Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

redirected ie browser overclick.cn


  • Please log in to reply
8 replies to this topic

#1 kapers

kapers

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:26 AM

Posted 30 June 2009 - 09:09 PM

This is the 1st time I've ever posted on a forum

I had the same problem as many here. Redirected from google using IE. Firefox was ok. Malwarebytes anti-malware found nothing, Adaware found 2 trojans WIN32TROJAN AGENT. Spybot found nothing.
Superantispyware found Rootkit.Cloaked/Service-GEN.

After the rootkit was deleted I seem to have IE back under my control.
How can I be sure this is REALLY gone?

On a Dell HP Pavilion505n, XP service pack 3.

BC AdBot (Login to Remove)

 


#2 rigel

rigel

    FD-BC


  • BC Advisor
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:11:26 AM

Posted 01 July 2009 - 06:46 AM

Please try Rootrepeal

Install RootRepeal

Click here - Official Rootrepeal Site, and download RootRepeal.zip. I recommend downloading to your desktop.
Fatdcuk at Malwarebytes posted a comprehensive tutorial - Self Help guide can be found here if needed.: Malwarebytes Removal and Self Help Guides.
Click RootRepeal.exe to open the scanner.
Click the Report tab, now click on Scan. A Window will open asking what to include in the scan.
Check the following items:
Drivers
Files
Processes
SSDT
Stealth Objects
Hidden Services

Click OK
Scan your C Drive (Or your current system drive) and click OK. The scan will begin. This my take a moment, so please be patient. When the scan completes, click Save Report.
Name the log RootRepeal.txt and save it to your Documents folder - (Default folder).
Paste the log into your next reply.

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#3 kapers

kapers
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:26 AM

Posted 01 July 2009 - 12:12 PM

I can't open RootRepeal. Locks up. Message says low virtual memory. I tried to free up some memory, but it still locks up.

Malwarebytes' Anti-Malware 1.38
Database version: 2357
Windows 5.1.2600 Service Pack 3

6/30/2009 9:21:18 PM
mbam-log-2009-06-30 (21-21-09).txt

Scan type: Quick Scan
Objects scanned: 98044
Time elapsed: 13 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\hjgruixptayoxk.dll (Trojan.TDSS) -> No action taken.
c:\WINDOWS\system32\hjgruiysfrobhd.dll (Trojan.TDSS) -> No action taken.

Edit - HJT log removed ~ those cannot be processed in this forum.

Edited by rigel, 01 July 2009 - 12:48 PM.


#4 rigel

rigel

    FD-BC


  • BC Advisor
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:11:26 AM

Posted 01 July 2009 - 12:46 PM

try this...

Run RootRepeal
Click Settings - Options
Set the Disk Access Level slider in the general tab to High

Try scanning now with the settings as described above.

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#5 kapers

kapers
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:26 AM

Posted 01 July 2009 - 02:56 PM

RootRepeal locks up initializing.
I tried to get a screen print but I have to do a hard reboot to get out of it.

#6 rigel

rigel

    FD-BC


  • BC Advisor
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:11:26 AM

Posted 01 July 2009 - 04:24 PM

One last thing to try...

Boot into safe mode and try running RootRepeal. If that does not work, we will need to move to the HJT forum. TDSS is very hard to remove.

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#7 kapers

kapers
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:26 AM

Posted 01 July 2009 - 05:38 PM

Still locks up initializing rootrepeal in safe mode. Same low virtual memory error message.

#8 kapers

kapers
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:26 AM

Posted 01 July 2009 - 05:48 PM

You'll have to tell me what to do next.

#9 rigel

rigel

    FD-BC


  • BC Advisor
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:11:26 AM

Posted 01 July 2009 - 05:59 PM

You will need to post in the HJT forum...

Please follow this guide from step (6). Post a HJT log to the HJT forum and a Team member will be along to help you as soon as possible. You may wish to post a link back to this topic to see what was discussed thus far.

If you need any help with the guide, please let me know.

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users