF : 7.11.3.97 120320 Bytes 2/16/2011 04:08:58
VBASE015.VDF : 7.11.3.148 128000 Bytes 2/19/2011 03:19:22
VBASE016.VDF : 7.11.3.183 140288 Bytes 2/22/2011 01:59:04
VBASE017.VDF : 7.11.3.184 2048 Bytes 2/22/2011 01:59:05
VBASE018.VDF : 7.11.3.185 2048 Bytes 2/22/2011 01:59:05
VBASE019.VDF : 7.11.3.186 2048 Bytes 2/22/2011 01:59:05
VBASE020.VDF : 7.11.3.187 2048 Bytes 2/22/2011 01:59:05
VBASE021.VDF : 7.11.3.188 2048 Bytes 2/22/2011 01:59:05
VBASE022.VDF : 7.11.3.189 2048 Bytes 2/22/2011 01:59:06
VBASE023.VDF : 7.11.3.190 2048 Bytes 2/22/2011 01:59:06
VBASE024.VDF : 7.11.3.191 2048 Bytes 2/22/2011 01:59:06
VBASE025.VDF : 7.11.3.192 2048 Bytes 2/22/2011 01:59:06
VBASE026.VDF : 7.11.3.193 2048 Bytes 2/22/2011 01:59:06
VBASE027.VDF : 7.11.3.194 2048 Bytes 2/22/2011 01:59:07
VBASE028.VDF : 7.11.3.195 2048 Bytes 2/22/2011 01:59:07
VBASE029.VDF : 7.11.3.196 2048 Bytes 2/22/2011 01:59:07
VBASE030.VDF : 7.11.3.197 2048 Bytes 2/22/2011 01:59:07
VBASE031.VDF : 7.11.3.198 2048 Bytes 2/22/2011 01:59:07
Engineversion : 8.2.4.170
AEVDF.DLL : 8.1.2.1 106868 Bytes 1/10/2011 20:23:26
AESCRIPT.DLL : 8.1.3.53 1282427 Bytes 2/16/2011 04:09:55
AESCN.DLL : 8.1.7.2 127349 Bytes 1/10/2011 20:23:26
AESBX.DLL : 8.1.3.2 254324 Bytes 1/10/2011 20:23:26
AERDL.DLL : 8.1.9.2 635252 Bytes 1/10/2011 20:23:25
AEPACK.DLL : 8.2.4.9 512374 Bytes 2/16/2011 04:09:54
AEOFFICE.DLL : 8.1.1.16 205179 Bytes 2/16/2011 04:09:53
AEHEUR.DLL : 8.1.2.78 3277175 Bytes 2/18/2011 04:40:56
AEHELP.DLL : 8.1.16.1 246134 Bytes 2/16/2011 04:09:47
AEGEN.DLL : 8.1.5.2 397683 Bytes 2/16/2011 04:09:47
AEEMU.DLL : 8.1.3.0 393589 Bytes 1/10/2011 20:23:18
AECORE.DLL : 8.1.19.2 196983 Bytes 2/16/2011 04:09:46
AEBB.DLL : 8.1.1.0 53618 Bytes 1/10/2011 20:23:18
AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/10/2011 20:23:32
AVPREF.DLL : 10.0.0.0 44904 Bytes 1/10/2011 20:23:30
AVREP.DLL : 10.0.0.8 62209 Bytes 6/17/2010 20:27:13
AVREG.DLL : 10.0.3.2 53096 Bytes 1/10/2011 20:23:31
AVSCPLR.DLL : 10.0.3.2 84328 Bytes 1/10/2011 20:23:31
AVARKT.DLL : 10.0.22.6 231784 Bytes 1/10/2011 20:23:27
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/10/2011 20:23:28
SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 20:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 1/10/2011 20:23:31
NETNT.DLL : 10.0.0.0 11624 Bytes 6/17/2010 20:27:21
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 19:10:20
RCTEXT.DLL : 10.0.58.0 97128 Bytes 1/10/2011 20:23:52

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Tuesday, February 22, 2011 20:01

Starting search for hidden objects.
c:\windows\system32\regsvr32.exe
c:\windows\system32\regsvr32.exe
[NOTE] The process is not visible.

The scan of running processes will be started
Scan process 'taskeng.exe' - '24' Module(s) have been scanned
Scan process 'svchost.exe' - '30' Module(s) have been scanned
Scan process 'vssvc.exe' - '49' Module(s) have been scanned
Scan process 'avscan.exe' - '77' Module(s) have been scanned
Scan process 'avscan.exe' - '29' Module(s) have been scanned
Scan process 'avcenter.exe' - '74' Module(s) have been scanned
Scan process 'iexplore.exe' - '130' Module(s) have been scanned
Scan process 'AAM Updates Notifier.exe' - '69' Module(s) have been scanned
Scan process 'svchost.exe' - '42' Module(s) have been scanned
Scan process 'mozybackup.exe' - '29' Module(s) have been scanned
Scan process 'mozybackup.exe' - '53' Module(s) have been scanned
Scan process 'hphc_service.exe' - '43' Module(s) have been scanned
Scan process 'svchost.exe' - '21' Module(s) have been scanned
Scan process 'ehmsas.exe' - '23' Module(s) have been scanned
Scan process 'ONENOTEM.EXE' - '18' Module(s) have been scanned
Scan process 'mozystat.exe' - '36' Module(s) have been scanned
Scan process 'ehtray.exe' - '26' Module(s) have been scanned
Scan process 'sidebar.exe' - '55' Module(s) have been scanned
Scan process 'avgnt.exe' - '53' Module(s) have been scanned
Scan process 'AdobeARM.exe' - '47' Module(s) have been scanned
Scan process 'taskeng.exe' - '80' Module(s) have been scanned
Scan process 'WiFiMsg.exe' - '36' Module(s) have been scanned
Scan process 'Explorer.EXE' - '163' Module(s) have been scanned
Scan process 'Dwm.exe' - '37' Module(s) have been scanned
Scan process 'QPSched.exe' - '40' Module(s) have been scanned
Scan process 'SDWinSec.exe' - '47' Module(s) have been scanned
Scan process 'hpqwmiex.exe' - '32' Module(s) have been scanned
Scan process 'xaudio.exe' - '14' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '62' Module(s) have been scanned
Scan process 'svchost.exe' - '27' Module(s) have been scanned
Scan process 'svchost.exe' - '45' Module(s) have been scanned
Scan process 'RichVideo.exe' - '22' Module(s) have been scanned
Scan process 'QPCapSvc.exe' - '78' Module(s) have been scanned
Scan process 'svchost.exe' - '42' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '23' Module(s) have been scanned
Scan process 'svchost.exe' - '48' Module(s) have been scanned
Scan process 'FileZilla Server.exe' - '18' Module(s) have been scanned
Scan process 'rundll32.exe' - '46' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '33' Module(s) have been scanned
Scan process 'taskeng.exe' - '48' Module(s) have been scanned
Scan process 'atashost.exe' - '26' Module(s) have been scanned
Scan process 'avshadow.exe' - '33' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '47' Module(s) have been scanned
Scan process 'avguard.exe' - '65' Module(s) have been scanned
Scan process 'svchost.exe' - '54' Module(s) have been scanned
Scan process 'svchost.exe' - '60' Module(s) have been scanned
Scan process 'sched.exe' - '56' Module(s) have been scanned
Scan process 'spoolsv.exe' - '95' Module(s) have been scanned
Scan process 'svchost.exe' - '97' Module(s) have been scanned
Scan process 'svchost.exe' - '87' Module(s) have been scanned
Scan process 'SLsvc.exe' - '23' Module(s) have been scanned
Scan process 'svchost.exe' - '156' Module(s) have been scanned
Scan process 'svchost.exe' - '115' Module(s) have been scanned
Scan process 'svchost.exe' - '64' Module(s) have been scanned
Scan process 'svchost.exe' - '47' Module(s) have been scanned
Scan process 'svchost.exe' - '38' Module(s) have been scanned
Scan process 'nvvsvc.exe' - '23' Module(s) have been scanned
Scan process 'svchost.exe' - '43' Module(s) have been scanned
Scan process 'winlogon.exe' - '31' Module(s) have been scanned
Scan process 'lsm.exe' - '22' Module(s) have been scanned
Scan process 'lsass.exe' - '62' Module(s) have been scanned
Scan process 'services.exe' - '33' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'wininit.exe' - '26' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '1918' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\ProgramData\DC7F29D69C33F0E97134B8C0E4B078E6\b\bint1
[DETECTION] Is the TR/Katusha.2.27 Trojan
C:\Qoobox\Quarantine\C\ProgramData\SysWoW32\_u1045610869v3.vir
[0] Archive type: ZIP
[DETECTION] Is the TR/Katusha.2.23 Trojan
--> setup.exe
[DETECTION] Is the TR/Katusha.2.23 Trojan
C:\Users\june call\AppData\Local\Microsoft\Windows Mail\Local Folders\Junk E-mail\45091238-0000475A.eml
[0] Archive type: MIME
[DETECTION] Contains recognition pattern of the PHISH/cbn.A phishing file/email
--> DR.OLUSEGUN AGANGA.txt
[DETECTION] Contains recognition pattern of the PHISH/cbn.A phishing file/email
[WARNING] This file is a mailbox. To avoid damaging your emails this file will not be repaired or deleted.
Begin scan in 'D:\' <HP_RECOVERY>

Beginning disinfection:
C:\Users\june call\AppData\Local\Microsoft\Windows Mail\Local Folders\Junk E-mail\45091238-0000475A.eml
[DETECTION] Contains recognition pattern of the PHISH/cbn.A phishing file/email
[WARNING] The file was ignored!
C:\Qoobox\Quarantine\C\ProgramData\SysWoW32\_u1045610869v3.vir
[DETECTION] Is the TR/Katusha.2.23 Trojan
[NOTE] The file was moved to the quarantine directory under the name '48e231f2.qua'.
C:\ProgramData\DC7F29D69C33F0E97134B8C0E4B078E6\b\bint1
[DETECTION] Is the TR/Katusha.2.27 Trojan
[NOTE] The file was moved to the quarantine directory under the name '50321e41.qua'.


End of the scan: Tuesday, February 22, 2011 23:02
Used time: 2:32:14 Hour(s)

The scan has been done completely.

30705 Scanned directories
890950 Files were scanned
3 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
2 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
890947 Files not concerned
47430 Archives were scanned
1 Warnings
2 Notes
862201 Objects were scanned with rootkit scan
1 Hidden objects were found

Thanks
James
Jwilkes@comcast.net
stingerbud
Active Member
 
Posts: 11
Joined: February 13th, 2011, 1:14 am

Re: got some sort of redirct malware on my browers IE and m

Unread postby askey127 » February 23rd, 2011, 8:07 am

stingerbud,
Looks better.
Tell me how it's running.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: got some sort of redirct malware on my browers IE and m

Unread postby stingerbud » February 23rd, 2011, 9:19 pm

Its running much better I can go to a web page without getting redircted.
I thank its running faster now.

Thank you very much
James wilkes
Jwilkes@comcast.net
stingerbud
Active Member
 
Posts: 11
Joined: February 13th, 2011, 1:14 am

Re: got some sort of redirct malware on my browers IE and m

Unread postby askey127 » February 24th, 2011, 7:18 am

stingerbud,
Good News.

Just Start OTL and click the "Clean Up" button.
It will remove the tools we used.

Good Luck!
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: got some sort of redirct malware on my browers IE and m

Unread postby askey127 » February 27th, 2011, 9:46 am

this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 287 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware