Thread: Help with virus removal
View Single Post
Old 07-06-2009, 06:09 PM   #1 (permalink)
musskell
Registered User
 
Join Date: Jul 2009
Posts: 1
OS: Windows Vista


Help with virus removal
Hello,

I am a draftsman, and as a student I used the AutoDesk Student Community download utility to try out AutoCAD 2010. During the installation process, I was alerted that Autodesk is temporarily out of student licenses, and to continue with the install which will work as a trial version until activated in the future by one of the new licenses.

Today the trial expired, and I went to go get a key for the software, and I was alerted with the same message. In frustration I started looking for a keygen. I was perfectly aware of the risks but continued regardless, and as a result my machine is now infected.

Both avast anti-virus and windows defender caught the virus immediately but had no effect. This is a link to the file that caused all the trouble:

http://Click this link only if you u...ntains malware Link REMOVED

The only immediate result of opening the file was an alert by windows defender and avast anti-virus; However, a few minutes after, internet explorer windows began popping up on their own. When this first began happening, I did not have any internet explorer windows open.

The pop ups only go to a handful of sites; Although it queries the site differently each time so that the content is different.

So far I have saved these for reference:

http://allabout.biz/search/index.php?said=af104&q=query+here
http://thecoolerreview.com/srch/search.php?track=sg3&qq=query+here
http://impression.name/search/index.php?said=a09&q=query+here

Immediately after I noticed this problem, I updated SpyBot Search and Destroy, and did a full system scan. The scan revealed a few threats, and I attempted to fix them. Of the 8 or 9 categories of found threats, all but five were permanently removed. The other 5 were removed but only temporarily, and they were listed as "DNSflush.cws". I removed them for the second time, but I am unsure of whether or not they would show up in another scan. The problem currently persists so the spybot entries may not have been the culprits.


I have run a few scans on the computer, and I have pastebined them readability. They are also attached in a compress archive if you would prefer to download them.

Here are the links to the scans:
HijackThis Pastebin
DDS Pastebin
DDS Attach Pastebin
GMER Pastebin


Thank you very much for your help. Let me know if there any important details that I may have left out.
-Kent
Attached Files
File Type: zip Scan Logs.zip (11.3 KB, 3 views)
Last edited by tetonbob; 07-08-2009 at 09:22 AM. Reason: removed malicious link, munged others
musskell is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here