Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Search results redirected

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Search results redirected

Unread postby hccyong » April 2nd, 2011, 12:42 am

Hi Cypher,
Here is my ESET log.
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=53c9f32372d8b34faaef2cc34476d441
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-04-02 04:36:13
# local_time=2011-04-01 09:36:13 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1032 16777189 100 95 0 44051938 0 0
# compatibility_mode=5121 16777189 100 75 0 14708542 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=131164
# found=3
# cleaned=3
# scan_time=3425
C:\Documents and Settings\Leslie & Harris\My Documents\~Harris\Computers\SmitfraudFix\SmitfraudFix\Process.exe Win32/PrcView application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Leslie & Harris\My Documents\~Harris\Computers\SmitfraudFix\SmitfraudFix\restart.exe Win32/Shutdown.NAA application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Leslie & Harris\My Documents\~Harris\Computers\smitRem\Process.exe Win32/PrcView application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C


I have not used my computer too much today other than performing your instructions. It appears that the main issue of search sites being redirected have been addressed. I will update you again after some more use. Thank you!
hccyong
Active Member
 
Posts: 12
Joined: March 27th, 2011, 12:34 am
Advertisement
Register to Remove

Re: Search results redirected

Unread postby Cypher » April 2nd, 2011, 4:48 am

Hi hccyong.
It appears that the main issue of search sites being redirected have been addressed. I will update you again after some more use. Thank you!

Use your computer for a day or so then let me know how it's performing.
If you are having no further problems i will give you final instructions.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Search results redirected

Unread postby Cypher » April 3rd, 2011, 1:38 pm

Hi hccyong.
How is your PC performing are you having any problems now?
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Search results redirected

Unread postby hccyong » April 3rd, 2011, 7:56 pm

Hi Cypher,
Things are working well. Please let me know your final instructions.
Can you also tell me if you think the rootkit infection compromised any of my security, or was it mainly an ad annoyance? Is there an antivirus that you would recommend? I had AVG installed at that time already. Thank you.
hccyong
Active Member
 
Posts: 12
Joined: March 27th, 2011, 12:34 am

Re: Search results redirected

Unread postby Cypher » April 4th, 2011, 5:49 am

Hi hccyong.
Is there an antivirus that you would recommend? I had AVG installed at that time already.

I wouldn't recommend AVG but there are other good free AV applications, i will list some choices for you below.
Can you also tell me if you think the rootkit infection compromised any of my security

Your computer was infected with the TDL4/TDSS rootkit.
Due to its rootkit functionality, it's impossible to tell what may have been done when the system was compromised.

Therefore now your PC is clean it may be prudent to:

  1. Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts.
  2. Change all your passwords (ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, online groups and forums and any other online activities you carry out which require a username and password)

What are rootkits from Wikipedia

How do I respond to a possible identity theft and how do I prevent it

your latest set of logs appear to be clean!
This is my general post for when your logs show no more signs of malware.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Clean up with OTM

  • Double-click OTM.exe to start the program, This tool will remove all the tools we used to clean your pc.
  • Close all other programs apart from OTMoveIt3 as this step will require a reboot
  • On the OTM main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.

You can now delete any tools we used if they remain on your Desktop.

Protection Programs
Don't forget to re-enable any protection programs we disabled during your fix.

Here are some free programs I recommend that could help you improve your computer's security.

Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network. Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors.


Note: You should run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and results in program conflicts and false virus alerts.

Install SpywareBlaster
Download and install Javacools SpywareBlaster from Here
SpywareBlaster adds a list of ActiveX controls, tracking cookies and sites which will be blocked in either Internet Explorer or Firefox browsers. You need to manually check for updates regularly.

Install SiteAdvisor
SiteAdvisor is a toolbar for Microsoft Internet Explorer and Mozilla Firefox which alerts you if you're about to enter a potentially dangerous website.
You can find more information and download it from Here

Install WinPatrol
As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
For more information, please visit HERE

MVPS Hosts

Install MVPS Hosts File From Here
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
You can Find the Tutorial HERE

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Visit Microsoft often to get the latest updates for your computer
You can do that HERE

Read some information HERE On how to prevent Malware

I would be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Safe surfing!
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Search results redirected

Unread postby hccyong » April 5th, 2011, 2:21 am

Hi Cypher,
I have read your final instructions. If I have anymore questions related to this rootkit or fixes, should I reply here or start a new thread? Thanks for all your help!
hccyong
Active Member
 
Posts: 12
Joined: March 27th, 2011, 12:34 am

Re: Search results redirected

Unread postby Cypher » April 5th, 2011, 4:52 am

Hi hccyong.
Thanks for all your help!

You're most welcome.
As this topic has been resolved it will be closed.
Do you have any further questions before i do close it?
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Search results redirected

Unread postby hccyong » April 5th, 2011, 4:31 pm

No more questions at this time. Thanks.
hccyong
Active Member
 
Posts: 12
Joined: March 27th, 2011, 12:34 am

Re: Search results redirected

Unread postby Cypher » April 6th, 2011, 6:11 am

As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 138 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware