Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

Browser Infected?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

Browser Infected?

Unread postby DavidVieira » August 5th, 2010, 7:34 pm

Hello guys. My computer seems to be infected by a virus and i can't find nor delete it. The cause of the problem is most likely a Key-Gen for Halo Custom Editiom ( because problems started occuring after i used the Gen). I know using a Key-Gen is not legall but considering i actually purchased the game i thought it would be okay to use one. Though, after realizing that my computer has been infected i deleted the Key-Gen and i will definitely never use such a program again. Immediately after that i ran, Malwarebytes' Anti Malware and it found several viruses, i deleted them. However i noticed that still something seemed to be on my computer so i ran Anti Malware again. This time it found different items, I deleted them, too. But still my computer didn't seem virus free, so i ran Anti Malware a couple of times in a row and it always found something. Now after running it about six times it won't find any viruses anymore, yet my computer is still not virus free. I dont know what the virus is doing. All i know is that when i use Firefox it randomly redirects me to this site
hxxp://n-traff.com/clickn.php?fb=
WVRveU9udHpPamc2SW5WelpYSmtZWFJoSWp0aE9qRTRPbnR6T2pnNkltWmxaV1JmYzJWMElqdHpPakU2SWpJaU8zTTZOem9pYzNWaVlXWm1kQ0k3Y3pvek9pSTRPVFVpTzNNNk56b2liR2x6ZEY5cFpDSTdjem96TWpvaVptTXhZelF6TldZMk16YzNZMlEwWkRJM1l6ZzFNakUwWkdJNFltTTJOV1VpTzNNNk9Eb2lZMnhwWTJ0ZmFXUWlPM002TXpJNklqRm1aRGRqTkdJd1pXWTBaVEJrTVRObE5tVTNNVFU1Wm1NNU1EZzVaalU0SWp0ek9qazZJbXhwYzNSZmRHbHRaU0k3Y3pveE9Ub2lNakF4TUMwd09DMHdOU0F4TnpvMU5Ub3lNU0k3Y3pvek9pSjFjbXdpTzNNNk5USTZJbWgwZEhBNkx5OXRZV3BsYzNScFl5MHlMbWx1TDNCb2NHSmlMMmx0WVdkbE1pOXBibVJsZUM1d2FIQS9TVVE5TWpBME5EWWlPM002TkRvaWEzQndhU0k3VGp0ek9qSTZJbWxrSWp0ek9qWTZJakV3TmpNMk9TSTdjem8zT2lKclpYbDNiM0prSWp0ek9qUTBPaUpvYjNjZ2RHOGdjbVZ0YjNabElHbHVkR1Z5Ym1WMElHVjRjR3h2Y21WeUlEZ2dZMjl0Y0d4bGRHVnNlU0k3Y3pveU9pSnBjQ0k3Y3pveE16b2lPRGt1TVRZMkxqRXpOUzQxTnlJN2N6b3hNam9pWTI5MWJuUnllVjlqYjJSbElqdHpPakk2SWtSRklqdHpPak02SW1GbVppSTdjem8xT2lJeU1EUTBOaUk3Y3pvMk9pSnpkV0poWm1ZaU8zTTZOam9pTWpneE9UUTFJanR6T2pNNkltSnBaQ0k3Y3pveE9pSXdJanR6T2pjNkltMWhlRjlqY0dNaU8zTTZNVG9pTUNJN2N6bzVPaUptYVhobFpGOWpjR01pTzNNNk5qb2lNQzR3TVRBeElqdHpPalk2SW1OaFkyaGxaQ0k3YVRvd08zTTZNVE02SW1Ga2RtVnlkR2x6WlhKZmFXUWlPM002TkRvaU1UVXpNU0k3ZlhNNk16b2liV1ExSWp0ek9qTXlPaUpqT0dWa01qWXpOekprTVRjME5qZ3dNak5oWXpRM1l6UTBZMlV4WW1JMU9TSTdmUT09&b=MC4wMTAx&p=MQ==
or opens a new Window with this site in the adressbar. Luckily Firefox recognizes this site as harmful and won't load it.


Here is the hijack log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 01:01:31, on 06.08.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\CyberLink\PowerCinema\PCMService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Dokumente und Einstellungen\User\Desktop\HiJackThis204.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://shop.thefreevpn.com/home.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 209.239.123.43:9939
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PCMService] "C:\Programme\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Vidalia] "C:\Programme\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [SystemDriverLoad] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [SystemDriver] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [FDriver] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ADriver] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\GEMEIN~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe

--
End of file - 4302 bytes


Some side notes here:
1.My computer runs a german version of Windows XP
2.The Internet Explorer home page "http://shop.thefreevpn.com/home.php" seems to be related to a different problem as this site redirects me to a russian mp3 website. I cannot undo this, but this appeared long before my problem i described
3. I dont have a AskToolbar on my computer , i dont know why it is included in my hijack file :shock:


And here is the uninstall_list

Adobe Shockwave Player 11
Athlon 64 Processor Driver
ATI - Dienstprogramm zur Deinstallation der Software
ATI Catalyst Control Center
ATI Display Driver
Broadcom 802.11 Network Adapter
DivX Codec
Foxit Reader
Google Earth
Google Update Helper
GTK+ 2.10.11 runtime environment
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix für Windows Media Player 11 (KB939683)
Hotfix für Windows XP (KB942288-v3)
Hotfix für Windows XP (KB952287)
Hotfix für Windows XP (KB961118)
Hotfix für Windows XP (KB970653-v3)
Hotfix für Windows XP (KB976098-v2)
Hotfix für Windows XP (KB979306)
Hotfix für Windows XP (KB981793)
ICQ
J2SE Runtime Environment 5.0
Java(TM) 6 Update 17
Java(TM) 6 Update 18
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1 German Language Pack
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Mozilla Firefox (3.0.19)
MSXML 4.0 SP2 Parser and SDK
PowerCinema
Sicherheitsupdate for Windows Media Player 9 Series (KB969878)
Sicherheitsupdate für Windows Media Player (KB952069)
Sicherheitsupdate für Windows Media Player (KB954155)
Sicherheitsupdate für Windows Media Player (KB968816)
Sicherheitsupdate für Windows Media Player (KB973540)
Sicherheitsupdate für Windows Media Player (KB978695)
Sicherheitsupdate für Windows Media Player 11 (KB936782)
Sicherheitsupdate für Windows Media Player 11 (KB954154)
Sicherheitsupdate für Windows Media Player 9 (KB917734)
Sicherheitsupdate für Windows XP (KB2229593)
Sicherheitsupdate für Windows XP (KB2286198)
Sicherheitsupdate für Windows XP (KB923561)
Sicherheitsupdate für Windows XP (KB923789)
Sicherheitsupdate für Windows XP (KB938464)
Sicherheitsupdate für Windows XP (KB941569)
Sicherheitsupdate für Windows XP (KB946648)
Sicherheitsupdate für Windows XP (KB950759)
Sicherheitsupdate für Windows XP (KB950760)
Sicherheitsupdate für Windows XP (KB950762)
Sicherheitsupdate für Windows XP (KB950974)
Sicherheitsupdate für Windows XP (KB951066)
Sicherheitsupdate für Windows XP (KB951376)
Sicherheitsupdate für Windows XP (KB951376-v2)
Sicherheitsupdate für Windows XP (KB951698)
Sicherheitsupdate für Windows XP (KB951748)
Sicherheitsupdate für Windows XP (KB952004)
Sicherheitsupdate für Windows XP (KB952954)
Sicherheitsupdate für Windows XP (KB953838)
Sicherheitsupdate für Windows XP (KB953839)
Sicherheitsupdate für Windows XP (KB954211)
Sicherheitsupdate für Windows XP (KB954459)
Sicherheitsupdate für Windows XP (KB954600)
Sicherheitsupdate für Windows XP (KB955069)
Sicherheitsupdate für Windows XP (KB956390)
Sicherheitsupdate für Windows XP (KB956391)
Sicherheitsupdate für Windows XP (KB956572)
Sicherheitsupdate für Windows XP (KB956744)
Sicherheitsupdate für Windows XP (KB956802)
Sicherheitsupdate für Windows XP (KB956803)
Sicherheitsupdate für Windows XP (KB956841)
Sicherheitsupdate für Windows XP (KB956844)
Sicherheitsupdate für Windows XP (KB957095)
Sicherheitsupdate für Windows XP (KB957097)
Sicherheitsupdate für Windows XP (KB958215)
Sicherheitsupdate für Windows XP (KB958644)
Sicherheitsupdate für Windows XP (KB958687)
Sicherheitsupdate für Windows XP (KB958690)
Sicherheitsupdate für Windows XP (KB958869)
Sicherheitsupdate für Windows XP (KB959426)
Sicherheitsupdate für Windows XP (KB960225)
Sicherheitsupdate für Windows XP (KB960714)
Sicherheitsupdate für Windows XP (KB960715)
Sicherheitsupdate für Windows XP (KB960803)
Sicherheitsupdate für Windows XP (KB960859)
Sicherheitsupdate für Windows XP (KB961371)
Sicherheitsupdate für Windows XP (KB961373)
Sicherheitsupdate für Windows XP (KB961501)
Sicherheitsupdate für Windows XP (KB963027)
Sicherheitsupdate für Windows XP (KB968537)
Sicherheitsupdate für Windows XP (KB969059)
Sicherheitsupdate für Windows XP (KB969897)
Sicherheitsupdate für Windows XP (KB969898)
Sicherheitsupdate für Windows XP (KB969947)
Sicherheitsupdate für Windows XP (KB970238)
Sicherheitsupdate für Windows XP (KB970430)
Sicherheitsupdate für Windows XP (KB971468)
Sicherheitsupdate für Windows XP (KB971486)
Sicherheitsupdate für Windows XP (KB971557)
Sicherheitsupdate für Windows XP (KB971633)
Sicherheitsupdate für Windows XP (KB971657)
Sicherheitsupdate für Windows XP (KB971961)
Sicherheitsupdate für Windows XP (KB972260)
Sicherheitsupdate für Windows XP (KB972270)
Sicherheitsupdate für Windows XP (KB973346)
Sicherheitsupdate für Windows XP (KB973354)
Sicherheitsupdate für Windows XP (KB973507)
Sicherheitsupdate für Windows XP (KB973525)
Sicherheitsupdate für Windows XP (KB973869)
Sicherheitsupdate für Windows XP (KB973904)
Sicherheitsupdate für Windows XP (KB974112)
Sicherheitsupdate für Windows XP (KB974318)
Sicherheitsupdate für Windows XP (KB974392)
Sicherheitsupdate für Windows XP (KB974455)
Sicherheitsupdate für Windows XP (KB974571)
Sicherheitsupdate für Windows XP (KB975025)
Sicherheitsupdate für Windows XP (KB975467)
Sicherheitsupdate für Windows XP (KB975560)
Sicherheitsupdate für Windows XP (KB975561)
Sicherheitsupdate für Windows XP (KB975562)
Sicherheitsupdate für Windows XP (KB975713)
Sicherheitsupdate für Windows XP (KB976325)
Sicherheitsupdate für Windows XP (KB977165)
Sicherheitsupdate für Windows XP (KB977816)
Sicherheitsupdate für Windows XP (KB977914)
Sicherheitsupdate für Windows XP (KB978037)
Sicherheitsupdate für Windows XP (KB978251)
Sicherheitsupdate für Windows XP (KB978262)
Sicherheitsupdate für Windows XP (KB978338)
Sicherheitsupdate für Windows XP (KB978542)
Sicherheitsupdate für Windows XP (KB978601)
Sicherheitsupdate für Windows XP (KB978706)
Sicherheitsupdate für Windows XP (KB979309)
Sicherheitsupdate für Windows XP (KB979482)
Sicherheitsupdate für Windows XP (KB979559)
Sicherheitsupdate für Windows XP (KB979683)
Sicherheitsupdate für Windows XP (KB980195)
Sicherheitsupdate für Windows XP (KB980218)
Sicherheitsupdate für Windows XP (KB980232)
Synaptics Pointing Device Driver
System Requirements Lab
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update für Windows XP (KB951072-v2)
Update für Windows XP (KB951978)
Update für Windows XP (KB955759)
Update für Windows XP (KB955839)
Update für Windows XP (KB967715)
Update für Windows XP (KB968389)
Update für Windows XP (KB971737)
Update für Windows XP (KB973687)
Update für Windows XP (KB973815)
Update für Windows XP (KB976749)
VIA Vinyl Audio Codecs Driver Setup Program
VLC media player 1.0.0
Wichtiges Update für Windows Media Player 11 (KB959772)
Windows Imaging Component
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinRAR Archivierer
XnView 1.96.2


Again, some things here are in german. If you need any translation i can provide it



I hope you can help me with my problem

-david vieira



Update:

New firefox windows popping up now lead me to not only the site posted above! One of them is this very suspicious hxxp://www.google.com/webhp site which almost looks exactly like google but probably isn't

Update2:
I think, I found a pattern: It doesn't look like i am randomly at any point being redirected to sites but rather only after using the google search, though i am not 100% sure about this. So what i currently see are redirects to malicious sites when using Google and new firefox-windows poping up
Last edited by NonSuch on August 5th, 2010, 9:14 pm, edited 1 time in total.
Reason: Edited to disable potentially malicious links.
DavidVieira
Active Member
 
Posts: 1
Joined: August 5th, 2010, 7:06 pm
Top
Advertisement
Register to Remove

Re: Browser Infected?

Unread postby MWR 3 day Mod » August 8th, 2010, 11:39 pm

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am
Top

Re: Browser Infected?

Unread postby NonSuch » August 12th, 2010, 12:11 am

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Top
Topic locked
  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: pgmigg and 245 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index