Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Google Redirect Virus + Ads playing in background

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Google Redirect Virus + Ads playing in background

Unread postby MikeLin007 » July 23rd, 2012, 4:49 pm

Here is the ESET log, it picked up 17 infected files:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=c12a70e189e4e14e9db6e20185663aca
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-08-19 10:36:01
# local_time=2011-08-19 03:36:01 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1032 16777189 100 96 0 56127602 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=40017
# found=12
# cleaned=0
# scan_time=2146
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pj3ny8b4.default\extensions\{04610e7d-88db-4154-a296-86a0e33f1300}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pj3ny8b4.default\extensions\{04610e7d-88db-4154-a296-86a0e33f1300}\chrome\xulcache.jar JS/Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pj3ny8b4.default\extensions\{51d20aa8-1c3a-4c14-9472-92577cf549ce}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pj3ny8b4.default\extensions\{51d20aa8-1c3a-4c14-9472-92577cf549ce}\chrome\xulcache.jar JS/Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pj3ny8b4.default\extensions\{63fa5bfd-b341-4af5-9f7e-1925448e1a54}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pj3ny8b4.default\extensions\{63fa5bfd-b341-4af5-9f7e-1925448e1a54}\chrome\xulcache.jar JS/Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pj3ny8b4.default\extensions\{85711be1-287f-429c-9e1d-e7820a1389eb}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pj3ny8b4.default\extensions\{85711be1-287f-429c-9e1d-e7820a1389eb}\chrome\xulcache.jar JS/Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pj3ny8b4.default\extensions\{9137752e-97e9-4a33-aae0-d756d2fb1b6a}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pj3ny8b4.default\extensions\{9137752e-97e9-4a33-aae0-d756d2fb1b6a}\chrome\xulcache.jar JS/Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pj3ny8b4.default\extensions\{fe36fb26-9979-4641-8151-658d7973ba07}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pj3ny8b4.default\extensions\{fe36fb26-9979-4641-8151-658d7973ba07}\chrome\xulcache.jar JS/Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=c12a70e189e4e14e9db6e20185663aca
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-08-20 01:16:08
# local_time=2011-08-19 06:16:08 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1032 16777189 100 96 0 56129862 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=155386
# found=27
# cleaned=0
# scan_time=9498
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pj3ny8b4.default\extensions\{04610e7d-88db-4154-a296-86a0e33f1300}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pj3ny8b4.default\extensions\{04610e7d-88db-4154-a296-86a0e33f1300}\chrome\xulcache.jar JS/Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pj3ny8b4.default\extensions\{51d20aa8-1c3a-4c14-9472-92577cf549ce}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pj3ny8b4.default\extensions\{51d20aa8-1c3a-4c14-9472-92577cf549ce}\chrome\xulcache.jar JS/Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pj3ny8b4.default\extensions\{63fa5bfd-b341-4af5-9f7e-1925448e1a54}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pj3ny8b4.default\extensions\{63fa5bfd-b341-4af5-9f7e-1925448e1a54}\chrome\xulcache.jar JS/Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pj3ny8b4.default\extensions\{85711be1-287f-429c-9e1d-e7820a1389eb}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pj3ny8b4.default\extensions\{85711be1-287f-429c-9e1d-e7820a1389eb}\chrome\xulcache.jar JS/Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pj3ny8b4.default\extensions\{9137752e-97e9-4a33-aae0-d756d2fb1b6a}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pj3ny8b4.default\extensions\{9137752e-97e9-4a33-aae0-d756d2fb1b6a}\chrome\xulcache.jar JS/Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pj3ny8b4.default\extensions\{fe36fb26-9979-4641-8151-658d7973ba07}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pj3ny8b4.default\extensions\{fe36fb26-9979-4641-8151-658d7973ba07}\chrome\xulcache.jar JS/Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\mike\My Documents\The Sims 3 - Razor1911 MAXSPEED www.torentz.3xforum.ro\The Sims 3 - Razor1911 MAXSPEED www.torentz.3xforum.ro.iso probably a variant of Win32/Hupigon.CJKIBCX trojan (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\MTGOLibrary\MTGO Library Bot\ScreenshotMaker.exe probably a variant of Win32/Agent.FSSZEC trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\08192011_111803\C_Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\uw4aeput.default\extensions\{04610e7d-88db-4154-a296-86a0e33f1300}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\08192011_111803\C_Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\uw4aeput.default\extensions\{04610e7d-88db-4154-a296-86a0e33f1300}\chrome\xulcache.jar JS/Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\08192011_111803\C_Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\uw4aeput.default\extensions\{51d20aa8-1c3a-4c14-9472-92577cf549ce}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\08192011_111803\C_Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\uw4aeput.default\extensions\{51d20aa8-1c3a-4c14-9472-92577cf549ce}\chrome\xulcache.jar JS/Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\08192011_111803\C_Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\uw4aeput.default\extensions\{63fa5bfd-b341-4af5-9f7e-1925448e1a54}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\08192011_111803\C_Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\uw4aeput.default\extensions\{63fa5bfd-b341-4af5-9f7e-1925448e1a54}\chrome\xulcache.jar JS/Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\08192011_111803\C_Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\uw4aeput.default\extensions\{85711be1-287f-429c-9e1d-e7820a1389eb}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\08192011_111803\C_Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\uw4aeput.default\extensions\{85711be1-287f-429c-9e1d-e7820a1389eb}\chrome\xulcache.jar JS/Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\08192011_111803\C_Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\uw4aeput.default\extensions\{9137752e-97e9-4a33-aae0-d756d2fb1b6a}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\08192011_111803\C_Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\uw4aeput.default\extensions\{9137752e-97e9-4a33-aae0-d756d2fb1b6a}\chrome\xulcache.jar JS/Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\08192011_111803\C_Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\uw4aeput.default\extensions\{fe36fb26-9979-4641-8151-658d7973ba07}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\08192011_111803\C_Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\uw4aeput.default\extensions\{fe36fb26-9979-4641-8151-658d7973ba07}\chrome\xulcache.jar JS/Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\08192011_111803\C_WINDOWS\system32\ati2evxx32.dll a variant of Win32/Kryptik.RSL trojan (unable to clean) 00000000000000000000000000000000 I
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=c12a70e189e4e14e9db6e20185663aca
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-08-20 11:10:10
# local_time=2011-08-20 04:10:10 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1032 16777189 100 96 0 56206186 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=155541
# found=27
# cleaned=0
# scan_time=12016
C:\_OTL\MovedFiles\08192011_111803\C_Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\uw4aeput.default\extensions\{04610e7d-88db-4154-a296-86a0e33f1300}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\08192011_111803\C_Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\uw4aeput.default\extensions\{04610e7d-88db-4154-a296-86a0e33f1300}\chrome\xulcache.jar JS/Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\08192011_111803\C_Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\uw4aeput.default\extensions\{51d20aa8-1c3a-4c14-9472-92577cf549ce}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\08192011_111803\C_Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\uw4aeput.default\extensions\{51d20aa8-1c3a-4c14-9472-92577cf549ce}\chrome\xulcache.jar JS/Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\08192011_111803\C_Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\uw4aeput.default\extensions\{63fa5bfd-b341-4af5-9f7e-1925448e1a54}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\08192011_111803\C_Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\uw4aeput.default\extensions\{63fa5bfd-b341-4af5-9f7e-1925448e1a54}\chrome\xulcache.jar JS/Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\08192011_111803\C_Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\uw4aeput.default\extensions\{85711be1-287f-429c-9e1d-e7820a1389eb}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\08192011_111803\C_Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\uw4aeput.default\extensions\{85711be1-287f-429c-9e1d-e7820a1389eb}\chrome\xulcache.jar JS/Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\08192011_111803\C_Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\uw4aeput.default\extensions\{9137752e-97e9-4a33-aae0-d756d2fb1b6a}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\08192011_111803\C_Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\uw4aeput.default\extensions\{9137752e-97e9-4a33-aae0-d756d2fb1b6a}\chrome\xulcache.jar JS/Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\08192011_111803\C_Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\uw4aeput.default\extensions\{fe36fb26-9979-4641-8151-658d7973ba07}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\08192011_111803\C_Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\uw4aeput.default\extensions\{fe36fb26-9979-4641-8151-658d7973ba07}\chrome\xulcache.jar JS/Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\08192011_111803\C_WINDOWS\system32\ati2evxx32.dll a variant of Win32/Kryptik.RSL trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\08192011_224845\C_Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pj3ny8b4.default\extensions\{04610e7d-88db-4154-a296-86a0e33f1300}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\08192011_224845\C_Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pj3ny8b4.default\extensions\{04610e7d-88db-4154-a296-86a0e33f1300}\chrome\xulcache.jar JS/Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\08192011_224845\C_Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pj3ny8b4.default\extensions\{51d20aa8-1c3a-4c14-9472-92577cf549ce}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\08192011_224845\C_Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pj3ny8b4.default\extensions\{51d20aa8-1c3a-4c14-9472-92577cf549ce}\chrome\xulcache.jar JS/Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\08192011_224845\C_Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pj3ny8b4.default\extensions\{63fa5bfd-b341-4af5-9f7e-1925448e1a54}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\08192011_224845\C_Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pj3ny8b4.default\extensions\{63fa5bfd-b341-4af5-9f7e-1925448e1a54}\chrome\xulcache.jar JS/Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\08192011_224845\C_Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pj3ny8b4.default\extensions\{85711be1-287f-429c-9e1d-e7820a1389eb}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\08192011_224845\C_Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pj3ny8b4.default\extensions\{85711be1-287f-429c-9e1d-e7820a1389eb}\chrome\xulcache.jar JS/Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\08192011_224845\C_Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pj3ny8b4.default\extensions\{9137752e-97e9-4a33-aae0-d756d2fb1b6a}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\08192011_224845\C_Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pj3ny8b4.default\extensions\{9137752e-97e9-4a33-aae0-d756d2fb1b6a}\chrome\xulcache.jar JS/Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\08192011_224845\C_Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pj3ny8b4.default\extensions\{fe36fb26-9979-4641-8151-658d7973ba07}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\08192011_224845\C_Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pj3ny8b4.default\extensions\{fe36fb26-9979-4641-8151-658d7973ba07}\chrome\xulcache.jar JS/Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\08192011_224845\C_Documents and Settings\mike\My Documents\The Sims 3 - Razor1911 MAXSPEED www.torentz.3xforum.ro\The Sims 3 - Razor1911 MAXSPEED www.torentz.3xforum.ro.iso probably a variant of Win32/Hupigon.CJKIBCX trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\08192011_224845\C_Program Files\MTGOLibrary\MTGO Library Bot\ScreenshotMaker.exe probably a variant of Win32/Agent.FSSZEC trojan (unable to clean) 00000000000000000000000000000000 I
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=c12a70e189e4e14e9db6e20185663aca
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-07-23 06:47:59
# local_time=2012-07-23 02:47:59 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1024 16777191 100 0 25558320 25558320 0 0
# compatibility_mode=8192 67108863 100 0 29181562 29181562 0 0
# scanned=158566
# found=17
# cleaned=0
# scan_time=10318
C:\Documents and Settings\mike\My Documents\Downloads\doubleTwistSetup.exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\22.07.2012_12.36.01\mbr0000\tdlfs0000\tsk0001.dta Win32/Olmarik.AYI trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\22.07.2012_12.36.01\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.AK trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\22.07.2012_12.36.01\mbr0000\tdlfs0000\tsk0003.dta Win32/Olmarik.AYH trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\22.07.2012_12.36.01\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.AL trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\22.07.2012_12.36.01\mbr0000\tdlfs0000\tsk0005.dta a variant of Win32/Rootkit.Kryptik.NH trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\22.07.2012_12.36.01\mbr0000\tdlfs0000\tsk0006.dta Win64/Olmarik.AK trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\22.07.2012_12.36.01\mbr0000\tdlfs0000\tsk0010.dta Win32/Olmarik.AFK trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\22.07.2012_12.36.01\mbr0000\tdlfs0000\tsk0011.dta Win64/Olmarik.AK trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\22.07.2012_13.35.26\tdlfs0000\tsk0001.dta Win32/Olmarik.AYI trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\22.07.2012_13.35.26\tdlfs0000\tsk0002.dta Win64/Olmarik.AK trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\22.07.2012_13.35.26\tdlfs0000\tsk0003.dta Win32/Olmarik.AYH trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\22.07.2012_13.35.26\tdlfs0000\tsk0004.dta Win64/Olmarik.AL trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\22.07.2012_13.35.26\tdlfs0000\tsk0005.dta a variant of Win32/Rootkit.Kryptik.NH trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\22.07.2012_13.35.26\tdlfs0000\tsk0006.dta Win64/Olmarik.AK trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\22.07.2012_13.35.26\tdlfs0000\tsk0010.dta Win32/Olmarik.AFK trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\22.07.2012_13.35.26\tdlfs0000\tsk0011.dta Win64/Olmarik.AK trojan (unable to clean) 00000000000000000000000000000000 I
MikeLin007
Regular Member
 
Posts: 29
Joined: August 15th, 2011, 1:16 am
Advertisement
Register to Remove

Re: Google Redirect Virus + Ads playing in background

Unread postby melboy » July 23rd, 2012, 5:21 pm

Apart from the one, those are all files previously quarantined by TDSSKiller, so were expected.

How's the computer running?
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Google Redirect Virus + Ads playing in background

Unread postby MikeLin007 » July 23rd, 2012, 5:46 pm

My computer is running like normal again, google redirects are gone and there are no more ads playing in the background. So is this file a false positive?

C:\Documents and Settings\mike\My Documents\Downloads\doubleTwistSetup.exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I
MikeLin007
Regular Member
 
Posts: 29
Joined: August 15th, 2011, 1:16 am

Re: Google Redirect Virus + Ads playing in background

Unread postby melboy » July 23rd, 2012, 5:58 pm

Not exactly, but equally not that serious either.

Adware:Win32/OpenCandy is an adware program that may be bundled with certain third-party software installation programs. Some versions of this program may send user-specific information, including a unique machine code, operating system information, locale (country), and certain other information to a remote server without obtaining adequate user consent.
While running an installation program utilizing the OpenCandy component, you may receive an offer to install a recommended program. This offer may indicate it is "Powered by OpenCandy".

http://www.microsoft.com/security/porta ... FOpenCandy

OpenCandy say:
OpenCandy provides advertising solutions that help software developers make money from application installer downloads, reach new users and increase engagement.
http://www.opencandy.com/

When installing software, especially freeware, read the EULA's carefully & also pay attention to the installers and the questions they pose. Uncheck any pre-checked extras you do not want, nor need.

You can delete that file if you want.

Any other questions? :)
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Google Redirect Virus + Ads playing in background

Unread postby MikeLin007 » July 23rd, 2012, 6:00 pm

That covers all my questions. Thanks again for such amazing help. You guys work wonders here!
MikeLin007
Regular Member
 
Posts: 29
Joined: August 15th, 2011, 1:16 am

Re: Google Redirect Virus + Ads playing in background

Unread postby melboy » July 23rd, 2012, 6:21 pm

Your log now appears to be clean. Congratulations!
This is my general post for when your logs show no more signs of malware ;) - Please let me know if you still are having problems with your computer and what these problems are. If not please continue with the instructions below.


Uninstall Combofix

We Need to Remove ComboFix

  1. Please go to Start -> Run
  2. Enter "ComboFix /uninstall" (without quotes). Note the space between "ComboFix" and "/uninstall", it needs to be there.
    Image
  3. Press OK (Or hit enter).
  4. Allow ComboFix to remove itself.



OTC by OldTimer

Download OTC by Old Timer and save it to your Desktop.

  • Double-click OTC.exe
  • Click the CleanUp! button
  • Select Yes when the Begin cleanup Process? Prompt appears
  • If you are prompted to Reboot during the cleanup, select Yes
  • The tool will delete itself once it finishes, if not delete it by yourself

===============================

Update Firefox

It is improtant to keep whatever browser you have installed up to date. The version of Firefox you have installed is outdated and contains known vulnerabilities.

  • Open Firefox
  • Go to Help > Check for updates
  • If an update is found, click Update Firefox
  • Once the update has downloaded, click Restart Firefox
  • Firefox will install the update and restart.

Alternatively, uninstall Firefox via Add/Remove programs and download and install the latest version from Here



Update Java Runtime

You are using an old version of Java. Oracle's Java (Was Sun Java) is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system.
The most current version of Oracle Java is: Java Runtime Environment Version 7 Update 5.

  • Go to Oracle Java
  • Scroll down to where it says "Java Platform, Standard Edition. Java SE 7 Update 5"
  • Click the Download JRE button to the right.
  • Check the box to Accept License Agreement
  • In the list of files, Look to Windows x86 Offline & click on the link to the right which says "jre-7u5-windows-i586.exe" and save the downloaded file to your desktop.
  • Uninstall old versions of Java via Start > Control Panel > Add/Remove Programs:
    Java(TM) 6 Update 29
  • Install the new version by running the newly-downloaded file with the java icon which will be at your desktop, and follow the on-screen instructions.
  • Reboot your computer

=====================================

ROOTKIT

Your computer was infected with a ROOTKIT. A rootkit is a set of software tools intended for concealing running processes, files or system data from the operating system.
The rootkit gives an intruder remote backdoor access to your computer. This gives intruders complete control of your computer to log your keystrokes, steal personal & critical system information, and Download and Execute files

You are strongly advised to do the following:

If you do any banking or other financial transactions on the PC, or if it should contain any other sensitive information:

  • Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts. If you don't mind the hassle, change all your account numbers.
  • Change all your passwords (ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, online groups and forums and any other online activities you carry out which require a username and password).

Please read this for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

=====================================

General Security and Computer Health
Below are some steps to follow in order to dramatically lower the chances of reinfection. You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented.

  • Make sure that you keep your antivirus updated
    New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
    Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
    Uninstall Tools for Major Antivirus Products
  • Security Updates for Windows, Internet Explorer & Microsoft Office
    Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.
    Note: The update process uses ActiveX, so you will need to use internet explorer for it and allow the ActiveX control to install.
  • Update Non-Microsoft Programs
    Microsoft isn't the only company whose products can contain security vulnerabilities. To check whether other programs running on your PC are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month.
  • Make Internet Explorer More Secure
    Even if you do not use Internet Explorer as you Primary/Default browser it is important to keep it updated. Internet Explorer can be utilised by other programs and therefore must be kept updated to avoid exploitable vulnerabilities.


Recommended Programs

I would recommend the download and installation of some or all of the following programs (if not already present), and the updating of them on a regular basis.

  • WinPatrol
    As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. For more information, please visit HERE.
  • Malwarebytes' Anti-Malware
    As you already have Malwarebytes' Anti-Malware on board I would keep it regularly updated and run regular quick scans with it. Malwarebytes' Anti-Malware is an anti-malware application that can thoroughly remove even the most advanced malware. The Full version can be used as an addition to an anti-virus & includes a number of features, including a built in protection monitor that blocks malicious processes before they even start.
    It's IP Protection provides an additional layer of security for your computer, by preventing access to known malicious IP addresses and IP ranges. You can now trial the full versions features within the program. Click the Protection Tab to see.
  • Hosts File
    For added protection you may also like to add a host file. A simple explanation of what a Hosts file does is HERE and for more information regarding host files read HERE.


Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs and other applications & programs up to date.

Also please read this great article by Tony Klein So How Did I Get Infected In First Place

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Happy surfing and stay clean!
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Google Redirect Virus + Ads playing in background

Unread postby NonSuch » July 27th, 2012, 12:50 pm

As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27302
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 38 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware