"dt.tongjin" virus affecting my gooletoolbar

  1. footballrules

    footballrules New Member Bronze Member

    Joined:
    May 17, 2012
    Posts:
    4
    Likes Received:
    0
    Local time:
    14:33
    My System
    Loading...

    I have firefox 3.6.28. I use this old version so I could install googletoolbar. My googletoolbar is version 7.1.20110512W.

    Today my googletoolbar is acting weird.

    Everytime I search something using it, it directs me to google main page (http://www.google.com/search?hl=&q=testing&sourceid=navclient-ff&ie=UTF-8 ... the "testing" word is the search word I was using) instead of displaying the search result (and when I use the google search book in that page, nothing happens). During the search, the status bar showed: "www.assoc-amazon.com" and "dt.tongjin.linezing.com"

    However I could search using google if I go to google page by typing www.google.com in the firefox address bar.


    I notice that someone had a problem here with the "dt.tongjin" link and there's a thread about it:

    http://www.pchelpforum.com/xf/threads/immediate-help-needed.48962/

    I wonder if I could use the solution in that thread.


    I attach my ComboFix log


    Please, I need help. I use googletoolbar A LOT. I need that toolbar. Having it non-functional is killing me!

    Attached Files:

  2. Belahzur

    Belahzur Banned

    Joined:
    May 19, 2010
    Posts:
    2,279
    Likes Received:
    102
    Local time:
    22:33
    My System
    Loading...

    Hello.

    ComboFix should not be run without the guidance of a helper!

    It is a powerful tool and is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private or regular use.

    See ComboFix's Disclaimer

    Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

    But since you already have Combofix, we can use it to remove a slight infection.
    1. Close any open browsers.
    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    3. Open notepad and copy/paste the text in the quotebox below into it:
      Code:
      SRPeek::
      c:\windows\System32\TapiUnattend.exe
       
      DDS::
      uStart Page = hxxp://hao.kuaibo.com/?qi20111003
      
    4. Save this as CFScript.txt, in the same location as ComboFix.exe

      [​IMG]
    5. Referring to the picture above, drag CFScript into ComboFix.exe
    6. When finished, it shall produce a log for you at C:\ComboFix.txt
    7. Please post the contents of the log in your next reply.
  3. footballrules

    footballrules New Member Bronze Member

    Joined:
    May 17, 2012
    Posts:
    4
    Likes Received:
    0
    Local time:
    14:33
    My System
    Loading...

    My bad, my bad... for running ComboFix prior to instruction to run it. But I did read the "how-to-us" ComboFix and did as it says.

    Thank you for the instruction to fix my problem, but you know what... today when I started my laptop there has been no dt.tongjin interference when I seaqrch using my google toolbar!!

    The problem seems to be gone for the time being.


    But I wil be saving this thread and follow your instruction in case the problem resurfaces.



    I really appreciate the effort. If I have US credit card and US dollars I would happily contribute. Unfortunately my card and currency is not American :). I'll send a prayer tho :).
  4. Belahzur

    Belahzur Banned

    Joined:
    May 19, 2010
    Posts:
    2,279
    Likes Received:
    102
    Local time:
    22:33
    My System
    Loading...

    Thanks, okay I'll leave this topic open in case it comes back.
  5. footballrules

    footballrules New Member Bronze Member

    Joined:
    May 17, 2012
    Posts:
    4
    Likes Received:
    0
    Local time:
    14:33
    My System
    Loading...


    Today, the problem resurfaces.


    I ran ComboFix and have uploaded the new log.


    Please help :).

    Attached Files:

  6. Belahzur

    Belahzur Banned

    Joined:
    May 19, 2010
    Posts:
    2,279
    Likes Received:
    102
    Local time:
    22:33
    My System
    Loading...

    Hello.
    Everything looks fine here, but there are some characters I can't make out or translate to English so I'm not sure what it says.

    How is the machine running now? any changes?
  7. footballrules

    footballrules New Member Bronze Member

    Joined:
    May 17, 2012
    Posts:
    4
    Likes Received:
    0
    Local time:
    14:33
    My System
    Loading...

    It's still the same. In fact it also infected the firefox built-in search box, the google search one.

    I take it that this virus activates when I use my browser (via google toolabr or via firefox built-in google search box).

    About the Chinese character. Unfortunately I don't understand them either. The previous owner speaks Chinese, I don't.
  8. Belahzur

    Belahzur Banned

    Joined:
    May 19, 2010
    Posts:
    2,279
    Likes Received:
    102
    Local time:
    22:33
    My System
    Loading...

    Run this please, lets see if I can remove it with this.

    Download OTL by OldTimer to your Desktop.
    • Close all windows and double click OTL.exe
    • Click Run Scan and let the program run uninterrupted
    • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
    • You may need to use two posts to get it all.
Similar Threads
Forum Title Date
System Security Possible Virus Monday at 11:32
System Security Suspected Virus or Malware even though all checks come up clean? Monday at 03:16
System Security need a anti virus Apr 8, 2014
System Security I can't install Anti-Virus!!! Apr 7, 2014