Free Malware Removal Forum

[erik8mwr]

Did you remove that line using HijackThis (as per my earlier post)?

Yes.

Here's the Malwarebytes log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4217

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18928

23/6/2010 11:00:26 PM
mbam-log-2010-06-23 (23-00-26).txt

Scan type: Quick scan
Objects scanned: 130737
Time elapsed: 10 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\StarTV\StarTV.exe (Trojan.Dropper) -> No action taken.

Also, can you tell me about MiniThunder, this looks to be some form of search tool.

It is a download tool from China.

[deltalima]

Hi erik8mwr,

OK, we need to dig deeper.

Please run a quick scan with Malwarebytes and remove any infections that are found.

Backup Your Registry:
* Download ERUNT to your Desktop (right-click the link, select Save Target As..., select your Desktop and press Save)
* Right-click erunt.zip, choose Extract All... and follow the prompts to unzip the program
* Open the erunt folder on your Desktop and double-click ERUNT.exe to start the program
* OK all the prompts to back up your registry to the default location.
Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe


Reset IE8:

• Please download Microsoft FixIt and save it to the desktop.
• Double click on MicrosoftFixit50195.exe select I Agree and click on Next.
• Follow the on-screen prompts.
• You may delete MicrosoftFixit50195.exe when finished and or keep it if any problems in the future with IE8.
• Next time IE8 is launched you will be prompted to reapply settings again, this is normal.
  
• Note: Any add-ons will require to be reapplied after the above reset.

Run OTL Script

• Double-click OTL.exe to start the program.
• Copy and Paste the following code into the textbox. Do not include the word Code
  

  Code: Select all

  :otl
  O2 - BHO: PIPI Link Helper - {1A3440C6-F123-4CAB-84EE-C814E1AE0D8F} - C:\Program Files\StarTV\core\pipi\JfCheck.dll
  IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.my180.com/Search.html
  IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.my180.com/Search.html
  IE - HKU\S-1-5-21-1087390416-3780635448-2520622250-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.baidu.com/index.php?tn=avantcn_dg
  :commands
  [EMPTYTEMP]
  [RESETHOSTS]
  [REBOOT]
  

• Then click the Run Fix button at the top.
• Click .
• OTL may ask to reboot the machine. Please do so if asked.
• The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Please go to Kaspersky website and perform an online antivirus scan.

1. Read through the requirements and privacy statement and click on Accept button.
2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
3. When the downloads have finished, click on Settings.
4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
   Spyware, Adware, Dialers, and other potentially dangerous programs
   Archives
   
5. Click on My Computer under Scan.
6. Once the scan is complete, it will display the results. Click on View Scan Report.
7. You will see a list of infected items there. Click on Save Report As....
8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
9. Please post this log in your next reply and let me know how your computer is running now.

[Gary R]

Due to lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.