I’ve tried running every scan I can think of but can’t get rid of this pesky redirect virus/malware. Can someone help?
I’ll start attaching logs starting with ADWCleaner once it finished and I restart.
Thanks,
Anthony
Here is the AdwCleaner log
Malware Bytes Log - no problems found
OTL Scan Logs
aswMBR log attached.
I’d appreciate help anyone can provide. Please let me know if I should move on to running RogueKiller.
There is another common URL that Avast! is blocking: http://imnjuhost.com/search/anticheat6.php?username=mc0012
hey and welcome to the forum is it only in chrome you get the redirect or are other browser the same? like IE, Firefox, Opera.
a malwar expert will help you from here when one is online.
upate: i have send a message to a expert called magna86 how will help you out when he gets online.
Hi, 
Is this your personal computer or computer from work?
Also, i see that you have been run Combofix.
Please read!
http://www.techsupportforum.com/1829551-post6.html
http://www.bleepingcomputer.com/forums/topic273628.html
Please go to systemroot (C:) and attach here Combofix.txt log
Please go to systemroot partitions ( C: ) and attach AdwCleaner[S1].txt log.
http://imageshack.us/a/img841/7292/thisisujrt.gif
Please download Junkware Removal Tool to your desktop.
[]Shut down your protection software now to avoid potential conflicts.
[]Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select “Run as Administrator”.
[]The tool will open and start scanning your system.
[]Please be patient as this can take a while to complete depending on your system’s specifications.
[]On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
[]Post the contents of JRT.txt into your next message.
Re-run OTL.exe.
[*]Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.
:Otl
FF - prefs.js..extensions.enabledAddons: {687578b9-7132-4a7a-80e4-30ee31099e03}:3.12.2.3
FF - prefs.js..extensions.enabledItems: FFToolbar@bitdefender.com:2.0
O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
:Files
C:\USERS\ANTHONY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UMH0WPTB.DEFAULT\EXTENSIONS\{687578B9-7132-4A7A-80E4-30EE31099E03}
ipconfig /flushdns /c
netsh int ip reset c:\resetlog.txt /c
ipconfig /release /c
ipconfig /renew /c
:Commands
[CREATERESTOREPOINT]
[emptytemp]
[*]Then click the Run Fix button at the top.
[*]Let the program run unhindered; it will reboot the system when it is done and open notepad with logreport. Attach here that logreport.
Re-run OTL. Just click on RunScan button and attach here fresh OTL.txt logreport.
here is the combofix, adwcleaner[s1], JRT logs. I’ll post the results from the OTL fix once my computer restarts.
Ok.
Attach here report from TDSSKiller. It is created in your root directory, ( C:\ folder) in the form of “TDSSKiller.[Version][Date][Time]_log.txt”.
Here is the TDS Killer Log.
And the OTL Log
Hi,
Running from: c:\users\Anthony\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GF4XJ812\ComboFix.exe
Delete old Combofix and download fresh one from here …
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
…to your Desktop! CF needs to be run from desktop.
Open notepad and copy/paste the text present inside the code box below:
ClearJavaCache::
KillAll::
Folder::
c:\windows\system32\config\systemprofile\AppData\Local\Avg2013
c:\programdata\AVG January 2013 Campaign
Save this as CFScript.txt
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Close all browser windows and refering to the picture above.
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will will re-run. When finished, it will produce a log for you.
Attach the contents of the log in your next reply. (typical location: C:[b]ComboFix.txt[/b] )
How’s your computer running now?
I just realized I accidently ran this from my downloads folder, not desktop. I meant to copy the exe but it created a shortcut instead and that’s what I ran… Should I re-run from desktop with the same CFScript? I’ve attached the ComboFix log from running it from my Downloads folder.
And here is a fresh log from OTL
How’s my computer running now? Currently still getting the redirection.
Hi,
Open notepad and copy/paste the text present inside the code box below:
Folder::
c:\windows\system32\config\systemprofile\AppData\Local\Avg2013
c:\program files (x86)\Toolbar Cleaner
KillAll::
RegNull::
[HKEY_USERS\S-1-5-21-1512160127-1509471352-3408847190-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*w*m*v*dœ;5\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
Save this as CFScript.txt
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Close all browser windows and refering to the picture above.
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will will re-run. When finished, it will produce a log for you.
Attach the contents of the log in your next reply. (typical location: C:[b]ComboFix.txt[/b] )
Visiting Secunia Online Software Inspector …
Free Online Computer Scan - Online Software Inspector (OSI) - Secunia
http://secunia.com/vulnerability_scanning/online/
[*] Click ‘Start Scanner’
[*] Wait for Status/Currently Processing: at the lower left to say ‘Java Applet loaded successfully. (allow java to run) Press “Start” to begin.’
[*] Click ‘Start’.
[*] The scan should take less than a minute or so.
[*] When done, download and install all the recommended updates.
Please download zoek.exe and save it to your desktop.
[*] Close any open browsers.
[*] Temporarily disable your AntiVirus program. (If necessary)
If you are unsure how to do this please read this or this Instruction.
[*] Double click on zoek.exe to run the tool .
Please wait while the tool does not start…
Check the options below:
Standard Search
Autoclean
Empty All Temp
Recently Created
InstalledPrograms
Firefox Default
IE defaults
Startup info
ResetChrome
System Restore Point
[*] Click on Run script button
Please wait until a logreport will open (this can be after reboot)
[*] Save notepad to your Desktop and attach here zoek-results.log
Note: It will also create a log in the C:\ directory named “zoek-results.log”
Here are the Zoek and Combofix logs. I ran the online software inspector and installed one fix - for flash player.
I’ll wait for the next steps. Thank you so much for your help!
Re-run zoek.exe
[*] Close any open browsers.
[*] Temporarily disable your AntiVirus program. (If necessary)
If you are unsure how to do this please read this or this Instruction.
[*] Double click on zoek.exe to run the tool .
Please wait while the tool does not start…
[*] Copy the text present inside the code box below and paste it into the large window in the zoek tool:
shortcutfix;
autoclean;
firefoxlook;
chromelook;
emptyclsid;
[*] Click on Run script button
Please wait until a logreport will open (this can be after reboot)
[*] Save notepad to your Desktop and attach here zoek-results.log
Note: It will also create a log in the C:\ directory named “zoek-results.log”
Please download Shortcut Cleaner from the following web page and save it to your Windows desktop.
http://www.bleepingcomputer.com/download/shortcut-cleaner/
[*]Once the file is downloaded, double-click on the ss-cleaner.exe file that should now be on your desktop.
If you are using Windows Vista, 7, or 8 you will need to allow it to run when the prompt appears.
[*]Shortcut Cleaner will now start and scan your computer for hijacked Windows shortcuts
if any are found it will automatically clean them for you.
[*]When it is done, it will show you a log that contains a list of shortcuts that were cleaned.
[*] Please attach that log into your next reply
How’s your computer running now? Do you still have redirections and avast warnings? If you do, please do screenshot of that warning so i may see what’s happening.
Here are the logs. The redirection is still happening. This still is in Chrome only. I’ve attached some screenshots.