trojan.happili

[atombom360]

I am still getting redirected to different webpages after seaching on google before and after the Malware bites scans listed below.

Yesterday Norton pops up with some DLL file and it was causing a problem. Norton apparently deletes it and today this popped up.

There is a problem starting
C:\Users\Adam\AppData\Local\CRE/CrashDumps\dmwjuxb.dll

The Specified module could not be found



Wish I stumbled across this forum sooner I know I will be back.

1st Scan


Malwarebytes Anti-Malware (Trial) 1.65.0.1400
Malwarebytes : Free anti-malware download

Database version: v2012.09.25.02

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Adam :: ADAM-PC [administrator]

Protection: Enabled

9/25/2012 1:02:03 AM
mbam-log-2012-09-25 (01-02-03).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 200594
Time elapsed: 1 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Adam\AppData\Local\Temp\0.24464547194445685 (Trojan.Happili) -> Quarantined and deleted successfully.

(end)

2nd Scan

Malwarebytes Anti-Malware (Trial) 1.65.0.1400
Malwarebytes : Free anti-malware download

Database version: v2012.09.25.02

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Adam :: ADAM-PC [administrator]

Protection: Enabled

9/25/2012 1:07:03 AM
mbam-log-2012-09-25 (01-07-03).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 200268
Time elapsed: 1 minute(s), 45 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Now I ran a 3rd full scan and a new trojan popped up.

Malwarebytes Anti-Malware (Trial) 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.25.02

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Adam :: ADAM-PC [administrator]

Protection: Enabled

9/25/2012 1:19:57 AM
mbam-log-2012-09-25 (01-19-57).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 380950
Time elapsed: 25 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Adam\AppData\Local\Xenocode\Sandbox\Horizon\2.3.3.2\2012.08.11T23.35\Native\STUBEXE\8.0.1112\@PROGRAMFILES@\SFT\GuardedID\LicMgrEP.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)


How bad is this trojan and should I still be concerned? What causes pages redirecting?

 

[Golden]

Hi,

Please do the following:

1. Copy & paste the following bold text into a new instance of NotePad:

@Echo on
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0

2. Save this file as as flush.bat on your desktop.
3. Right-click on this file, and choose to Run as administrator. The computer will automatically reboot when the script has run.

Once rebooted, do the following:

4. Download TFC to your desktop from here.
5. Right-click on TFC.exe, and choose to Run as administrator.
6. Click the Start button to delete all temporary files - do not interrupt the process.
7. Once completed, it might automatically reboot your system - if not, reboot your system anyway.

Use your system as normal and report back any further issues.

Scan options disabled: P2P

Be careful with Peer-2-Peer networking /torrents.

Regards,
Golden

 

[atombom360]

I do everything you said twice to be sure and my webpages still continue to get redirected.

 

[Golden]

Please copy & paste the contents of your HOSTS file here.

 

[atombom360]

Needed a little more info so I google this site How to: Check and repair the Hosts file

Went to system 32 and the Hosts file is a sam file type? Named lmhosts.sam

 

[Jacee]

Are you using Firefox or Google as you browser? If so, uninstall all add-on's, then uninstall either FF or Google.

Next: download TFC by Old Timer TFC - Temp File Cleaner by OldTimer - Geeks to Go Forums and save it to your desktop.
Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

Now: Follow Golden's advice, above and let your computer reboot once again.

We can see if the re-direct is gone if you run an online scan with ESET:

1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
   ESET OnlineScan
2. Click the
   
   button.
3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
   1. Click on
      
      to download the ESET Smart Installer. Save it to your desktop.
   2. Double click on the
      
      icon on your desktop.
4. Check
   
5. Click the
   
   button.
6. Accept any security warnings from your browser.
7. Check
   
8. Push the Start button.
9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
10. When the scan completes, push
    
11. Push
    
    , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
12. Push the
    
    button.
13. Push