HTML/RedirME-inf[Trj]

system · September 30, 2013, 9:24pm

bonjour

depuis plusieurs jours maintenant quand je vais sur mes sites habituels l’équipe faceb00k… des popsup s’ouvrent et avast me bloque ces pages en me disant:
cheval de troie bloqué :
le nom d’une page web : http://ahizz.movies-online.squrrel.com/npytsurveyNoTOV.html (ou autre)
menace: HTML/RedirME-inf[Trj]
j’ai lancé un scan : rien n’a été détecté
cela signifie-t-il que mon ordinateur est infecté ?
quelle est la marche à suivre ?

essexboy · September 30, 2013, 10:02pm

Download OTL to your Desktop
Secondary link

[*]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

https://dl.dropbox.com/u/73555776/OTL_Main_Tutorial.gif

[*]Select All Users
[*]Under the Custom Scan box paste this in

netsvcs
BASESERVICES
%SYSTEMDRIVE%*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
dir “%systemdrive%*” /S /A:L /C
CREATERESTOREPOINT

[*]Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
[*]Post both logs

system · October 1, 2013, 9:29pm

Hello

Thx for your answer
Here is the ODT report (I don’t find the Extra ?)

http://textup.fr/71870Pp

essexboy · October 2, 2013, 2:41pm

Let me know if this fixes it

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:Commands
[CREATERESTOREPOINT]

:OTL
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=coolmsd&cd=2XzuyEtN2Y1L1QzutDtDtC0F0CyC0F0AyCyDtAyCyC0EzyyEtN0D0Tzu0CyDtCtCtN1L2XzutBtFtBtFtCtFyDyByEtN1L1Czu1R1F1F1I1H1B1Q&cr=1212408644&ir=
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=coolmsd&cd=2XzuyEtN2Y1L1QzutDtDtC0F0CyC0F0AyCyDtAyCyC0EzyyEtN0D0Tzu0CyDtCtCtN1L2XzutBtFtBtFtCtFyDyByEtN1L1Czu1R1F1F1I1H1B1Q&cr=1212408644&ir=
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=coolmsd&cd=2XzuyEtN2Y1L1QzutDtDtC0F0CyC0F0AyCyDtAyCyC0EzyyEtN0D0Tzu0CyDtCtCtN1L2XzutBtFtBtFtCtFyDyByEtN1L1Czu1R1F1F1I1H1B1Q&cr=1212408644&ir=
[2011/09/07 18:12:00 | 000,089,388 | ---- | M] () (No name found) -- C:\Users\Céline\AppData\Roaming\Mozilla\Firefox\Profiles\6rlf8bfb.default\extensions\{dd05fd3d-18df-4ce4-ae53-e795339c5f01}.xpi
O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O3 - HKU\S-1-5-21-1801811131-2594106703-2017142490-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-1801811131-2594106703-2017142490-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O20 - AppInit_DLLs: (c:\progra~3\browse~1\261562~1.220\{c16c1~1\browse~1.dll) - File not found

:Commands
[resethosts]
[emptytemp]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

system · October 2, 2013, 4:50pm

hello
this is the report
http://textup.fr/71911GT
thank you for your help ( Can you explain me what you did ?

essexboy · October 2, 2013, 8:44pm

start.mysearchdial.com this was the problem it was set as your main page in IE along with the search … Have the alerts now ceased ?

system · October 3, 2013, 5:25am

I thought everything was OK but
another alert came …
cheval de troie HTML/RedirME-inf[Trj]
but with another website

essexboy · October 3, 2013, 8:12pm

cheval de troie HTML/RedirME-inf[Trj] this indicates a web site infection. There is a script that attempts to redirect to an advertising site on that site

system · October 5, 2013, 8:50pm

What can i do to preserve me against these “attacks” ?

Today another one called URL:Mal2

essexboy · October 5, 2013, 9:21pm

Webshield is blocking the attempted redirect so you are safe

WebShield bloque la tentative de redirection alors que vous êtes en sécurité

system · October 6, 2013, 6:26pm

OK THX

But it happens on the websites i visit everyday; when i click on a link an add appears and then the messages…

Before i didn’t had any problems

essexboy · October 7, 2013, 7:03pm

OK lets look in a different area

Please download Junkware Removal Tool to your desktop.

[]Right-mouse click JRT.exe and select “Run as Administrator” the tool will open and start scanning your system
[]please be patient as this can take a while to complete depending on your system’s specifications
[]On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
[]post the contents of JRT.txt into your next message.

HTML/RedirME-inf[Trj]

Announcements