BleepingComputer.com: Redirecting problem solved!

Hello Everyone,

This is my first post on BleepingComputers... I hope I got it in the right spot.

Like many others here, I have been going crazy the past several days trying to get this redirecting problem fixed. I have tried everything and I mean everything I could think of. I read all the posts. In the past, I have always managed to find the solution here, but not this time. It's time to give a little back.

First off, here are the symptoms I experienced. I got the trojan that tells you, "Your hard drive is corrupted!" and all the desktop icons dissapeared, the C:\WINDOWS folder looked empty, and the programs list was empty as well (sorry I cannot remember the name of it). Based on what I read here on Bleeping, I used the RKill tool to shut it down, then good old malwarebytes to remove it, and an additional scan with superantispyware just to be sure, then the unhide program. Things were looking good until I tried a google search and any link I clicked on sent me to StopZilla. IE, FF, Chrome, all of them.

So I started trying all the tools I could think of, in safe mode and in normal mode, as administrator and as a different user. Here is a list of the tools I tried. GMer, MWB, SuperAntiSpyware, RKUnhooker, combofix, MGtools, tdskiller, Hitman pro, and Symantec. I tried to use the Eset online scanner but was redirected to StopZilla. I cleaned out the cache and temp files and reset the browsers to default. I ran the ATF cleaner and deleted everything. Nothing worked!

There were a couple clues... during boot it would say loading Windows (default), not Windows XP pro. The boot.ini tab was gone from msconfig. TDSkiller would not run even when renamed. The only clue I got from any of those tools was from Hitman pro, which detected a "bootkit" in the MBR. So, I used Hitman to "fix" the bootkit on one of the machines I was working on and it hosed it, bsod style, so I dont recommend that. On the other machine with the same problem I was a little more careful. After googling around a bit I decided to try to rebuild the MBR with the Windows Recovery Console. So I booted up to the install disk, got to the recovery console, used fixmbr, crossed my fingers and.........


Problem solved!


Everything is back to normal now. No more redirecting Yay!

Please be careful if you try to do this. Like I said Hitman pretty much hosed my other system, if fixmbr hoses yours, I'm sorry!

Good Luck!

Dagwood

This post has been edited by Dagwood333: 12 July 2011 - 06:12 PM

I am having the same problem with my laptop. I keep getting redirected and it is bugging the crap out of me. Just like dagwood, I had a spyware problem that said windows xp repair. I went to bleepingcomputers, used rkill, then malwarebytes and then adaware and the computer starte working again for a day or so and then I started getting the redirecting of searches,especially in google. I have ran adaware again and again, as well as malwarebytes but they find nothing. I have no idea what MBR is or FixMBR so I will stay away from that stuff for the time being. However, if anybody has any other ideas on how to get rid of this thing without getting to envolved, I would sure like to know. Look forward to hearing from someone out there who knows how to get rid of this monster malware I would love the help.

drhayesdc

Hey drhayesdc, Have you tried running Hitman Pro? Its free and simple to use and is the only tool that detected the bootkit I had. I do NOT suggest you let it try to fix the problem, it really messed up my windows 7 machine, but at least it told me what and where the problem was. If you are not familiar with using fixMBR perhaps one of the uber helpful moderators will chime in to help.

Good luck!