Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows XP Pro Infected - Antivirus Websites Redirect to localhost & SDFix Stuck


  • Please log in to reply
1 reply to this topic

#1 WildFoxMedia

WildFoxMedia

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 05 January 2009 - 04:09 PM

I left work on Friday with a computer that was working fine. Not a single problem with it...

I came in this morning to find that apparently my computer had not completely shutdown. I close the offending programs that were keeping it stuck on including Google Installer/Updater.

I reboot and as im going to a few normal sites, im getting oddly redirected to random pages.

I check F-Secure (Thats the virus scanner we use at work) and it doesnt notify me of an oddities. After that, I try to go to TrendMicro's Housecall only to get redirected to my local web server (I run a local PHP/MySQL stack). I try a number of other sites including BitDefender and even the site for Spybot S&D all to have them redirect to localhost. They arent redirecting in a manner that they change the URL in my address bar, but rather, its like a host entry that overrides it on the DNS level.

I also noticed that it didnt let MBAM run...

After a while, I started searching around for this specific problem, I found a couple threads, one of which pointed out that in some cases, people have a Non Plug-and-Play device installed called TDSSserv.sys that installs as a service and catches app/internet requests and filters them as it wants. They said, a resolution to allow you to get to antivirus sites and run anti-virus software was to Disable TDSSserv.sys from Device Manager. I did that but it didnt seem to fix anything immediately. However, I didnt reboot after disabling it, maybe I need to reboot for it to take effect?

They also mentioned that I could get MBAM to run by renaming the executable, which I did and it ran - My boss had me abort that scan and use SDFix from Safe-Mode. Im currently running SDFix, but it has been stuck on 50% Checked for at least an hour or more. The cursor is still blinking and I can move the mouse, but its just not going anywhere.

Has anyone had an issue like this where SDFix simply gets stuck at 50%?

Should I just kill SDFix, reboot and run MBAM and post the results here?

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,493 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:21 PM

Posted 05 January 2009 - 04:45 PM

Yes restart it. Also post the log when it completes. Posting the MBam log cold prove helpful also.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users