JS:Redirector-BOS [Trj] victim here; HELP!

I use utorrent. Guilty. I promise to change. Now, can anyone help me figure out how to get rid of this trojan? Thank you in advance! Logs below

P.S. I’ve installed Malwarebytes Anti-Malware and it didn’t find nothing in “quick scan” option. After that I’ve downloaded adwcleaner it did find some stuff and I removed everything that it did find, but still no luck getting rid of that trojan in the uTorrent

can you attach a screenshot of the avast popup

A screenshot would be nice :slight_smile:

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:Commands
[CREATERESTOREPOINT]

:OTL
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (ag51t84j)

:Commands
[resethosts]
[emptytemp]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download the latest version of TDSSKiller from here and save it to your Desktop.

[*]Doubleclick on TDSSKiller.exe to run the application

https://dl.dropbox.com/u/73555776/tdss%20start.JPG

[*]Then click on Change parameters.

https://dl.dropbox.com/u/73555776/tdss%20Change%20param.JPG

[*]Check the boxes beside Verify Driver Digital Signature, Detect TDLFS file system and Use KSN to scan objects , then click OK.

[*]Click the Start Scan button.

[*]If a suspicious object is detected, the default action will be Skip, click on Continue.

https://dl.dropbox.com/u/73555776/tdss%20threat.JPG

[*]If malicious objects are found, they will show in the Scan results and offer three (3) options.
[*]Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

[*]Get the report by selecting Reports

https://dl.dropbox.com/u/73555776/tdss%20report.JPG

[*]Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Please copy and paste its contents on your next reply.

As per your request guys I’m uploading you a screenshot. Should I proceed with essexboy’s instructions?

yes, he is the removal expert that will help you…

Thanks, that shows that utorrent is the culprit

Essexboy, should I proceed using OTL fix and Kaspersky?

Sorry … Yes please as AswMBR showed an unknown I would like to check out

Alright then. Off I go to hunt that bug. Thanks guys!

I created a new topic here.

Sorry for the inconvenience.

Could you create a new topic please as each fix will only be relevant to that system

Here;s another OTL.txt

Bad news guys. Kaspersky didn’t find a thing wrong with my OS. Still getting that same threat message. I’ve attached the Kaspersky log file. What’s my next move?

Do you have seeds for utorrent on your system ? As that is where it is originating from, I do not use torrent but is there a way of clearing all the downloaded files that you have in there ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:Commands
[CREATERESTOREPOINT]

:OTL
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (aah2qjpi)
IE - HKU\S-1-5-21-1203626609-1648255891-3676658678-1000\..\SearchScopes\{877439B4-8D86-43C9-AF0A-505C7908F994}: "URL" = http://search.softonic.com/INF00176/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=5650982e000000000000902b34203bb5&r=768

:Commands
[resethosts]
[emptytemp]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done

Yes, I’m seeding some stuff via uTorrent, but I want to delete everything from it. The culprit is one or two files. What should be my next move?

I don’t want to delete…

Run the fix to clear the last remnants. Unfortunately none of my tools will be able to look inside torrent to find the culprit

So I’ve deleted all the torrents from the uTorrent and now I have a question how can I be sure that trojan is gone for good. After I’ve deleted everything from the uTorrent I selected my recycle bin and and followed it with “empty recycle bin”. I got 668 files that couldn’t be removed and I had to skip them. Will I have a problem later on because of that? My recycling bin is empty right now. I also used CCleaner to be safe so that everything should be gone for good

Unfortunately that is the side effect of torrents, it takes just one bad guy to ruin it for the rest

Have the alerts ceased now ?

To empty everything use TFC

Clear Cache/Temp Files
Download TFC by OldTimer to your desktop

[*] Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
[*]It will close all programs when run, so make sure you have saved all your work before you begin.
[*]Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
[*]Once it’s finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

After I launched the TFC I had blue screen of death appear, is that normal?