Computer Hope
Software => Computer viruses and spyware => Virus and spyware removal => Topic started by: Mulreay on April 01, 2010, 05:30:10 AM
-
Ok I'm asking for searches on google and in my browser it starts re-directing to other search
I think it's this Trojan:JS/Dursg.B
It cleared it once on microsoft security essentials but now it does not recognise it.
Any help much appreciated
-
Hello! We need to do some diagnostics to get started.
1. Please download Profiles (http://noahdfear.net/downloads/profiles.exe) by noahdfear.- Save it to your desktop.
- Double-click profiles.exe and post its log when you reply
2. Download Win32kDiag (http://ad13.geekstogo.com/Win32kDiag.exe) by ad13 and save it to your Desktop.
- Double-click Win32kDiag.exe to run Win32kDiag and let it finish.
- When it states "Finished! Press any key to exit...", press any key on your keyboard to close the program.
- Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as a reply to this topic.
3. Please download Cheetah-Anti-Rogue (http://www.helpmyos.com/Cheetah-php-h15.htm?cheetah.zip) by me, and save to your Desktop.
- Double-click on Cheetah-Anti-Rogue.zip, and extract the file to your Desktop.
- Double-click on Cheetah-Anti-Rogue.cmd to start.
- It will finish quickly and launch a log.
- Post the contents of it in your next reply.
4. In your next reply, please post the following logs for my review:
- Profiles log (1)
- Win32kDiag log (2)
- Cheetah log (3)
Thanks! :)
-
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18
ProfileImagePath REG_EXPAND_SZ %systemroot%\system32\config\systemprofile
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19
ProfileImagePath REG_EXPAND_SZ %SystemRoot%\ServiceProfiles\LocalService
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20
ProfileImagePath REG_EXPAND_SZ %SystemRoot%\ServiceProfiles\NetworkService
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2589518989-727022852-2468593643-1000
ProfileImagePath REG_EXPAND_SZ C:\Users\Graham
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2589518989-727022852-2468593643-1001.bak
ProfileImagePath REG_EXPAND_SZ C:\Users\Greg
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2589518989-727022852-2468593643-501
ProfileImagePath REG_EXPAND_SZ C:\Users\Guest
ProfileImagePath REG_EXPAND_SZ %SystemRoot%\ServiceProfiles\LocalService
ProfileImagePath REG_EXPAND_SZ %SystemRoot%\ServiceProfiles\NetworkService
SystemRoot REG_SZ C:\Windows
Starting up...
Running from: C:\Users\Graham\Desktop\System defence\Win32kDiag.exe
Log file at : C:\Users\Graham\Desktop\Win32kDiag.txt
WARNING: Could not get backup privileges!
Searching 'C:\Windows'...
Cannot access: C:\Windows\bthservsdp.dat
Please let me know what else you need...
-
Cheetah-Anti-Rogue is needed, also. I included the instructions for my first reply to you.
-
I new I forgot to mention something. That link to Cheetah does not work.
-
Ok. I will see what is wrong with my link there.
Edit: try it again. I fixed it.
-
OK thanks for that. See attached.
Cheetah-Anti-Rogue v1.3.35
by DragonMaster Jay
Microsoft Windows [Version 6.0.6002]
Date: 02/04/2010 - Time: 19:13:23 - Arch.: x86
-- Malware removal tools check --
User has Sandboxie installed! :D
Sandboxie
CCleaner
Trend Micro HijackThis 2.0.2
Malwarebytes' Anti-Malware
SUPERAntiSpyware
-- Known infection --
Extra message: Detection only.
EOF
[recovering disk space - old attachment deleted by admin]
-
Please download Stealth MBR Rootkit Detector by GMER from GMER.net (http://www2.gmer.net/mbr/mbr.exe), and save to your Desktop.
- Right-click on mbr.exe and click Run as Administrator to start the program.
- When done scanning, it will save a log on the Desktop called mbr.log.
- Please post the contents of that log in your next reply.
-
Here's the log.
[recovering disk space - old attachment deleted by admin]
-
Please download RootRepeal from GooglePages.com (http://rootrepeal.googlepages.com/RootRepeal.zip).
- Extract the program file to your Desktop.
- Run the program RootRepeal.exe.
- Click Settings > Options. Drag the slider to High Level. Then, click the Red X.
- Go to the Report tab and click on the Scan button.
(http://i39.tinypic.com/nclahc.gif)
- Select ALL of the checkboxes and then click OK and it will start scanning your system.
(http://i39.tinypic.com/2j5lb6.gif)
- If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
- When done, click on Save Report
- Save it to the Desktop.
- Please copy/paste the contents of the report in your next reply.
Please remove any e-mail address in the RootRepeal report (if present).