Jump to content

Nightlurker

Members
  • Posts

    3
  • Joined

  • Last visited

Reputation

0 Neutral
  1. I was wrong about this problem. Please close/delete this topic.
  2. Hey everyone I beleive I caught the google redirect virus on my PC. (Using a friends PC) I bought a domain name 2 days ago but something weird started happening to it. It started redirecting automatically to a website which as an out dated layout of PayPal.com. I guess it's a phishing attempt. Anyways I contacted support about this and they said that everything was fine inside the cpanel and that it was most likely a problem inside my computer. I ran a scan and got the report from malware bytes below. After the malware bytes I ran the TDSSKiller and it found 8 threats. I deleted all of them and clicked reboot PC. After this my keyboard and mouse do not work. They only work at start up so I can login to safe mode but even there the keyboard and mouse do not work. I don't have the TDSSKiller report seeing as I can't open any files on my computer since my keyboard and mouse don't do anything. (I have tried using my mouse on another PC and it worked fine) I remember that one of the threats that TDSSKiller reported was "sptd". Then it had other 7 that I don't remember the name. I've read around about using rkill or combofix but the thing is, without my keyboard and mouse working on my PC I don't know how to run these. If anyone could help regain access to my keyboard and mouse so that I can run these things maybe I could clear the viruses. I leave the malwarebytes reprot below but it only popped up a couple of PUP.casino which I believe to be harmless. Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Versão da base de dados: 8327 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.19154 12-12-2011 20:10:15 mbam-log-2011-12-12 (20-10-09).txt Tipo de pesquisa: Completa (C:\|D:\|E:\|F:\|G:\|H:\|) Objectos verificados: 538833 Tempo decorrido: 5 hora(s), 28 minuto(s), 17 segundo(s) Processos de memória infectados: 0 módulos de Memória infectados: 0 Chaves do Registo Infectadas: 1 Valores do Registo infectados: 0 Itens de dados do Registo Infectados: 0 Pastas Infectadas: 0 Ficheiros Infectados: 1 Processos de memória infectados: (Nenhum item malicioso detectado) módulos de Memória infectados: (Nenhum item malicioso detectado) Chaves do Registo Infectadas: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\William Hill CASINO CLUB (PUP.Casino) -> No action taken. Valores do Registo infectados: (Nenhum item malicioso detectado) Itens de dados do Registo Infectados: (Nenhum item malicioso detectado) Pastas Infectadas: (Nenhum item malicioso detectado) Ficheiros Infectados: c:\Casino\william hill casino club\_setupcasino_73279d_pt.exe (PUP.Casino) -> No action taken. I was wondering if anyone could help handling this report since I’m not really good at this. I tried downloading the DSS from bleepingcomputer.com but I cannot access the website, I don’t know if it’s down or if it’s just me. Thanks You In Advance. Forget this last part of the thread where I say and i quote "I was wondering if anyone could help handling this report since I’m not really good at this. I tried downloading the DSS from bleepingcomputer.com but I cannot access the website, I don’t know if it’s down or if it’s just me." I am able to access that site it on my friends PC. Hey everyone, I did a few scans and I would be very thankfull if someone could take a look at these. First I used malwarebytes to scan the PC and it only detected 2 PUP which were harmless. I still removed them just in case. I decided to go deeper and used the TDSSKiller it caught 8 threats. 1 of them was the sptd usually related to the google redirect virus. I don't remember the name of the other 7. I deleted all of them and I was told to reboot the system. I rebooted, everything booted normally, however, my keyboard and mouse do not work. They are completely frozen and only work before windows starts in BIOS. I realized that the only thing I could use was my DVD/CD so I used Avira rescue disk. Unfortunately, I can't copy the log to this PC exactly how it looks like but I copied the most important things and will list them below in a sec. Avira was able to rename a couple of HTML/IFrame.JA.1 and Trojans such as TR/Dropper.GEN But other it says archive scan aborted. I decided to try the AVG rescue disk next. I used the scan I could only due it half way because the light went off...yeah I know lucky me. I will leave the half report below right after the Avira one. After all of this I'm still in the situation and my keyboard and mouse (USB) still don't work. I tried using an old non USB keyboard but no luck. I'm going to use the bit defender rescue disk next meanwhile I leave the reports since I'm not very good at handling these things I was hopping for assistance. My major problem is not being able to use my keyboard and mouse inside windows. Thank you. AVIRA SCAN: TR/Crypt-XPACK.Gen [archive scan abort] TR/Dropper.GEN [renamed] BDS/Gendal-654428 - renamed BDS/Gendal-683423.2 - renamed Java/Fester.L - archive scan abort Java/Exdoer.DH.2 - archive scan abort JAVA/Exdoer.EX - archive scan abort SPR/Autolt.Gen - renamed HTML/IFrame.JA.1 - renamed HTML/IFrame.JA.1 - renamed HTML/IFrame.JA.1 - renamed HTML/IFrame.JA.1 - renamed HTML/IFrame.JA.1 - renamed HTML/IFrame.JA.1 - renamed HTML/IFrame.JA.1 - renamed HTML/IFrame.JA.1 - renamed SPR/Hacktool.231936 - archive scan abort TR/Gendal.kdv.294349 - archive scan abort TR/Agent.339896 - renamed TR/Agent.155648.30 - renamed TR/Gendal 6690843 - renamed TR/Gendal 6690843 - archive scan abort BDS/Gendal.662620 - archive scan abort invalid or corrupt - rarnew.dat archive type- left 4 dead end of file - keyword elite uninstallexe bad compressed data- proxy checker unistallexe end of file- gamers first uninstall exe end of file - GrindSoft/Lines/Uninstall A malformed archive header was detected - Serif/WebPlus Starter Edition/3-0/Data/FillTableconical.zip end of file - SpeedFan/uninstall.exe end of file - StumbleUpon/PostInstall.exe end of file - StumbleUpon/PreUninstall.exe bad archive header - AppData Plus500 AVG HALF SCAN: AVG command line Anti-Virus scanner /mnt/sdd1/ PUP Tool.LN /Program Files/Counter-Strike/platform/Friends/friendsUI.dll Runtime packed nspack /Program Files/HideMyMac/mxid.dll Runtime packed nspack /AppData/Local/Microsoft/Windows Defender/Filetracker/{051080FB-A0F8-4A77-B818-580411353E41} Virus Found Hosts /AppData/Local/Microsoft/Windows Defender/Filetracker/{CED2FB3F-C2D8-474B-A179-2DA772753A80} Virus Found Hosts Trojan Horse Generic3_c.CLFX Trojan Horse Backdoor.Generic14.NAX Trojan Horse Java/Agent.GX Trojan Horse Java/Agent.FL Trojan Horse Java/Agent.GX Trojan Horse Java/Exploit.LJ Trojan Horse Java/Agent.FB Trojan Horse Java/Agent.FA Trojan Horse Java/Exploit.LJ Trojan Horse Java/Exploit.HS Trojan Horse Java/Exploit.HP Trojan Horse Java/Exploit.HS Trojan Horse Java/Agent.EW Trojan Horse Java/Agent.EW /AppData/Local/Roaming/Octoshape/ Corrupeted executable file /AppData/Local/Roaming/Octoshape/ Corrupeted executable file PUP Tool.LN PUP Tool.LN Trojan Horse Generic3_c.CJNK Trojan Horse Generic3_c.CJNK hosts.txt Virus Found Hosts PUP Tool.LN PUP Tool.LN ALL RENAMED SUCCESS ACCORDING TO AVG. Hey everyone, first things first, here is the bit defender scan: BIT DEFENDER SCAN: 4 threats in 25 still present in your system Backdoor.Generic.654428 joke.NoClose.IS.A Trojan.Generic.6690843 Trojan.HTML.Iframe.T -------------------------------------------- I then clicked disnfect all 4 but only Backdoor.Generic.654428 and Trojan.Generic.6690843 were success. I than clicked delete both joke.Noclose.IS.A and Trojan.HTML.Iframe.T and they were deleted successfuly. All 25 success. I tried logging in in safe mode. Booted successfully as always but again as always mouse and keyboard do not work inside windows vista. I ran a second bit defender a scan and it came out clean. In order to fix the keyboard and mouse issues, I copies the usb drivers from my friends PC (who also runs Vista) and copied them into my PC but with no luck. Mouse and keyboard still not working inside windows vista. I am, however, able to use mouse and keyboard and internet on my PC using bitdefender. I was able to get the TDSSKiller logs below. TDSSKiller.2.6.22.0_13.12.2011_03.04.30_log.txt TDSSKiller.2.6.22.0_13.12.2011_03.06.14_log.txt TDSSKiller.2.6.22.0_13.12.2011_03.08.05_log.txt
  3. Hey everyone, I bought a domain name yesterday but something weird started happening to it. It started redirecting automatically to a website which as an out dated layout of PayPal.com. I guess it's a phishing attempt. Anyways I contacted support about this and they said that everything was fine inside the cpanel and that it was most likely a problem inside my computer. I ran a scan and got the following report: Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Versão da base de dados: 8327 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.19154 12-12-2011 20:10:15 mbam-log-2011-12-12 (20-10-09).txt Tipo de pesquisa: Completa (C:\|D:\|E:\|F:\|G:\|H:\|) Objectos verificados: 538833 Tempo decorrido: 5 hora(s), 28 minuto(s), 17 segundo(s) Processos de memória infectados: 0 módulos de Memória infectados: 0 Chaves do Registo Infectadas: 1 Valores do Registo infectados: 0 Itens de dados do Registo Infectados: 0 Pastas Infectadas: 0 Ficheiros Infectados: 1 Processos de memória infectados: (Nenhum item malicioso detectado) módulos de Memória infectados: (Nenhum item malicioso detectado) Chaves do Registo Infectadas: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\William Hill CASINO CLUB (PUP.Casino) -> No action taken. Valores do Registo infectados: (Nenhum item malicioso detectado) Itens de dados do Registo Infectados: (Nenhum item malicioso detectado) Pastas Infectadas: (Nenhum item malicioso detectado) Ficheiros Infectados: c:\Casino\william hill casino club\_setupcasino_73279d_pt.exe (PUP.Casino) -> No action taken. I was wondering if anyone could help handling this report since I’m not really good at this. I tried downloading the DSS from bleepingcomputer.com but I cannot access the website, I don’t know if it’s down or if it’s just me. Thanks You In Advance. PS: Also let me know if posting the domain name that I got problems with would help. I'm not posting now because I don't anyone to accidently go to the domain and catch something since I don’t know if I caught something from it. mbam-log-2011-12-12 (20-10-09).txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.