Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Keeps comming back


  • Please log in to reply
3 replies to this topic

#1 Jasin2069

Jasin2069

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:11 AM

Posted 22 January 2009 - 07:27 AM

Well I have the same IE redirect other people on here have been getting, I firsted used MalwareBytes, It found the Vundo Trojon and removed it, however I was still having the redirect. I then used SuperAntiSpyware and it found the SENEKA rootkit. Wiped it, restarted, scanned, SuperAntiSpyware said I was good, IE was working normally again. Next morning, same problem, did it again, was fine. back again today and same problem. Don't know how its getting back on, did a full complete scan after it removed it and there was nothing. Any suggestions?



SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/22/2009 at 07:10 AM

Application Version : 4.25.1012

Core Rules Database Version : 3721
Trace Rules Database Version: 1693

Scan type : Quick Scan
Total Scan Time : 00:11:53

Memory items scanned : 585
Memory threats detected : 0
Registry items scanned : 569
Registry threats detected : 0
File items scanned : 7809
File threats detected : 2

Rootkit.SENEKA-Trace
C:\WINNT\SYSTEM32\SENEKAQGWYRGOP.DLL
C:\WINNT\SYSTEM32\SENEKASFYNALTP.DLL

BC AdBot (Login to Remove)

 


#2 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:01:11 AM

Posted 22 January 2009 - 03:03 PM

Try an online scan with F-secure:
http://support.f-secure.com/enu/home/ols.shtml
Then follow it up with SD fix if you use XP
-----------------------------------------

http://www.bleepingcomputer.com/forums/t/131299/how-to-use-sdfix/


Please print out and follow these instructions: "How to use SDFix". <- for Windows 2000/XP ONLY.
When using this tool, you must use the Administrator's account or an account with "Administrative rights"
  • Disconnect from the Internet and temporarily disable your anti-virus, script blocking and any real time protection programs before performing a scan.
  • Please be patient as the scan may take up to 20 minutes to complete.
  • When the process is complete, the SDFix report log will open in Notepad and automatically be saved in the SDFix folder as Report.txt.
  • If SDFix is unable to run after rebooting from Safe Mode, run SDFix in either Mode, and type F, then press Enter for it to finish the final stage and produce the report.
  • The SDFix report log (Report.txt) will open in Notepad and automatically be saved in the SDFix folder.
  • Please copy and paste the contents of Report.txt in your next reply.
  • Be sure to re-enable you anti-virus and and other security programs before connecting to the Internet.

Edited by garmanma, 22 January 2009 - 03:12 PM.

Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#3 Jasin2069

Jasin2069
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:11 AM

Posted 23 January 2009 - 09:38 AM

Online Scanner found W32/Zlob, Trojan-Downloader.Win32.Zlob, Zlob, Win32.Trojandownloader.Zlob
http://www.f-secure.com/v-descs/zlob.shtml

I ran what it said to do and ran superantispyware to clean up the rootkit. I didn't have time to do the SDFix, but will see if it works with this, if not I will redo everything plus SDFix, Thank you

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:11 AM

Posted 24 January 2009 - 10:51 AM

Hello, First I think it wise to kill the Zlob for sure. then we will scann for rootkits. Try to keep this PC off the internet as much as possible while we clean it.
Run options 1 and 2 of SmitFraudFix by S!Ri. Post back the report it makes.
The report can be found at the root of the system drive, usually at C:\rapport.txt .

Next to ruun a RootKit scan.
Rootkit scanning

Before performing a Anti rootkit scan it is recommended to do the following to ensure more accurate results and avoid common issues that may cause false detections.

Disconnect from the Internet or physically unplug you Internet cable connection.
Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
Temporarily disable your anti-virus and real-time anti-spyware protection.
After starting the scan, do not use the computer until the scan has completed.
When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.

Please navigate to the download page of Avira AntiRootkit and click on Download to save it to your Destop.
  • You should now find a file called: antivir_rootkit.zip on your Desktop.
  • Extract the file to your Desktop (you may then delete the zip file).
  • You should now have a folder with Setup.exe and some other files within it on your Desktop.
  • Double-click Setup.exe.
  • Click Next.
  • Highlight the radio button to acceppt the license agreement and then click Next.
  • Then click Next and Install to finalise the installation process.
  • Click Finish (you may now also delete the folder with the extracted files from the zip archive)
You successfully installed Avira AntiRootkit!
  • Please now navigate to Start > All Programs > Avira RootKit Detection. Then select: Avira RootKit Detection
  • Click OK when a message window pops up
  • Click Start scan and let it run
  • Click View report and copy the entire contents into your next reply.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users