Hello,

This afternoon I got home to find my mom in a fit over some link that she clicked in her email. She said she received an email from a friend with a link, clicked it, and it opened a “Google page”, but she thought it was a virus, because her friend told her she hadn’t sent any emails.

I checked out the email and the link is a weird website I’ve never heard of, clearly spam. When I accessed the main website, it was in German, but it looks like it’s real. I think it might have done something and then redirected to Google, but I can’t figure out what. There are no unknown files in the “downloaded files”, and the weird link doesn’t even show up in the browser’s history.

My regular anti-virus (AVG) found some malware (MalSign.Media.C10), but it was in a file with the name of a Google search we did a few weeks ago with the .exe extension. I don’t think that file was there before, but since this isn’t my computer, I can’t be sure.

I used the iWebTool code viewer (which I Googled for, so I don’t know if it’s any good) to see the weird link’s source code, and it’s attached as a txt file.

I also ran Malwarebytes, and it didn’t find anything. I ran OTL and here’s the log. I also ran AdwCleaner (log attached) while trying to get rid of an Ask Toolbar she installed with a Java Update, in case it makes a difference.

We use this computer a lot for banking and other stuff, so I just wanna make sure it’s clean. I won’t feel safe until I know what that link did and how to fix it. Let me know if there’s anything else I need to do, other than have a serious conversation with my mother about opening unknown links.

Thanks in advance,

–J

You said the mail was in german… did/does it look like the one here http://forum.avast.com/index.php?topic=149335.0

Malware experts will check your logs when online…it is bedtime her now

No, the email only had the link itself, no text. I can’t even see the website, because it immediately redirects to Google (I figured I’d test it before I started checking for viruses and stuff, just so I could see what happened). The thing in German was the main website, for example:
link in email → http:// thisweirdwebsite .com/someotherstuff
website I accessed: http:// thisweirdwebsite .com

Sorry I wasn’t clear enough, English is not my first language I remember reading somewhere we shouldn’t post these links, that’s why I didn’t, but I still have it if it’ll help.

Nothing untoward showing, are you experiencing any problems ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF

:Commands
[CREATERESTOREPOINT]

:OTL
SRV - [2014/03/26 18:06:53 | 000,166,352 | ---- | M] (APN LLC.) [Auto | Running] -- C:\Arquivos de Programas\AskPartnerNetwork\Toolbar\apnmcp.exe -- (APNMCP)
O4 - HKLM..\Run: [ApnTBMon] C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (APN)
[2014/04/22 20:25:10 | 000,000,000 | ---D | C] -- C:\ProgramData\AskPartnerNetwork
[2014/04/22 20:25:10 | 000,000,000 | ---D | C] -- C:\Program Files\AskPartnerNetwork
[2014/04/22 20:25:01 | 000,000,000 | ---D | C] -- C:\ProgramData\APN

:Commands
[resethosts]
[emptytemp]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

No, I’m not really experiencing any problems, and everything seems to indicate nothing’s wrong, but I just can’t figure out what happened when she clicked that link, so I just wanna make sure I’m safe when I shop online and or pay my bills.

Here’s the log after that fix.

Thanks.

As far as I can see the system looks clean

Thank you very much I’ll sleep better knowing that.