Newbie
Hi,
Recently I used a software called universal formatter to format the code from brothersoft.com. From then if I type a search in google and click on the results they are getting re-directed some web-pages. I did a complete scan with malware bytes but the situation remains the same. Please help me. Thanks.
Senior Member
Print these instructions out.
NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe
***VERY IMPORTANT! Make sure, you update Malwarebytes before running the scans.***
STEP 1. Download Malwarebytes' Anti-Malware: Malwarebytes' Anti-Malware: Malwarebytes to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)
* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick Scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.
The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
RESTART COMPUTER!
STEP 2. Download GMER: GMER - Rootkit Detector and Remover, by clicking on Download EXE button.
Alternative downloads:
- |MG| GMER 1.0.15.15281 Download
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
Do NOT use the computer while GMER is running!
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.
IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.
RESTART COMPUTER
STEP 3. Download HijackThis:
HijackThis - Trend Micro USA
by clicking on Installer under Version 2.0.4
Install, and run it.
Post HijackThis log.
NOTE. If you're using Vista, or 7, right click on HijackThis, and click Run as Administrator
Do NOT attempt to "fix" anything!
DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
Newbie
I've already done the scan. Shall I give the log of the previous two scans also
-------------------------------------------------------------------------------------------------------
Malwarebytes' Anti-Malware 1.46
Malwarebytes
Database version: 4118
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
5/19/2010 9:05:24 PM
mbam-log-2010-05-19 (21-05-24).txt
Scan type: Quick scan
Objects scanned: 157510
Time elapsed: 18 minute(s), 47 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Newbie
This is the log of complete scan
-----------------------------------------------------------------------------------------------------------
Malwarebytes' Anti-Malware 1.46
Malwarebytes
Database version: 4117
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
5/19/2010 5:02:15 PM
mbam-log-2010-05-19 (17-02-15).txt
Scan type: Full scan (C:\|)
Objects scanned: 568832
Time elapsed: 4 hour(s), 57 minute(s), 3 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Documents and Settings\xxxxxxxx\Application Data\238B869B13083CA449DF0FA970652335\hookdll.dll (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP295\A0144177.dll (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP295\A0145177.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
Last edited by somu21; 20-05-2010 at 05:12 AM. Reason: name deleted
Senior Member
No, but I need two other logs.Shall I give the log of the previous two scans also
Newbie
This is the first sacn done using malware bytes
-----------------------------------------------------------------------------------------------------------
Malwarebytes' Anti-Malware 1.46
Malwarebytes
Database version: 4110
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
5/17/2010 6:20:50 PM
mbam-log-2010-05-17 (18-20-50).txt
Scan type: Quick scan
Objects scanned: 149923
Time elapsed: 15 minute(s), 27 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3
Memory Processes Infected:
C:\Documents and Settings\somesh\Application Data\238B869B13083CA449DF0FA970652335\gotnewupdate 000.exe (Malware.Packer.Gen) -> Unloaded process successfully.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\gotnewupdate000.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Documents and Settings\xxxxxx\Application Data\238B869B13083CA449DF0FA970652335\gotnewupdate 000.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\xxxxxx\Local Settings\Temporary Internet Files\Content.IE5\IJOLA5U7\gotnewupdate000[1].exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\xxxxxx\Local Settings\Temporary Internet Files\Content.IE5\VBSNAG4P\security_scanner_AdaabB AIBghAgDe[1].exe (Rogue.GeneralAntivirus) -> Quarantined and deleted successfully.
Last edited by somu21; 20-05-2010 at 05:13 AM.
Newbie
Hi Admin,
The GMER root kit is taking a lot of time ... please do not think I am inactive ..
Senior Member
Thank you for letting me know
