BleepingComputer.com: Browser/search engine redirect virus - TDSS?

Hi,

I'm hoping someone can help me.

My PC (running Windows 7) was infected on new year's day. I began getting numerous delayed write failed and numerous hard disk failure messages, my desktop background disappeared and all my files and icons were hidden. McAfee picked up a virus, but it wouldn't let me remove it. In the end, I got a professional to look at it, and he thought he'd removed the virus (using Combofix and HijackThis, as far as I can see), but he discovered that all browsers (IE, Firefox, Chrome, Opera and Safari - I'm a web designer so have them all installed) were still infected and were redirecting to dodgy sites on start up. He thought he'd fixed it and returned the PC to me.

All seemed fine until a couple of days later when I used Google on IE and realised that, when I clicked on a link, it was momentarily redirecting to strange websites. This became more frequent, so that it was actually redirecting to these sites and now my browsers either won't start at all or start up and then Windows will error.

From what I've read, I think it might be a rootkit/TDSS virus. McAfee is not picking anything up, and I have tried using Malwarebytes, but it also didn't pick up anything either.

Can anyone help me or suggest a program that might be able to get rid of it?

Many thanks in advance.

Lucy

Download

TDSSkiller

Launch it Click on "Scan".Please post the LOG report

Download

http://public.avast.com/~gmerek/aswMBR.exe

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Good luck

This post has been edited by narenxp: 19 January 2012 - 03:54 PM

Thanks so much for responding.

I can't download the applications directly onto my PC, as I can't use the browsers, but I have downloaded it on to a USB on another computer and transferred the files that way.

However, when I try to run TDSSkiller, I do get a Windows 'Run as administrator' prompt but when I choose yes, it does not load. The green timer circle goes round the cursor as if it's thinking about it, but nothing appears. It is almost as if it the virus is blocking it.

Does this require a program like Rkill to stop the malicious processes and allow the antivirus to work?

I just wanted to check before I take any further action.

Lucy

Before i could say another way to bypass tdsskiller, i need your aswMBR log

Please skip tdsskiller and follow the next instruction

Good luck

This post has been edited by narenxp: 20 January 2012 - 11:39 PM

Hi Naren,

It's not letting me run Avast either. It seems to think about it, but the programme never loads.

What should I do next?

Note: I Have applied Windows security updates and can now start up browsers, though the search engine redirect problem still persists. I also ran McAfee again, and it found one Trojan which it won't let me delete. It's called W32/Mariofev!mem (Trojan) and it's in c:\\Windows|system32\services.exe - don't know if that info helps!

Thanks,

Lucy

You may have infected MBR

At this stage it is safe to

read the preparation guide

http://www.bleepingcomputer.com/forums/topic34773.html

and create a topic here

http://www.bleepingcomputer.com/forums/forum22.html

Good luck