Avast blocked the atack too on on-scanner, removed it but still wouldnt let me acess Avast site, Spybot updates or microsft updates.
Seems all my Security updates wouldnt work, its like he blocked all my chances to update my system security too.
My desktop computer is having problems with Internet Explorer. Much of the time (every time?) I click on links in "google" search results, I get redirected to "go.google.com", or I just get "Internet Explorer cannot display the web page". Also, while not a real problem, text fonts in "google" search results are bigger than they used to be. Text fonts are also larger in the AOL web-based e-mail page (of an account I'm in the process of trying to wean the family off), which is also unusable from the problem desktop computer. I'm not at all sure why I can get to this site, but thankful nonetheless.
Before looking here, I ran two routine scans: Spybot S&D gave me just two results, both related to “CoolWWWSearch.Svchost32”. (Yuck!) McAfee flagged a couple of similar things as well. Sorry, I don’t have the exact transcripts right now, but can get them if it’s important.
Im made this topic so avast can prevent this later with on-scanner, hope it comes soon with next update so anyone dont have to go with a bad day as i did, it was a nasty spyware -_-
My best wishes to the great avast team that always helped my system and am eternaly thankful to you.
Thanks for the tips
MBAM is a great scanner - keep it updated as some malware breaks your internet connection
while you are are at the MAlwarebytes.org site a scan with their Rogue Remover Free does not hurt
we also recommend a scan With Super Anti Spyware update Scan clean-quarantine
post the logs if they find anything
Have you done an avast boot time scan?
did you google that CLSID in the Spybot scan?
Yeah did scan with avast but didnt detect that svc host, i tell you it was my 1st time in life to get hijacked like that as im a very catious guy, so avast should take care on this one because it was a real nasty hijack for sure.
Didnt detect on offline scan, but the on-scanner was detecting the atacks and blocking it.
Spybot no longer seems to help much this days, malware could finaly remove it, altough Avast on-scanner blocked at least 5 atacks of it “DCOM something” thats all i can remember on the on-scanner blocking protection, thanks for everything and shall have your advice.
The DCOM alert are from the Network Shield, it monitors ports that are commonly used by malware trying to exploit vulnerabilities with out of date OS, etc. If your firewall is doing its job the network shield shouldn’t get a look in the firewall should be first.
what I’ve found lately is that
Third party firewall is essential
Avast is your first line of defense after the firewall
Malware bytes does the best initial clean
however Rogue Remover, Spybot and SAS all find things missed by MBAM (as do otehr programs such as A-squared)
IMHO SPybot s-d helper and Immunize are essential tools unless you have provided others
One technique is to send the hit to virus total and see who detects it who has a free scanner and then run that scanner like F-secure Bit Defender Panda etc
They may find more associated garbage, fragments, etc
another is to google the hit and see what get’s it-
IN your case spybot found a hit
MBAM found some firends
Was anyone else at the party?
I’ve been working on seemingly the same malware most of this evening as well.
The Browser hijacking piece is particularly nasty in that any attempts to download fixes are redirected. I get edmunds.com as the redirects, so I think the users favorites list or history in the browser is being used in some fashion.
My problems started out with the IEBTM.exe file removal, but I soon discovered that was just the beginning. I still can’t get Avast to update itself because of the browser redirects. Fortunately I have another PC on the same network to work from.
I second the note about this being a high priority problem to add to the detection step(s) by Avast. It took me quite a while to figure out what was going on in the first place. I still have some rogue IE processes being started, I think by artifacts of the IEBTM.exe thing. Doing a deep scan now with MBAM, then going to run the Rogue Remover . . . Stay tooned . . . :c)
Just a follow-up on previous post, the deep scan by MBAM found a few more files that the Quick Scan didn’t, and apparently those were the culprits for the redirects. So now Avast can update itself again.
First time I’ve used MBAM, I think I’ll keep it around for awhile . . . :c)
I’ve never had this bad of an intrusion since using Avast either. It was rather disheartening while working through it.
Still some more, looks like I spoke too soon, some of it has returned. The Iexplorer process has reappeared. It periodically links to some audio site someplace with a phantom IE window.
Blammo
could you start a new thread with your avst and MBAM logs (we have to know what you’re finding)
then go to the top of this forum and read the stickie concerning Hijack this and post a HJT
while you’re waiting SAS updates frequently so if your scan was last week you dould run another one
an on line AV scan like Dr Web Cure It, Bit Defender, Panda, F-secure- your favorite
post the log and quarantine any hits
the Trend Micro Anti rootkit tool
do you have microsoft windows defender or
spybot search and destroy installed?
if spybot turn of t-timer for the duration
IE?
Firefox or ?
what firewall?
hosts file?
spywarebalster?
lots of things to keep you busy while waiting for replies
As for me i just have the default windows firewall.
Installed i have:
Avast Antivirus/ Spybot/ Advanced Windows Care/ and Mallwarebytes since that hapened.
To me Mallwarebytes could solve my problem since i asked someone to download it for me and give trough msn, i installed it and updated imidiatly, made a complete thourough scan with and detected various much more than spybot, also had to reboot pc for it to complete remove that nasty thing.
Everything went ok and back to normal behavior in my browser FF or IE7.
The only comp i ever installed a firewall was on my “laptop Acer” that had an official driver of Nvidea coming with a firewall 0.0; i uninstalled later because i didnt trust it too much, but one day my laptop no longer could acess internet, my 1st suspicious was that firewall of nvidea -_- i did reset every seting of firewall, tryed so many things and no more net in my laptop lol…
By the way i got a mbam log report file if it helps a litle: (shall also show registry keys here)
Registry keys infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videoegg.com/publisher,version=1.5 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MozillaPlugins\@videoegg.com/publisher,version=1.5 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tdssadw.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssl.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssserf.dll (Trojan.Agent) -> Delete on reboot. (im sure i detected this one today again after a complete torough scan with mbam)
C:\WINDOWS\system32\tdssmain.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssinit.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdsslog.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssservers.dat (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\drivers\tdssserv.sys (Trojan.Agent) -> Delete on reboot.
Blam- start a new thread
OTAKU thanks this is for you
MBAM is a great program but Spybot also finds things that MBAM does not find as does Super Anti Spy
Windows one care also has a scanner- sometime you get lucky with that one- it recently found 6 items that none of the above 3 found
was there a 2 way firewall in the one care package?
are you on a trial?
The AV will conflict with Avast
run another avast boot time scan
run the Trend micro anti rootkit tool
might as well update and run the advanced windows care scanner- did you install the AV or firewall?
then look at the stickies at the top of the forum and post a HJT
Theres no single thing detected of spyware in my laptop, it just stoped conecting to internet.
I have SDL net cable, i wouldnt need to configure my net to use on this modem, so do you sugest i make a new net configuration? lol im somewhat noob in it so hope you can guid me a litle.
By the way im now an important member (20 posts ) ;D
Dear Important Member
I had the same symptoms and got going by fooling around refreshing and troublshooting in connections
perhaps there is a network person lurking?
That pest that was found is serious
stay on top of it