BleepingComputer.com: IE Popups and Google redirect

Jump to content

Forum Guidelines

Posted Image Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


Posted Image Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.


Posted Image DO NOT RUN ComboFix unless requested to.


Posted Image Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


Posted Image When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Posted Image Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  • 2 Pages +
  • 1
  • 2
  • You cannot start a new topic
  • This topic is locked

IE Popups and Google redirect Tried Malwarebytes, didn't work. Need help!

#16 User is offline   RPMcMurphy 

  • Bleeping *^#@%~
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 2,398
  • Joined: 16-May 10
  • Gender:Male

Posted 07 February 2012 - 02:27 PM

jillchristine:

We are making progress, but you may have a rootkit onboard and that's what I'm working on now. Please do this:

Posted Image Download TDSSKiller.exe to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, select Skip by changing the Cure dropdown in the upper right.
  • Once complete, a log will be produced at the root drive which is typically C:\ It will look something like this: C:\TDSSKiller.2.6.10.0_date_time_log.txt
  • Post that log, please.

Posted Image Please download MiniToolBox and run it.

Check the following items:
  • Flush DNS
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration

Click Go and copy/paste the log (Result.txt) into your next post.

Please include the following in your next post:
    TDSSKiller log
  • MiniToolBox log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member

The help you receive here is free. If you wish to show your appreciation, then you may Posted Image

#17 User is offline   jillchristine 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 24
  • Joined: 29-January 12

Posted 07 February 2012 - 07:21 PM

Thanks for the update!

TDS log and Mini Tool Box log attached.

Thanks!

Attached File(s)


#18 User is offline   RPMcMurphy 

  • Bleeping *^#@%~
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 2,398
  • Joined: 16-May 10
  • Gender:Male

Posted 07 February 2012 - 10:37 PM

jillchristine:

That confirmed the presence of a rootkit - please do this now:

Posted Image Download TDSSKiller.exe to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • This time, allow it to Cure the malicious objects.
  • Once complete, a log will be produced at the root drive which is typically C:\ It will look something like this: C:\TDSSKiller.2.6.10.0_date_time_log.txt
  • Attach that log, please.

Please include the following in your next post:
    TDSSKiller log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member

The help you receive here is free. If you wish to show your appreciation, then you may Posted Image

#19 User is offline   jillchristine 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 24
  • Joined: 29-January 12

Posted 07 February 2012 - 11:23 PM

TDSSKiller log attached.

Thanks

Attached File(s)


#20 User is offline   RPMcMurphy 

  • Bleeping *^#@%~
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 2,398
  • Joined: 16-May 10
  • Gender:Male

Posted 08 February 2012 - 08:42 AM

Did that clear up the redirections? Please run another ESET scan for me:

Posted Image Please go to here to run an online scan with ESET.
    • Turn off the real time scanner of any existing antivirus program while performing the online scan
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activex control to install
    • Click Start
    • Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
    • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology

  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.

Please include the following in your next post:
    ESET log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member

The help you receive here is free. If you wish to show your appreciation, then you may Posted Image

#21 User is offline   jillchristine 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 24
  • Joined: 29-January 12

Posted 10 February 2012 - 10:46 PM

Attached is the ESET log. Sorry for the delay, I was away from my computer for a few days. The redirections are cleared!

Thanks!

Attached File(s)


#22 User is offline   RPMcMurphy 

  • Bleeping *^#@%~
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 2,398
  • Joined: 16-May 10
  • Gender:Male

Posted 10 February 2012 - 11:37 PM

Hello,

Please try this again now. If ComboFix asks to update, please allow it to:

Posted Image Open Notepad Go to Start> All Programs> Accessories> Notepad ( this will only work with Notepad ) and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above File::

Folder::
c:\users\Jill\AppData\Roaming\Hega
ClearJavaCache::


Save this as CFScript to your desktop.

Then disable your security programs and drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.
Threads are closed after 5 days of inactivity.

ASAP & UNITE Member

The help you receive here is free. If you wish to show your appreciation, then you may Posted Image

#23 User is offline   jillchristine 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 24
  • Joined: 29-January 12

Posted 11 February 2012 - 07:18 PM

Combo Fix log is attached. My computer is running great!

Thanks

Attached File(s)


#24 User is offline   RPMcMurphy 

  • Bleeping *^#@%~
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 2,398
  • Joined: 16-May 10
  • Gender:Male

Posted 11 February 2012 - 11:52 PM

jillchristine:

Your logs look good! All I have left for you is another update and some very important cleanup:

Posted Image Your Adobe reader needs to be updated. Please visit Adobe's site and grab the newest version. Be sure to watch for and uncheck any boxes offering to install other software.

Posted Image Uninstall ComboFix
  • Press the Windows key + R on your keyboard or click Start -> Run. Copy and past the following text into the run box that opens and press OK:
    Combofix /Uninstall

Posted Image

Posted Image Delete the following tools along with any other logs you saved from our work:
  • DDS
  • TDSSKiller

Posted Image Press the Windows key + R on your keyboard or click Start -> Run. Copy and past the following text into the run box that opens and press OK:

cmd /c rd "C:\TDSSKiller_Quarantine"

Posted Image Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean

Posted Image Finally, I'd like to make a couple of suggestions to help you stay clean in the future:
  • Restart any anti-malware programs that we disabled while we were cleaning your machine.
  • Keep your antivirus application and MBAM current and updated. Scan with them at least weekly.
  • Please read this post for some helpful information.

Please post once more so I know you are all set and I can mark this thread resolved. Good luck and stay safe!
Threads are closed after 5 days of inactivity.

ASAP & UNITE Member

The help you receive here is free. If you wish to show your appreciation, then you may Posted Image

#25 User is offline   jillchristine 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 24
  • Joined: 29-January 12

Posted 12 February 2012 - 10:55 PM

Everything looks great. My computer is running so much smoother. Thank you so much for all your time and effort! I will definitely be donating to BC for this one!

Thanks again.

#26 User is offline   RPMcMurphy 

  • Bleeping *^#@%~
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 2,398
  • Joined: 16-May 10
  • Gender:Male

Posted 13 February 2012 - 11:13 PM

You're welcome jillchristine. Take care.
Threads are closed after 5 days of inactivity.

ASAP & UNITE Member

The help you receive here is free. If you wish to show your appreciation, then you may Posted Image

#27 User is offline   RPMcMurphy 

  • Bleeping *^#@%~
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 2,398
  • Joined: 16-May 10
  • Gender:Male

Posted 14 February 2012 - 05:34 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Threads are closed after 5 days of inactivity.

ASAP & UNITE Member

The help you receive here is free. If you wish to show your appreciation, then you may Posted Image

Share this topic:


  • 2 Pages +
  • 1
  • 2
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users