Ok everyone not sure how many people have gotten this virus or not it attaches itself to your firefox host files…I recently got a virus that redirected me to a site called www.mysearchpoint.com. I’m not sure how I got it but I do know that it was only on firefox for me. I used Free Avast Anti-virus, Spybot Search and destroy, and Malwarebytes and found a lot of Trojans and Malware and removed them all. The only thing was it was still doing it. I’m not completely sure how to contact Avast directly on this but I will note that I had to remove all of my host files to get rid of this…I also tried another program that found even more, but still wasn’t enough the program was called Kaspersky virus removal tool. All of these programs are free and I use them on a daily basis. But still became prone to this virus I’m not sure if this will help at all but a friend told me to download something called HijackThis to bring up a report to post for the owners of Avast and all of the other programs I used to report it. I really hope that avast gets this report and puts this in there virus data base. If anyone knows how to contact them in a better way please do. Also I can’t post the results to the HijackThis here I will try to in a reply.
Download OTL to your Desktop
Double click the OTL to run it click on Run Scan and when tool finish the scans, it will open notepad with OTL log reports.
Also,you will find OTL.Txt and Extras.Txt on your Desktop. Attach them here…
Hi dawnrstevens1983,
Munge the address you gave so it becomes non-click-through through for instance a simple space after the first dot:
www. mysearchpoint.com/ or like this wXw.mysearchpoint.com/
polonus
I agree, and a new malware sample (if there are) we will pick them after cleaning ( Quarantine )
Hi,
I’ve noticed that DawnRStevens did not attach a file, but I’m having the same exact problem. I’ve attached my file. If anyone can help, I’d really appreciate it. This ‘redirect virus’ is really frustrating.
Thanks in advance.
I am not expert at ots,neither familiriazed but as i was watching your log i saw a suspicious process kbduswow.exe
More info abou that here : http://www.superantispyware.com/malwarefiles/25F7.TMP.html
SIrobloud There is a possible TDL3 infection as well as the other miscreant on the system
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL SRV - File not found [Auto | Stopped] -- -- (SolutoService) SRV - [2011/03/15 19:15:44 | 001,430,528 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\polstore32.exe -- (RasAuto32) O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - File not found O4 - HKLM..\Run: [kbduslwow.exe] C:\WINDOWS\kbduslwow.exe () O16 - DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Value error.) O20 - AppInit_DLLs: (C:\WINDOWS\system32\javacypt32.dll) - C:\WINDOWS\system32\javacypt32.dll (Borland Software Corporation) O20 - HKLM Winlogon: UserInit - (C:\Program Files\Soluto\soluto.exe /userinit) - File not found [2011/03/23 14:45:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\964830911 [2011/03/22 08:31:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\337105991 [2011/03/18 10:19:01 | 000,257,536 | ---- | C] (Borland Software Corporation) -- C:\WINDOWS\System32\javacypt32.dll [2011/03/18 10:18:45 | 000,416,768 | ---- | C] (Borland Software Corporation) -- C:\WINDOWS\System32\atiexdxx32.dll [2011/03/29 09:54:27 | 000,522,752 | -HS- | M] () -- C:\WINDOWS\kbduslwow.exe [2011/03/28 17:29:28 | 000,522,752 | -HS- | M] () -- C:\WINDOWS\iasnapwow.exe [2011/03/28 17:26:16 | 000,210,432 | ---- | M] () -- C:\WINDOWS\System32\kbdbene32.exe [2011/03/18 10:18:51 | 000,210,432 | ---- | M] () -- C:\WINDOWS\System32\javacypt32.exe [2011/03/18 10:18:45 | 000,416,768 | ---- | M] (Borland Software Corporation) -- C:\WINDOWS\System32\atiexdxx32.dll [2011/03/15 19:15:44 | 001,430,528 | ---- | M] () -- C:\WINDOWS\System32\polstore32.exe:Files
ipconfig /flushdns /c:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
THEN
Please read carefully and follow these steps.
[*]Download TDSSKiller and save it to your Desktop.
[*]Extract its contents to your desktop.
[*]Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillermain.png
[*]If an infected file is detected, the default action will be Cure, click on Continue.
http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerMal-1.png
[*]If a suspicious file is detected, the default action will be Skip, click on Continue.
http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerSuspicious.png
[*]It may ask you to reboot the computer to complete the process. Click on Reboot Now.
http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerCompleted.png
[*]If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
[*]If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of “TDSSKiller.[Version][Date][Time]_log.txt”. Please copy and paste the contents of that file here.