Member Avatar for outerspacely

Hi,
There seems to be a virus on my laptop as whenever I use internet explorer or firefox to search for things, like on google it redirects me to other search engines or spam websites..
i read on an earlier post that combofix can help? should i use this? i just wanted to find out if i should use it, as on its website it says that i should only use it if told to do so by a professional.
Thanks

  • 4 Contributors
  • 7 Replies
  • 167 Views
  • 3 Months Discussion Span
  • Latest Post Latest Post by crunchie

Recommended Answers

All 7 Replies

Member Avatar for crunchie

Hi and welcome to the Daniweb forums :).

==========

Let's try this first;

Download Malwarebytes' Anti-Malware (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html) to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure to checkmark the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Download the update from here if you have problems.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

Make sure that you restart the computer.

============

Download HijackThis Executable from here. Save it to your desktop.
Start HJT & press the "Do a system scan and save a log file" button. When the scan is finished a window will pop up giving you the option of where to save it. Save it to desktop where it is easy to access. Open the log file and then go to the format Tab and make sure that wordwrap is unchecked. Copy the entire contents of the file & paste it into the body of your post. DO NOT FIX ANYTHING YET. Most of what is there is necessary for the running of your system.

Member Avatar for outerspacely

Hi,
Thanks for your reply....before i saw your post i borrowed norton antivirus from my sister and installed it(my own version wasn't finding any viruses)....and it did some scans and found a virus called Packed.Generic.271 and removed it.....and now the problem has gone!
Should I run the malware programme anyway? I hope the problem doesn't come back..
:)

Member Avatar for crunchie

It would not hurt to run it. It is an excellent piece of software.

Member Avatar for outerspacely

Ok then I'll run it tomorrow. Good night! and thanks again

Member Avatar for daon

i seem to have the same problem, i am currently using the program you recomended to pinpoint the problem, i will post the log later.

Member Avatar for digiswamp

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:06:12, on 06/05/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Windows\Explorer.EXE
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\CyberLink\Shared Files\brs.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATICKE.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Mainconcept\PVR\PvrLauncher.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Users\Author_Chris\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Author_Chris\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Author_Chris\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Author_Chris\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Author_Chris\Desktop\openvpn-gui-1.0.3.exe
C:\Program Files\OpenVPN\bin\openvpn.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Adobe\Adobe Flash CS3\Flash.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Users\Author_Chris\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Author_Chris\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Author_Chris\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Author_Chris\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Author_Chris\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Author_Chris\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Author_Chris\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Author_Chris\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Author_Chris\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Author_Chris\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Author_Chris\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Author_Chris\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Adobe\Adobe Dreamweaver CS3\dreamweaver.exe
C:\Users\Author_Chris\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Author_Chris\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Author_Chris\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
O4 - HKLM\..\Run: [Acrobat Assistant 8.0]

Member Avatar for crunchie

This thread is now closed. If you need it reopened, please send a PM to one of our Mods.

Include the link to the thread and detail why you need it reopened.

If this is not your thread please start a New Topic.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.