Yet another JS:Redirector-BOS [Trj] thread

So, I also have been getting popups stating that JS:Redirector-BOS [Trj] has been blocked, usually two in quick succession. Here is a screenshot (I used the ‘show last popup message’ to get the popup to appear) :


http://i.imgur.com/KOsCwlC.png

The requested logs are attached.

Thank you in advance.

malware removers are notified, since it is midnight here in europe now they may not reply before tomorrow

Hi,

First, we shall allow Zoek to do his magic. Next, we shall run FRST for re-check & better insight …


Zoek


Please download zoek.zip or zoek.rar by smeenk (
http://www.mcshield.net/personal/magna86/Images/Zoek_icon.png
) from here or here and save it to your Desktop.
Unpack the archive…

[*]Close any open browsers
[*] Temporarily disable your AntiVirus program. (If necessary)
If you are unsure how to do this please read this or this Instruction.

[*]Double click on zoek.exe to run the tool .
Please wait while the tool does not start…

[*]Copy the text present inside the code box below and paste it into the large window in the zoek tool:

Uninstall-List;
EmptyCLSID;
FFDefaults;
CHRDefaults;
AutoClean;

[*] Click on
http://www.mcshield.net/personal/magna86/Images/Run%20Script%20by%20zoek.png
button.
Please wait until a logreport will open (this can be after reboot)

[*]Save notepad to your Desktop and attach here zoek-results.log
Note: It will also create a log in the C:\ directory named “zoek-results.log


FRST


Please download Farbar Recovery Scan Tool (
http://www.mcshield.net/personal/magna86/Images/FRST_canned.png
) by Farbar and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

[*]Double-click to run it. When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
[*]The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

The requested files are attached.

Thank you.

Oh my God, what a extension collection on the Firefox browser. I do not want to check everything of that …

Start Firefox, click on Firefox button in upper-left corner, click on Add-ons
Under Plugins and Extensions check & remove everything you do not use it. Re-lieve your browser, give FF some air …

Thereafter, post me fresh FRST and Addition logreports bu re-runing FRST tool …

[*]Double-click to run it.
[*]Under Optional Scan ensure “Addition.txt” are ticked.
[*]Press Scan button.
[*]It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
[*]FRST shall also create another log (Addition.txt). Please attach it to your reply.

Ok, I’ve removed a number of add-ons from Firefox, and from Pale Moon, the browser that I am currently using. (It is a Firefox branch.) The new FRST and Addition logs are attached.

(My apologies for the delay in getting back to you, there was a power outage.)

Hi,

You have som leftovers from Kaspersky …

Download Kaspersky Uninstall Utility from one of links below:
http://www.askvg.com/ultimate-collection-of-uninstallers-removal-tools-for-all-popular-anti-virus-software/
http://singularlabs.com/uninstallers/security-software/

Run and allow the tool to remove all Kaspersky related files.
Restart your computer.


FRST’s FixList


1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system


Start
HKLM-x32\...\Run: [] - [x]
HKCU\...\Winlogon: [Shell] expstart.exe [925184 2013-08-04] () <==== ATTENTION 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - DefaultScope {F1DC048F-5E4A-4F3B-98AC-3EC6FCD104D7} URL = 
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} -  No File
End

2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It’s important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.


FRST’s Log and Search


[*]Re-run FRST and press the Scan button.
[*]It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.

Once again we shall use FRST for additional checks. Re-run FRST/FRST64 by double-clicking:

[*]Type expstart.exe into the Search: field in FRST then click the Search File(s) button.
[*]FRST will search your computer for files and when finished it will produce a log Search.txt in the same directory the tool is run.
[*]Please attach it to your reply.

Ok. I have attached the requested files.

Please download AdwCleaner by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.

[*]Click on the Scan button.
[*]After the scan has finished click on the Clean button.

Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.

[*]After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
[*]Post logfile will also be saved in the C:\AdwCleaner folder.

How are the things now?

I’ve attached the log file.

Also, I haven’t gotten any alert pop-ups in the last few hours, which I think is a good sign.

Ok, keep monitor your computer.

If you get any more pop-up, post here fresh FRST.txt logreprots.

Give me report tomorow …

I haven’t gotten any alert pop ups since Saturday, so I think it is gone.

Thank you very much for all your help. :smiley:

Cool. 8)

The following will implement some post-cleanup procedures:

=> Please download DelFix by Xplode to your Desktop.

Run the tool and check the following boxes below;
[i]
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Remove disinfection tools

http://www.mcshield.net/personal/magna86/Images/checkmark.png
Create registry backup

http://www.mcshield.net/personal/magna86/Images/checkmark.png
Purge System Restore [/i]
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:[b]DelFix.txt[/b])

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.