Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

greatfeedmill.com Browser and System Hijack, Malwarebytes and HiJackThis don't help :(


  • This topic is locked This topic is locked
2 replies to this topic

#1 luizgot

luizgot

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:11:23 PM

Posted 22 October 2009 - 03:15 PM

Hi,

I had to get MalwareBytes installed on a flash drive on another computer because the virus stopped MalwareBytes from working or installing.
Ran MBytes.
Deleted everything it found, but the virus is still present in that I see rundll32.exe running in Taskmanager which I CANNOT terminate, and in that every link is redirected to greatfeedmill.com or other website (usually search and health related).

HiJackThis found these 4 (FOUR) files. I deleted them, but when I scan again, they pop up again. Don't know what to do. Please help! I ALSO cannot boot in Safe Mode, it automatically reboots after a few seconds when I try to do it.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:04:19 PM, on 10/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\windows\system32\rundll32.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O4 - HKLM\..\Run: [calc] rundll32.exe C:\windows\system32\calc.dll,_IWMPEvents@0
O4 - HKCU\..\Run: [calc] rundll32.exe C:\DOCUME~1\ADMINI~1\ntuser.dll,_IWMPEvents@0
O4 - HKUS\S-1-5-18\..\Run: [calc] rundll32.exe C:\windows\system32\config\SYSTEM~1\ntuser.dll,_IWMPEvents@0 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [calc] rundll32.exe C:\windows\system32\config\SYSTEM~1\ntuser.dll,_IWMPEvents@0 (User 'Default user')

--
End of file - 1127 bytes

Edited by luizgot, 22 October 2009 - 03:16 PM.


BC AdBot (Login to Remove)

 


#2 luizgot

luizgot
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:11:23 PM

Posted 24 October 2009 - 02:45 AM

I FIXED IT!

Just download and run Combofix, it will automatically scan and delete the problem-causing files.

If your browser redirects to toseka.com, greatfeedmill, etc, and some health-related websites, then try that.

#3 Guest_The weatherman_*

Guest_The weatherman_*

  • Guests
  • OFFLINE
  •  

Posted 25 October 2009 - 03:28 AM

Thanks for letting us know luizgot. :(

ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users