Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Firefox and IE 7 search redirects searchingandclick37.com

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Firefox and IE 7 search redirects searchingandclick37.co

Unread postby Cypher » August 9th, 2010, 4:55 am

Hi donp200.

BACKDOOR TROJAN

I'm afraid I have some bad news for you, unfortunatly as you can see from the Kaspersky scan One of the identified infections is a BACKDOOR TROJAN. Backdoor Trojans are the most dangerous and most widespread type of Trojan. Backdoor Trojans provide the author or "master" of the Trojan with remote "administration" of victims machines. Unlike legitimate remote administration utilities, they install, launch and run invisibly, without the consent or knowledge of the user. Once installed, Backdoor Trojans can be instructed to send, receive, execute and delete files, harvest confidential data from the computer, log activity on the computer, change settings on the computer and more. Please read this article by Roger A. Grimes on Remote Access Trojans it will give you an Idea of the severity of the type of infection you have.

What are Remote Access Trojans and why are they dangerous

You are strongly advised to do the following:

  • Disconnect the computer from the Internet and from any networked computers until it is cleaned.
  • Back up all your important data except programs. The programs can be reinstalled back from the original disc or from the Net.
  • Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts. If you don't mind the hassle, change all your account numbers.
  • From a clean computer, change all your passwords (ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, online groups and forums and any other online activities you carry out which require a username and password).

Do NOT change your passwords from this computer as the attacker will be able to get all the new passwords and transaction records.

How do I respond to a possible identity theft and how do I prevent it

Because of the severity and the capabilities of this type of virus, (it cannot be known what changes to your system it has made or if it opened up other ways into your system) The only responsible course of action I can advise is to reformat your computer and reinstall windows.

Further reading:

When should do a reformat and reinstallation of my OS
Where to backup your files
How to backup your files in Windows XP
Restoring your backups

Should you have any questions please feel free to ask.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove

Re: Firefox and IE 7 search redirects searchingandclick37.co

Unread postby donp200 » August 9th, 2010, 9:48 am

Cypher,

Is there any other way we can have these infections removed other than reformatting, if not, how can I ensure that I don't backup these infected files and later restore.
donp200
Regular Member
 
Posts: 15
Joined: July 31st, 2010, 9:46 am

Re: Firefox and IE 7 search redirects searchingandclick37.co

Unread postby Cypher » August 9th, 2010, 10:46 am

Hi donp200.
I can remove the infection but you need to be aware that you're PC will never be totally secure without reformatting.
If you do decide to reformat you will need to scan any files you have backed up before restoring them.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Firefox and IE 7 search redirects searchingandclick37.co

Unread postby donp200 » August 10th, 2010, 12:12 am

Cypher,
Love to try and clean first, I know I will have to eventually reformat it the drive , just trying to by a couple days to backup the necessary files and locate the program files etc.
donp200
Regular Member
 
Posts: 15
Joined: July 31st, 2010, 9:46 am

Re: Firefox and IE 7 search redirects searchingandclick37.co

Unread postby Cypher » August 10th, 2010, 6:14 am

Hi donp200.
Ok we can remove the infected file but i do advise you to reformat as soon as possible.

Re-run OTM
  • Double-click OTM.exe to run it.
  • Right-click then copy the following code, Do not include the word Code.
    Code: Select all
    :Files
    C:\Documents and Settings\Audia Clarke\Application Data\Microsoft\Microfoft\ctxad-580.0000 
    
    :Commands
    [emptytemp]
    [start explorer]
    [Reboot]
    

    • Return to OTM, right-click then paste the code into the blank box below Image
    • Next click on the largeImage button.
    • OTM may ask to reboot the machine. Please do so if asked.
    • Copy everything in the Results window (under the green bar), and paste it in your next reply.

NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Logs/Information to Post in your Next Reply

  • OTM log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Firefox and IE 7 search redirects searchingandclick37.co

Unread postby donp200 » August 10th, 2010, 8:38 pm

Cypher,

I in process of backing up essential files and and soon after reformat, see the OTM log below.

All processes killed
Error: Unable to interpret <Files> in the current context!
Error: Unable to interpret <C:\Documents and Settings\Audia Clarke\Application Data\Microsoft\Microfoft\ctxad-580.0000 > in the current context!
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Audia Clarke
->Temp folder emptied: 130101152 bytes
->Temporary Internet Files folder emptied: 58671700 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 737528 bytes
->Flash cache emptied: 9004 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Donald Ellis
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Kami
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Kiki
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 114688 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Owner

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 32848 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 614408 bytes
RecycleBin emptied: 578291 bytes

Total Files Cleaned = 182.00 mb


OTM by OldTimer - Version 3.1.15.0 log created on 08102010_201937
donp200
Regular Member
 
Posts: 15
Joined: July 31st, 2010, 9:46 am

Re: Firefox and IE 7 search redirects searchingandclick37.co

Unread postby Cypher » August 11th, 2010, 6:16 am

Hi donp200.
We need to run OTM again as there was an error in my last script.
Lets try this.

Re-run OTM
  • Double-click OTM.exe to run it.
  • Right-click then copy the following code, Do not include the word Code.
    Code: Select all
    :Files
    C:\Documents and Settings\Audia Clarke\Application Data\??crosoft\??crosoft\ctxad-580.0000
    
    :Commands
    [emptytemp]
    [start explorer]
    [Reboot]
    

    • Return to OTM, right-click then paste the code into the blank box below Image
    • Next click on the largeImage button.
    • OTM may ask to reboot the machine. Please do so if asked.
    • Copy everything in the Results window (under the green bar), and paste it in your next reply.

NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Logs/Information to Post in your Next Reply

  • OTM log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Firefox and IE 7 search redirects searchingandclick37.co

Unread postby donp200 » August 12th, 2010, 1:40 am

Dear Cypher,

Please see below the new OTM log, there is no major issue with computer performance

All processes killed
========== FILES ==========
File/Folder C:\Documents and Settings\Audia Clarke\Application Data\??crosoft\??crosoft\ctxad-580.0000 not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Audia Clarke
->Temp folder emptied: 156256 bytes
->Temporary Internet Files folder emptied: 20219346 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 16589241 bytes
->Flash cache emptied: 966 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Donald Ellis
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Kami
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Kiki
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 32768 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Owner

User: TEMP
->Temp folder emptied: 8485 bytes
->Temporary Internet Files folder emptied: 7299263 bytes
->FireFox cache emptied: 4371513 bytes
->Flash cache emptied: 609 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 42279187 bytes

Total Files Cleaned = 87.00 mb


OTM by OldTimer - Version 3.1.15.0 log created on 08122010_013006
donp200
Regular Member
 
Posts: 15
Joined: July 31st, 2010, 9:46 am

Re: Firefox and IE 7 search redirects searchingandclick37.co

Unread postby Cypher » August 12th, 2010, 4:42 am

Hi donp200.
Humm that didn't work either.
This is the last thing we need to do before i give you final instructions so one more try.

Re-run OTM
  • Double-click OTM.exe to run it.
  • Right-click then copy the following code, Do not include the word Code.
    Code: Select all
    :Files
    C:\Documents and Settings\Audia Clarke\Application Data\Microsoft\Microsoft\ctxad-580.0000
    
    :Commands
    [emptytemp]
    [start explorer]
    [Reboot]
    

    • Return to OTM, right-click then paste the code into the blank box below Image
    • Next click on the largeImage button.
    • OTM may ask to reboot the machine. Please do so if asked.
    • Copy everything in the Results window (under the green bar), and paste it in your next reply.

NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Firefox and IE 7 search redirects searchingandclick37.co

Unread postby donp200 » August 12th, 2010, 9:43 pm

Hi Cypher

Please see the latest OTM log

All processes killed
========== FILES ==========
File/Folder C:\Documents and Settings\Audia Clarke\Application Data\Microsoft\Microsoft\ctxad-580.0000 not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Audia Clarke
->Temp folder emptied: 13856 bytes
->Temporary Internet Files folder emptied: 1550049 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 405 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Donald Ellis
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Kami
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Kiki
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 32768 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Owner

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 39664 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 12795796 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 14.00 mb


OTM by OldTimer - Version 3.1.15.0 log created on 08122010_212653
donp200
Regular Member
 
Posts: 15
Joined: July 31st, 2010, 9:46 am

Re: Firefox and IE 7 search redirects searchingandclick37.co

Unread postby Cypher » August 13th, 2010, 5:48 am

Hi donp200.
Ok for some reason OTM can't find the file to delete it, as you are planing to reformat you're PC you need to do that now.
Here is some advice on how to better secure you're PC once you have done so.
Internet Explorer v7.00

This was outdated and a security risk, you should install internet explorer 8

You can find information and install IE 8 from Here


Anti-virus

You can reinstall AVG Free 9.0 or one of these free applications.


Note: You should run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and results in program conflicts and false virus alerts.


Firewall

As the term conveys a firewall is an extra layer of security installed onto computers which restricts access to systems from the outside world. Firewalls protect against hackers and malicious intruders.

If you are using the built-in Windows XP firewall it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to phone home for more instructions. Simply put Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.

I would recommend you install a free firewall for personal use from one of these excellent vendors. Choice is yours:



Here are some free programs I recommend that could help you improve your computer's security.


Install Malwarebytes Anti-malware
These are anti-malware applications that can thoroughly remove even the most advanced malware. They include a number of features, including a built in protection monitor that blocks malicious processes before they even start.
You can find information and Download it from HERE

Install SpywareBlaster
Download and install Javacools SpywareBlaster from Here
SpywareBlaster adds a list of ActiveX controls, tracking cookies and sites which will be blocked in either Internet Explorer or Firefox browsers. You need to manually check for updates regularly.

Install SiteAdvisor
SiteAdvisor is a toolbar for Microsoft Internet Explorer and Mozilla Firefox which alerts you if you're about to enter a potentially dangerous website.
You can find more information and download it from Here

Install WinPatrol
As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
For more information, please visit HERE

MVPS Hosts

Install MVPS Hosts File From Here
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
You can Find the Tutorial HERE

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Visit Microsoft often to get the latest updates for your computer
You can do that HERE

Read some information HERE On how to prevent Malware
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Firefox and IE 7 search redirects searchingandclick37.co

Unread postby Dakeyras » August 14th, 2010, 7:18 am

Since we have done all we can, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 279 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware