Ilivid

Hi! mother in law’s PC has/had the Ilivid virus. I ran through all this a few months back with my pc, so that helped prepare me for doing this again…sigh.

Anyway…here are the logs, since running everything I haven’t noticed any more problems. Hopefully something I did removed it, but here are the logs to make sure.

And more

Thanks!!!

hey and welcome to the forum. thanks for attaching the needed logs.

A malware expert will help you from here when one i online. :wink:

Hi,

Re-run OTL.exe.

[*]Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.

:OTL
IE - HKLM\..\SearchScopes\{34e26447-bf30-4c78-a5b9-61dfa8a55e67}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XMxdm003YYus&ptnrS=XMxdm003YYus&si=COnx9ui70K4CFSZgTAodY2Un4A&ptb=BC848C62-F0B4-4A81-A3D6-1E56C698F1E6&psa=&ind=2012030514&st=sb&n=77ed2632&searchfor={searchTerms}
IE - HKU\S-1-5-21-4054425916-3429180180-2467715159-1000\..\URLSearchHook: {f15ff29f-85a1-43cd-9674-e5ba40016c97} - No CLSID value found
IE - HKU\S-1-5-21-4054425916-3429180180-2467715159-1000\..\SearchScopes\{34e26447-bf30-4c78-a5b9-61dfa8a55e67}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XMxdm003YYus&ptnrS=XMxdm003YYus&si=COnx9ui70K4CFSZgTAodY2Un4A&ptb=BC848C62-F0B4-4A81-A3D6-1E56C698F1E6&psa=&ind=2012030514&st=sb&n=77ed2632&searchfor={searchTerms}
FF - HKCU\Software\MozillaPlugins\@tnt2toolbar.com/Plugin: C:\Users\Ada\AppData\Local\TNT2\2.0.0.1057\npTNT2.dll (Tightrope)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Ada\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKLM\Software\MozillaPlugins\@DailyBibleGuide.com/Plugin: C:\Program Files\DailyBibleGuide\bar\1.bin\NP2vStub.dll (MindSpark)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\2vffxtbr@DailyBibleGuide.com: C:\Program Files\DailyBibleGuide\bar\1.bin [2012/03/05 14:16:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2013/05/14 17:17:20 | 000,000,000 | ---D | M]
CHR - plugin: MindSpark Toolbar Platform Plugin Stub (Enabled) = C:\Program Files\DailyBibleGuide\bar\1.bin\NP2vStub.dll
O2 - BHO: (Search Assistant BHO) - {0631bff0-6846-48ca-982d-d62d7f376e97} - C:\Program Files\DailyBibleGuide\bar\1.bin\2vSrcAs.dll (MindSpark)
O2 - BHO: (Toolbar BHO) - {beea7fa9-d1f4-49a2-9b1f-6fb7a2d9bc2a} - C:\Program Files\DailyBibleGuide\bar\1.bin\2vbar.dll (MindSpark)
O3 - HKLM\..\Toolbar: (DailyBibleGuide) - {2a942ab7-2073-49bc-a7e1-77e93835889a} - C:\Program Files\DailyBibleGuide\bar\1.bin\2vbar.dll (MindSpark)
O3 - HKLM\..\Toolbar: (no name) - {E465DFF7-488A-49D1-9728-8F6C41DCEBE3} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-4054425916-3429180180-2467715159-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-4054425916-3429180180-2467715159-1000\..\Toolbar\WebBrowser: (DailyBibleGuide) - {2A942AB7-2073-49BC-A7E1-77E93835889A} - C:\Program Files\DailyBibleGuide\bar\1.bin\2vbar.dll (MindSpark)
O3:HKU - HKU\S-1-5-21-4054425916-3429180180-2467715159-1000\..\Toolbar\WebBrowser: (s1 Search.us.com Toolbar) - {E465DFF7-488A-49D1-9728-8F6C41DCEBE3} - C:\Users\Ada\AppData\Local\TNT2\2.0.0.1057\IEToolbar.dll (Freshy.com)
O4 - HKLM..\Run: []  File not found

:commands
[CREATERESTOREPOINT]
[emptytemp]

[*]Then click the Run Fix button at the top.
[*]Let the program run unhindered; it will reboot the system when it is done and open notepad with logreport. Attach here that logreport.[/list]

If the log doesn’t appear, it can be found here:

c:_OTL\MovedFiles\mmddyyyy_hhmmss.log
.

Please download zoek.zip (
http://www.mcshield.net/personal/magna86/Images/Zoek_icon.png
) from here or here and save it to your Desktop.
Unpack the archive…
[list]
[*]Close any open browsers
[*] Temporarily disable your AntiVirus program. (If necessary)
If you are unsure how to do this please read this or this Instruction.

[*]Double click on zoek.exe to run the tool .
Please wait while the tool does not start…

[*]Copy the text present inside the code box below and paste it into the large window in the zoek tool:

filesrcm;
startupall;
skipfix-iedefaults;
firefoxlook;
chromelook;

[*] Click on
http://www.mcshield.net/personal/magna86/Images/Run%20Script%20by%20zoek.png
button.
Please wait until a logreport will open (this can be after reboot)

[*]Save notepad to your Desktop and attach here zoek-results.log
Note: It will also create a log in the C:\ directory named “zoek-results.log

Done and done. :slight_smile:

Re-run zoek with this script:

emptyclsid;
C:\users\Ada\AppData\Local\DataMngr_Toolbar;fs
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DailyBibleGuide Search Scope Monitor];r
"command"=-;r
C:\\PROGRA~1\\DAILYB~2;fs
ippkomaaonokjnfjoikaemidanojkfmm;chr
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main];r
"Start Page"="http://www.google.com/";r
[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}];r
C:\ProgramData\WeCareReminder;fs
emptyalltemp;
autoclean;

Got it!!

Thanks so much!

This looks good , do you still have a problem with Ilivid crap?

I think I’m good, thanks so much! If I see anything else I’ll start over, as always. Heh.

Please download DelFix by “Xplode” to your Desktop.

Run the tool and check the following boxes below;

[] Remove disinfection tools
[
] Create registry backup
[*] Purge System Restore

Now click on “Run” button. Wait for the programme completes his work.
All the tools we used should be gone.
Tool will create and open an log report (DelFix.txt)
Note: The report will also be stored on C:\DelFix.txt

I don’t need DelFix log report.