Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Browser keeps getting redirected.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Browser keeps getting redirected.

Unread postby Elrond » January 27th, 2009, 5:12 pm

That got rid of the active infection. There is some clean up to do. You can delete RSIT.

Download and Run OTMoveIt3

Download OTMoveIt3 by Old Timer and save it to your Desktop.
  • Double-click OTMoveIt3.exe. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Copy the lines in the codebox below.
Code: Select all
:services
mscweosd
mscbcosd

:files
C:\DOCUME~1\LOCALS~1\protect.dll
C:\WINDOWS\system32\mscbco.exe
C:\WINDOWS\system32\mscweo.exe 
:reg
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\FrostWire\FrostWire.exe"=-
"C:\StubInstaller.exe"=-

  • Return to OTMoveIt3, right click in the Paste Instructions for Items to be Moved window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar), and paste it in your next reply.
  • Close OTMoveIt3
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem
Advertisement
Register to Remove

Re: Browser keeps getting redirected.

Unread postby RPH2707 » January 27th, 2009, 5:33 pm

========== SERVICES/DRIVERS ==========
Service mscweosd stopped successfully.
Service mscweosd deleted successfully.
Service mscbcosd stopped successfully.
Service mscbcosd deleted successfully.
========== FILES ==========
File/Folder C:\DOCUME~1\LOCALS~1\protect.dll not found.
File/Folder C:\WINDOWS\system32\mscbco.exe not found.
File/Folder C:\WINDOWS\system32\mscweo.exe not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\FrostWire\FrostWire.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\StubInstaller.exe deleted successfully.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01272009_163306
RPH2707
Active Member
 
Posts: 11
Joined: January 12th, 2009, 3:32 pm

Re: Browser keeps getting redirected.

Unread postby Elrond » January 28th, 2009, 2:05 pm

OK RPH2707.

You can remove RSIT from your desktop now.
I would like to run one more scan to be as sure as I can be that the computer is clean.

Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply.


If that comes back clean we will do some housekeeping and I will give you some tips on how to stay clean.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem

Re: Browser keeps getting redirected.

Unread postby RPH2707 » January 29th, 2009, 2:36 am

This is the scan report...Nothing found.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, January 29, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, January 29, 2009 02:10:14
Records in database: 1722673
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Files scanned: 75163
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 03:23:51

No malware has been detected. The scan area is clean.

The selected area was scanned.
RPH2707
Active Member
 
Posts: 11
Joined: January 12th, 2009, 3:32 pm

Re: Browser keeps getting redirected.

Unread postby Elrond » January 29th, 2009, 4:12 pm

CLEAN UP

Let's clear out the programs we've been using to clean up your computer, they are not suitable for general malware removal and could cause damage if used inappropriately.

  1. Double-click OTMoveIt3.exe.
  2. Click the CleanUp! button.
  3. Select Yes when the "Begin cleanup Process?" prompt appears.
  4. If you are prompted to Reboot during the cleanup, select Yes.
  5. The tool will delete itself once it finishes, if not delete it by yourself.


GooredFix: Click Start>Run and copy and paste this:
Code: Select all
"%USERPROFILE%\Desktop\GooredFix.exe" /uninstall


Your computer now seems to be clean. Therefore please

  1. Clean out Temporary Files etc.
    This program is for Vista, XP and Windows 2000 only
    Please download ATF Cleaner by Atribune.
    1. Double-click ATF-Cleaner.exe to run the program.
    2. Under Main choose: Select All. Then remove the check mark for cookies
    3. Click the Empty Selected button.
    If you use Firefox browser
    • Click Firefox at the top and choose: Select All
    • Click the Empty Selected button.
    • Remove the check mark for Cookies
    • NOTE: If you would like to keep your saved passwords, please click No at the prompt if asked .
    If you use Opera browser
    • Click Opera at the top and
    • choose: Select All.
    • Remove the check mark for Cookies
    • Click the Empty Selected button.
    It is a good idea to do this every few weeks as a lot of junk collects there over time.

  2. Create a new, clean System Restore point which you can use in case of future system problems:
    Press Start->All Programs->Accessories->System Tools->System Restore
    Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close

    Now remove old, infected System Restore points:
    Next click Start->Run and type cleanmgr in the box and press OK
    Ensure the boxes for Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
    Select the More Options tab, under System Restore press Clean up... and say Yes to the prompt
    Press OK and Yes to confirm

  3. Set correct settings for files that should be hidden in Windows XP
    • Click Start > My Computer > Tools menu (at top of page) > Folder Options > View tab.
    • Under "Hidden files and folders" if necessary select Do not show hidden files and folders.
    • If unchecked please checkHide protected operating system files (Recommended)
    • If necessary check "Display content of system folders"
    • If necessary Uncheck Hide file extensions for known file types.
    • Click OK

  4. Download and install the free version of WinPatrol. This program protects your computer in a variety of ways and will work well with your existing security software. Have a look at this tutorial to help you get started with the program. If you want to help the developer of the program and get more information about what the programs that you see in Winpatrol please check out Winpatrol Plus. It does not need a new download.

  5. If you are using Internet Explorer v. 7 please read and follow the recommendations at this site. http://surfthenetsafely.com/ieseczone8.htm

  6. Use an Anti Virus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.
  7. Update your Anti Virus Software - It is imperative that you update your Anti virus software at least a few times a week (Once a day is a good idea). If you do not update your anti virus software it will not be able to catch new variants that come out.

  8. Use a Firewall (Hardware or Software) - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. Windows Firewall is not recommended.
    Be restrictive with granting access to the Internet. If you are unsure if the program really needs the access, test it by denying the access and see if this has any negative effects. If not, make the block permanent.

  9. Never run two Antivirus programs or two Software Firewalls at the same time. They can interfere with each other and cause problems.

  10. Visit Microsoft's Windows Update Site Frequently or better yet set computer for automatic updates.

  11. Update all programs regularly - Make sure you update all programs regularly. Without regular updates you WILL NOT be protected when new malicious programs are released. The best way to keep updated is to download PSI Secunia from https://psi.secunia.com. It will help you keep your programs updated. Keep it updated. It is free for personal use.

  12. Read and follow the suggestions given at this web site by Miekiemoes http://users.telenet.be/bluepatchy/miek ... ntion.html that will give you more information on some of the points above.


[*]Use your best judgment when opening E-mails, following links, downloading programs, or surfing the web. If there is the slightest thing odd about something connected with any of those do not open, follow or download even if the sender is a friend. If it is a friend then ask if they really sent the information. They could be infected.
Follow this list and your potential for being infected again will be reduced.

Stand up and be Counted.
[quote]NOW is the time you can start to hit back at the people who infected you.
Image
Please take the time to go and complain. Please post as a reply, you do not need to register to do so (but you can if you wish). It will also have a list of other places you can go to to register your complaint, depending on the country you are resident in. Please read the topics and complain, it is only with such complaints to government or government agencies that something will get done.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem

Re: Browser keeps getting redirected.

Unread postby Elrond » February 2nd, 2009, 11:46 am

RPH2707 this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 482 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware