A virus and trojan?

Options
2456733

Comments

  • aaroncaz
    aaroncaz Posts: 5,242 Forumite
    First Anniversary
    Options
    # AdwCleaner v4.107 - Report created 16/01/2015 at 22:57:56
    # Updated 07/01/2015 by Xplode
    # Database : 2015-01-13.2 [Live]
    # Operating System : Windows 8.1 (64 bits)
    # Username : Aaroncaz - CAROLAARON
    # Running from : C:\Users\Aaroncaz\AppData\Local\Microsoft\Windows\INetCache\IE\ZKVFO2IF\adwcleaner_4.107.exe
    # Option : Clean
    ***** [ Services ] *****

    ***** [ Files / Folders ] *****
    Folder Deleted : C:\Users\Aaroncaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
    ***** [ Scheduled Tasks ] *****
    Task Deleted : Searchya
    ***** [ Shortcuts ] *****

    ***** [ Registry ] *****
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
    Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
    Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ams1.ib.adnxs.com
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\fra1.ib.adnxs.com
    ***** [ Browsers ] *****
    -\\ Internet Explorer v11.0.9600.17416

    -\\ Mozilla Firefox v34.0.5 (x86 en-GB)

    -\\ Google Chrome v39.0.2171.99
    [C:\Users\Aaroncaz\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
    *************************
    AdwCleaner[R0].txt - [1738 octets] - [16/01/2015 22:54:07]
    AdwCleaner[S0].txt - [1675 octets] - [16/01/2015 22:57:56]
    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1735 octets] ##########
  • aaroncaz
    aaroncaz Posts: 5,242 Forumite
    First Anniversary
    Options
    Its a netgear router
  • aaroncaz
    aaroncaz Posts: 5,242 Forumite
    First Anniversary
    Options
    AlecEiffel wrote: »
    If everything is affected inc a phone your router could be high jacked, sending all connections to dodgy addresses. You could try a simple reset via the push a biro into the reset button process, reconnect via the default settings on the bottom of the router, then reset admin pw and wireless key to new complex passwords.



    Not sure where the reset button is.
  • tavernman
    tavernman Posts: 575 Forumite
    Options
    Looking at the adwarecleaner log it looks like at least you have searchya, at least, on there look here http://malwaretips.com/blogs/searchya-removal/
  • aaroncaz
    aaroncaz Posts: 5,242 Forumite
    First Anniversary
    Options
    tavernman wrote: »
    Looking at the adwarecleaner log it looks like at least you have searchya, at least, on there look here http://malwaretips.com/blogs/searchya-removal/



    Have looked for them they are not in programs.
  • tavernman
    tavernman Posts: 575 Forumite
    Options
    aaroncaz wrote: »
    Have looked for them they are not in programs.
    You need to follow all the steps, eg for chrome and ie and firefox,(if you have them) and then do all the remaining steps.
    But first look at my next post please.....in a mo
  • tavernman
    tavernman Posts: 575 Forumite
    Options
    Lets do a quick check on your DNS first (or on we could do this on your other computer)
    Open up a cmd prompt and type the bits in red and then paste the results 
    C:\WINDOWS\system32>[COLOR=Red]nslookup www.microsoftstore.com[/COLOR]
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Non-authoritative answer:
Name:    e3591.a.akamaiedge.net
Address:  92.123.198.162
Aliases:  www.microsoftstore.com
          www.microsoftstore.com.edgekey.net


C:\WINDOWS\system32>[COLOR=Red]nslookup www.microsoftstore.co.uk[/COLOR]
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Non-authoritative answer:
Name:    msstore-redirector.wip.digitalrivercontent.net
Address:  81.21.148.233
Aliases:  www.microsoftstore.co.uk


C:\WINDOWS\system32>
  • aaroncaz
    aaroncaz Posts: 5,242 Forumite
    First Anniversary
    Options
    Microsoft Windows [Version 6.3.9600]
    (c) 2013 Microsoft Corporation. All rights reserved.
    C:\Users\Aaroncaz>nslookup www.microsoftstore.com
    Server: UnKnown
    Address: 192.168.1.1
    Non-authoritative answer:
    Name: e3591.a.akamaiedge.net
    Address: 23.74.126.162
    Aliases: www.microsoftstore.com
    www.microsoftstore.com.edgekey.net

    C:\Users\Aaroncaz>
  • aaroncaz
    aaroncaz Posts: 5,242 Forumite
    First Anniversary
    Options
    Microsoft Windows [Version 6.3.9600]
    (c) 2013 Microsoft Corporation. All rights reserved.
    C:\Users\Aaroncaz>nslookup www.microsoftstore/co.uk
    Server: UnKnown
    Address: 192.168.1.1
    Non-authoritative answer:
    Name: www.microsoftstore/co.uk
    Address: 81.200.64.50

    C:\Users\Aaroncaz>
  • tavernman
    tavernman Posts: 575 Forumite
    Options
    WAIT a sec we cross posted
This discussion has been closed.
Meet your Ambassadors

Categories

  • All Categories
  • 343.8K Banking & Borrowing
  • 250.3K Reduce Debt & Boost Income
  • 450K Spending & Discounts
  • 236K Work, Benefits & Business
  • 609.1K Mortgages, Homes & Bills
  • 173.4K Life & Family
  • 248.6K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 15.9K Discuss & Feedback
  • 15.1K Coronavirus Support Boards