We'd like to remind Forumites to please avoid political debate on the Forum. This is to keep it a safe and useful space for MoneySaving discussions. Threads that are - or become - political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.

A virus and trojan?

2456733

Comments

  • aaroncaz
    aaroncaz Posts: 5,242 Forumite
    Part of the Furniture
    # AdwCleaner v4.107 - Report created 16/01/2015 at 22:57:56
    # Updated 07/01/2015 by Xplode
    # Database : 2015-01-13.2 [Live]
    # Operating System : Windows 8.1 (64 bits)
    # Username : Aaroncaz - CAROLAARON
    # Running from : C:\Users\Aaroncaz\AppData\Local\Microsoft\Windows\INetCache\IE\ZKVFO2IF\adwcleaner_4.107.exe
    # Option : Clean
    ***** [ Services ] *****

    ***** [ Files / Folders ] *****
    Folder Deleted : C:\Users\Aaroncaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
    ***** [ Scheduled Tasks ] *****
    Task Deleted : Searchya
    ***** [ Shortcuts ] *****

    ***** [ Registry ] *****
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
    Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
    Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ams1.ib.adnxs.com
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\fra1.ib.adnxs.com
    ***** [ Browsers ] *****
    -\\ Internet Explorer v11.0.9600.17416

    -\\ Mozilla Firefox v34.0.5 (x86 en-GB)

    -\\ Google Chrome v39.0.2171.99
    [C:\Users\Aaroncaz\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
    *************************
    AdwCleaner[R0].txt - [1738 octets] - [16/01/2015 22:54:07]
    AdwCleaner[S0].txt - [1675 octets] - [16/01/2015 22:57:56]
    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1735 octets] ##########
  • aaroncaz
    aaroncaz Posts: 5,242 Forumite
    Part of the Furniture
    Its a netgear router
  • aaroncaz
    aaroncaz Posts: 5,242 Forumite
    Part of the Furniture
    AlecEiffel wrote: »
    If everything is affected inc a phone your router could be high jacked, sending all connections to dodgy addresses. You could try a simple reset via the push a biro into the reset button process, reconnect via the default settings on the bottom of the router, then reset admin pw and wireless key to new complex passwords.



    Not sure where the reset button is.
  • tavernman
    tavernman Posts: 575 Forumite
    Looking at the adwarecleaner log it looks like at least you have searchya, at least, on there look here http://malwaretips.com/blogs/searchya-removal/
  • aaroncaz
    aaroncaz Posts: 5,242 Forumite
    Part of the Furniture
    tavernman wrote: »
    Looking at the adwarecleaner log it looks like at least you have searchya, at least, on there look here http://malwaretips.com/blogs/searchya-removal/



    Have looked for them they are not in programs.
  • tavernman
    tavernman Posts: 575 Forumite
    aaroncaz wrote: »
    Have looked for them they are not in programs.
    You need to follow all the steps, eg for chrome and ie and firefox,(if you have them) and then do all the remaining steps.
    But first look at my next post please.....in a mo
  • tavernman
    tavernman Posts: 575 Forumite
    Lets do a quick check on your DNS first (or on we could do this on your other computer)
    Open up a cmd prompt and type the bits in red and then paste the results 
    C:\WINDOWS\system32>[COLOR=Red]nslookup www.microsoftstore.com[/COLOR]
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Non-authoritative answer:
Name:    e3591.a.akamaiedge.net
Address:  92.123.198.162
Aliases:  www.microsoftstore.com
          www.microsoftstore.com.edgekey.net


C:\WINDOWS\system32>[COLOR=Red]nslookup www.microsoftstore.co.uk[/COLOR]
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Non-authoritative answer:
Name:    msstore-redirector.wip.digitalrivercontent.net
Address:  81.21.148.233
Aliases:  www.microsoftstore.co.uk


C:\WINDOWS\system32>
  • aaroncaz
    aaroncaz Posts: 5,242 Forumite
    Part of the Furniture
    Microsoft Windows [Version 6.3.9600]
    (c) 2013 Microsoft Corporation. All rights reserved.
    C:\Users\Aaroncaz>nslookup www.microsoftstore.com
    Server: UnKnown
    Address: 192.168.1.1
    Non-authoritative answer:
    Name: e3591.a.akamaiedge.net
    Address: 23.74.126.162
    Aliases: www.microsoftstore.com
    www.microsoftstore.com.edgekey.net

    C:\Users\Aaroncaz>
  • aaroncaz
    aaroncaz Posts: 5,242 Forumite
    Part of the Furniture
    Microsoft Windows [Version 6.3.9600]
    (c) 2013 Microsoft Corporation. All rights reserved.
    C:\Users\Aaroncaz>nslookup www.microsoftstore/co.uk
    Server: UnKnown
    Address: 192.168.1.1
    Non-authoritative answer:
    Name: www.microsoftstore/co.uk
    Address: 81.200.64.50

    C:\Users\Aaroncaz>
  • tavernman
    tavernman Posts: 575 Forumite
    WAIT a sec we cross posted
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 348.9K Banking & Borrowing
  • 252.4K Reduce Debt & Boost Income
  • 452.7K Spending & Discounts
  • 241.8K Work, Benefits & Business
  • 618.4K Mortgages, Homes & Bills
  • 176K Life & Family
  • 254.9K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.1K Discuss & Feedback
  • 15.1K Coronavirus Support Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.
Update Your Picture