Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

browser redirects and win upd blocked

This is a discussion on browser redirects and win upd blocked within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hi Amateur, Here is my Panda ActiveScan log file... ;*********************************************************************************************************************************************************************************** ANALYSIS: 2011-04-25 08:35:05 PROTECTIONS: 1 MALWARE: 28 SUSPECTS: 3 ;***********************************************************************************************************************************************************************************


 
 
Thread Tools Search this Thread
Old 04-25-2011, 01:37 AM   #41
Registered Member
 
Join Date: Apr 2011
Posts: 24
OS: XP sp3



Hi Amateur,

Here is my Panda ActiveScan log file...


;***********************************************************************************************************************************************************************************
ANALYSIS: 2011-04-25 08:35:05
PROTECTIONS: 1
MALWARE: 28
SUSPECTS: 3
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Microsoft Security Essentials 3.0.8107.0 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No c:\documents and settings\ian\cookies\[email protected][1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\documents and settings\ian\cookies\[email protected][1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\[email protected][2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\documents and settings\ian\cookies\[email protected][2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\lyndsay\cookies\[email protected]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\lyndsay\cookies\[email protected]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\[email protected][1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\lyndsay\cookies\[email protected]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\ian\cookies\[email protected][2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\lyndsay\cookies\[email protected]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\ian\cookies\[email protected][1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\ian\cookies\[email protected][3].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\lyndsay\cookies\[email protected]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\lyndsay\cookies\[email protected]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\[email protected][2].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No c:\documents and settings\ian\cookies\[email protected][1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\[email protected][1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No c:\documents and settings\ian\cookies\[email protected][1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\[email protected][1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\documents and settings\ian\cookies\[email protected][3].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\documents and settings\ian\cookies\[email protected][1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\[email protected][1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\documents and settings\ian\cookies\[email protected][2].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No c:\documents and settings\lyndsay\cookies\[email protected][1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No c:\documents and settings\lyndsay\cookies\[email protected][2].txt
00167647 Cookie/Yadro TrackingCookie No 0 Yes No c:\documents and settings\ian\cookies\[email protected][1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No c:\documents and settings\ian\cookies\[email protected][1].txt
00167749 Cookie/Toplist TrackingCookie No 0 Yes No c:\documents and settings\ian\cookies\[email protected][2].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\documents and settings\ian\cookies\[email protected][1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\[email protected][2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\documents and settings\ian\cookies\[email protected][4].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\documents and settings\ian\cookies\[email protected][3].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\documents and settings\ian\cookies\[email protected][1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\[email protected][1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\documents and settings\ian\cookies\[email protected][2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\documents and settings\ian\cookies\[email protected][3].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No c:\documents and settings\ian\cookies\[email protected][1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\ian\cookies\[email protected][2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\ian\cookies\[email protected][4].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\ian\cookies\[email protected][5].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\[email protected][1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\ian\cookies\[email protected][1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\ian\cookies\[email protected][4].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\ian\cookies\[email protected][1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\ian\cookies\[email protected][2].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No c:\documents and settings\ian\cookies\[email protected][1].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No c:\documents and settings\ian\cookies\[email protected][1].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No c:\documents and settings\ian\cookies\[email protected][2].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\[email protected][1].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No c:\documents and settings\ian\cookies\[email protected][2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\documents and settings\ian\cookies\[email protected][2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\documents and settings\ian\cookies\[email protected][1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\[email protected][1].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No c:\documents and settings\ian\cookies\[email protected][3].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No c:\documents and settings\ian\cookies\[email protected][1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\documents and settings\ian\cookies\[email protected][2].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\[email protected][2].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No c:\documents and settings\ian\cookies\[email protected][1].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No c:\documents and settings\lyndsay\cookies\[email protected][5].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No c:\documents and settings\ian\cookies\[email protected][1].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No c:\documents and settings\lyndsay\cookies\[email protected][3].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No c:\documents and settings\lyndsay\cookies\[email protected][1].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No c:\documents and settings\lyndsay\cookies\[email protected][2].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No c:\documents and settings\lyndsay\cookies\[email protected][4].txt
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No c:\documents and settings\lyndsay\cookies\[email protected][1].txt
00207936 Cookie/Adviva TrackingCookie No 0 Yes No c:\documents and settings\ian\cookies\[email protected][1].txt
00207936 Cookie/Adviva TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\[email protected][1].txt
03074964 Trj/CI.A Virus/Trojan No 0 Yes No c:\qoobox\quarantine\c\documents and settings\administrator\local settings\application data\lonerty.dll.vir
03074964 Trj/CI.A Virus/Trojan No 0 Yes No c:\qoobox\quarantine\c\windows\system32\awina.exe.vir
03074964 Trj/CI.A Virus/Trojan No 0 Yes No c:\qoobox\quarantine\c\windows\system32\bcodb.exe.vir
03074964 Trj/CI.A Virus/Trojan No 0 Yes No c:\qoobox\quarantine\c\windows\system32\lnixk.exe.vir
03074964 Trj/CI.A Virus/Trojan No 0 Yes No c:\qoobox\quarantine\c\windows\system32\pteryo.exe.vir
03074964 Trj/CI.A Virus/Trojan No 0 Yes No c:\qoobox\quarantine\c\windows\system32\pteryp.exe.vir
03074964 Trj/CI.A Virus/Trojan No 0 Yes No c:\qoobox\quarantine\c\windows\system32\uolme.exe.vir
03074964 Trj/CI.A Virus/Trojan No 0 Yes No c:\qoobox\quarantine\c\windows\system32\uolmt.exe.vir
03074964 Trj/CI.A Virus/Trojan No 0 Yes No c:\qoobox\quarantine\c\windows\system32\wservv.exe.vir
03074964 Trj/CI.A Virus/Trojan No 0 Yes No c:\qoobox\quarantine\c\windows\system32\xteryg.exe.vir
03074964 Trj/CI.A Virus/Trojan No 0 Yes No c:\qoobox\quarantine\c\windows\system32\yteryx.exe.vir
03074964 Trj/CI.A Virus/Trojan No 0 Yes No c:\qoobox\quarantine\[4]-submit_2011-04-24_13.03.33.zip[nservn.exe]
03074964 Trj/CI.A Virus/Trojan No 0 Yes No c:\system volume information\_restore{f1347bed-a4c6-4856-bb36-94511a595c53}\rp7\a0008050.dll
03074964 Trj/CI.A Virus/Trojan No 0 Yes No c:\system volume information\_restore{f1347bed-a4c6-4856-bb36-94511a595c53}\rp7\a0008397.exe
03074964 Trj/CI.A Virus/Trojan No 0 Yes No c:\system volume information\_restore{f1347bed-a4c6-4856-bb36-94511a595c53}\rp7\a0008398.exe
03074964 Trj/CI.A Virus/Trojan No 0 Yes No c:\system volume information\_restore{f1347bed-a4c6-4856-bb36-94511a595c53}\rp7\a0008399.exe
03074964 Trj/CI.A Virus/Trojan No 0 Yes No c:\system volume information\_restore{f1347bed-a4c6-4856-bb36-94511a595c53}\rp7\a0008401.exe
03074964 Trj/CI.A Virus/Trojan No 0 Yes No c:\system volume information\_restore{f1347bed-a4c6-4856-bb36-94511a595c53}\rp7\a0008402.exe
03074964 Trj/CI.A Virus/Trojan No 0 Yes No c:\system volume information\_restore{f1347bed-a4c6-4856-bb36-94511a595c53}\rp7\a0008403.exe
03074964 Trj/CI.A Virus/Trojan No 0 Yes No c:\system volume information\_restore{f1347bed-a4c6-4856-bb36-94511a595c53}\rp7\a0008404.exe
03074964 Trj/CI.A Virus/Trojan No 0 Yes No c:\system volume information\_restore{f1347bed-a4c6-4856-bb36-94511a595c53}\rp7\a0008405.exe
03074964 Trj/CI.A Virus/Trojan No 0 Yes No c:\system volume information\_restore{f1347bed-a4c6-4856-bb36-94511a595c53}\rp7\a0008406.exe
03074964 Trj/CI.A Virus/Trojan No 0 Yes No c:\system volume information\_restore{f1347bed-a4c6-4856-bb36-94511a595c53}\rp7\a0008407.exe
03074964 Trj/CI.A Virus/Trojan No 0 Yes No c:\system volume information\_restore{f1347bed-a4c6-4856-bb36-94511a595c53}\rp7\a0008408.exe
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
No c:\program files\eset\eset online scanner\onlinescanneruninstaller.exe
No c:\qoobox\quarantine\[4]-submit_2011-04-24_13.03.33.zip[mnixl.exe]
No c:\system volume information\_restore{f1347bed-a4c6-4856-bb36-94511a595c53}\rp7\a0008400.exe
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
1000578 HIGH MS11-014
1000577 HIGH MS11-013
1000576 HIGH MS11-012
1000575 HIGH MS11-011
1000573 HIGH MS11-007
1000572 HIGH MS11-006
1000567 HIGH MS11-003
1000562 HIGH MS11-002
224952 HIGH MS10-098
224951 HIGH MS10-097
224950 HIGH MS10-096
224931 HIGH MS10-090
223917 HIGH MS10-084
223916 HIGH MS10-083
223914 HIGH MS10-081
223909 HIGH MS10-076
223906 HIGH MS10-073
223904 HIGH MS10-071
223355 HIGH MS10-069
223353 HIGH MS10-067
223352 HIGH MS10-066
223349 HIGH MS10-063
223346 HIGH MS10-061
222627 HIGH MS10-054
222626 HIGH MS10-053
222622 HIGH MS10-049
222621 HIGH MS10-048
222620 HIGH MS10-047
222470 HIGH MS10-046
222062 HIGH MS10-042
221290 HIGH MS10-035
221289 HIGH MS10-034
221287 HIGH MS10-032
219830 HIGH MS10-029
219822 HIGH MS10-021
219821 HIGH MS10-020
219647 HIGH MS10-018
217842 HIGH MS10-015
217839 HIGH MS10-012
217838 HIGH MS10-011
217834 HIGH MS10-008
217832 HIGH MS10-006
217831 HIGH MS10-005
217169 HIGH MS10-002
216839 HIGH MS10-001
215935 HIGH MS09-069
215048 HIGH MS09-065
214075 HIGH MS09-058
214074 HIGH MS09-057
214073 HIGH MS09-056
214072 HIGH MS09-055
213109 HIGH MS09-046
212494 HIGH MS09-042
212493 HIGH MS09-041
211784 HIGH MS09-032
211781 HIGH MS09-029
210625 HIGH MS09-026
210624 HIGH MS09-025
210621 HIGH MS09-022
208380 HIGH MS09-015
208378 HIGH MS09-013
208377 HIGH MS09-012
206981 HIGH MS09-007
206980 HIGH MS09-006
204670 HIGH MS09-001
203505 HIGH MS08-071
202465 HIGH MS08-068
201683 HIGH MS08-067
201258 HIGH MS08-066
201256 HIGH MS08-064
201255 HIGH MS08-063
201253 HIGH MS08-061
209275 HIGH MS08-049
196455 MEDIUM MS08-037
194862 HIGH MS08-032
194860 HIGH MS08-030
;===================================================================================================================================================================================
JCTJennings is offline  
Sponsored Links
Advertisement
 
Old 04-25-2011, 01:41 AM   #42
Registered Member
 
Join Date: Apr 2011
Posts: 24
OS: XP sp3



I have also submitted the submitThis.zip file to bleepingcomputer.
JCTJennings is offline  
Old 04-25-2011, 03:59 AM   #43
TSF-Emeritus
 
amateur's Avatar
 
Join Date: Jun 2006
Location: here & there and everywhere
Posts: 15,384
OS: XP Win7 Win 8.1 Ubuntu 10.10



Thanks. The file is received. Online scan is flagging some tracking cookies, i.e. small files that store information about what sites you visit online. Advertisers use these for statistical analysis and to target ads that you would be more likely to click on. They're not dangerous in and of themselves, per se, but are definitely a good idea to remove periodically.

Here is some reference to cookies (it also tells you how to manage them):

Information About Cookies on Microsoft.com

Description of Cookies

You can block the third party cookies if you'd like:

To block Third party cookies with IE:

1. Click on the Tools button on the Internet Explorer tool bar.
2. Highlight and click on Internet options at the bottom of the Tools menu.
3. Select the Privacy Tab of the Internet Options menu.
4. Select the Advanced button .
5. Select override automatic cookie handling button.
6. To block third party cookies select block under "Third-party cookies".
7. Select "always allow session cookies".
8. Click on the OK button at the bottom of the screen.

You can also use a third party cleaner like TFC

Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean
It's normal after running TFC cleaner that the PC will be slower to boot the first time.

The rest of the flagged items are the backups created by Combofix and in the System Restore Cache. They will be cleared shortly when Combofix is uninstalled. Other than that, you're all set to go. You can delete all the tools you've downloaded for cleaning the system, except Combofix, from your desktop and also their related logs. Combofix needs to be properly uninstalled as instructed below:

============================

Please disable your antivirus application as you've done before .
  • Click Start then Run
  • Now type ComboFix /Uninstall in the run box and click OK. Notice the space between the Combofix and the /
.

This will uninstall ComboFix. It will also implement some cleanup procedures and reset System Restore to prevent reinfection from old restore points.

You may re-enable your antivirus application now.

It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article:

Strong passwords: How to create and use them


You may also consider a password keeper, to keep all your passwords safe.

WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE.

It's vital that you keep all your software up-to-date as older versions may have some security vulnerabilities. Secunia Software Inspector Scan can help you find out which programs need to be updated.

Please respond to this thread one more time so we can mark this thread as resolved.

Surf Safely and Think Prevention!
__________________

amateur is offline  
Sponsored Links
Advertisement
 
Old 04-25-2011, 05:38 AM   #44
Registered Member
 
Join Date: Apr 2011
Posts: 24
OS: XP sp3



Hi Amateur,

I can't thank you enough. I was completely lost on this one. I am truly grateful for your expertise, patience and your prompt detailed responses.

As a by product, I have certainly learnt to take internet security more seriously.

Best regards,

Ian
JCTJennings is offline  
Old 04-25-2011, 09:15 AM   #45
TSF-Emeritus
 
amateur's Avatar
 
Join Date: Jun 2006
Location: here & there and everywhere
Posts: 15,384
OS: XP Win7 Win 8.1 Ubuntu 10.10



Hi Ian,

You're very welcome. Glad to have been able to help.

Take care and stay safe!
__________________

amateur is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 08:58 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts