Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirect problem


  • Please log in to reply
5 replies to this topic

#1 HarleyLady

HarleyLady

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:18 PM

Posted 21 December 2009 - 11:39 AM

A few days ago I was on google looking for a place to buy some stuff for my truck, everytime I clicked a link it redirected me to a page full of ads or an odd wesite... I also noticed that when I was on myspace all the ads on there were for porn sites, which is not typical. I haven't downloaded or clicked on any pop ups so I have no idea where the virus/malware came from. I have tried SuperAntiSpyware, Adaware, Avast Antivirus, CCcleaner, Malwarebytes and Trojan Remover...none of these can find a virus or malware in my computer. The computer will not run in safemode at all and system restore doesn't do anything. I also noticed that it won't defrag or run chkdsk no matter what I try to do.
I am using an HP laptop running XP Media Center Edition Service Pack 3. I do not have/have access to a Windows Install disc, or a Boot CD.

Any help would be greatly appreciated.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:18 AM

Posted 21 December 2009 - 11:45 AM

Hello and welcome...
ome rootkits can terminate your security tools by changing the permissions on targeted programs so that they cannot run or complete scans. Further investigation is required to determine if this is the case with the issues you have described.

Please download Win32kDiag.exe by AD and save it to your desktop.
alternate download 1
alternate download 2
  • This tool will create a diagnostic report for me to review.
  • Double-click on Win32kDiag.exe to run and let it finish.
  • When it states Finished! Press any key to exit..., press any key on your keyboard to close the program.
  • A file called Win32kDiag.txt should be created on your Desktop.
  • Open that file in Notepad, then copy and paste the entire contents starting with Running from... to Finished!) in your next reply.
Then go to Posted Image > Run..., and copy and paste this command into the open box: cmd
press OK.
At the command prompt C:\>, copy and paste the following command and press Enter:
DIR /a/s %windir%\scecli.dll %windir%\netlogon.dll %windir%\eventlog.dll >Log.txt & START notepad Log.txt
A file called log.txt should be created on your Desktop and open in Notepad.
Copy and paste the contents of that file in your next reply.

-- Vista users can refer to these instructions to open a command prompt.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 HarleyLady

HarleyLady
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:18 PM

Posted 21 December 2009 - 12:32 PM

Thank you for your assistance

ok...downloaded Win32kDiag.exe and this is the copy of the text file:

Running from: C:\Documents and Settings\Boss Lady.LORISLAPTOP\Desktop\Win32kDiag.exe

Log file at : C:\Documents and Settings\Boss Lady.LORISLAPTOP\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...





Finished!

and this is the other log file:


Volume in drive C is OS
Volume Serial Number is 0F71-ECF8

Directory of C:\WINDOWS\$NtServicePackUninstall$

03/15/2006 10:00 PM 180,224 scecli.dll

Directory of C:\WINDOWS\$NtServicePackUninstall$

03/15/2006 10:00 PM 407,040 netlogon.dll

Directory of C:\WINDOWS\$NtServicePackUninstall$

03/15/2006 10:00 PM 55,808 eventlog.dll
3 File(s) 643,072 bytes

Directory of C:\WINDOWS\ServicePackFiles\i386

04/13/2008 06:12 PM 181,248 scecli.dll

Directory of C:\WINDOWS\ServicePackFiles\i386

04/13/2008 06:12 PM 407,040 netlogon.dll

Directory of C:\WINDOWS\ServicePackFiles\i386

04/13/2008 06:11 PM 56,320 eventlog.dll
3 File(s) 644,608 bytes

Directory of C:\WINDOWS\system32

04/13/2008 06:12 PM 181,248 scecli.dll

Directory of C:\WINDOWS\system32

04/13/2008 06:12 PM 407,040 netlogon.dll

Directory of C:\WINDOWS\system32

04/13/2008 06:11 PM 56,320 eventlog.dll
3 File(s) 644,608 bytes

Total Files Listed:
9 File(s) 1,932,288 bytes
0 Dir(s) 44,730,273,792 bytes free

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:18 AM

Posted 21 December 2009 - 12:49 PM

It looks like there is a rootkit variant in this log. The rootkit itself is a protection module used to terminate a variety of security tools by changing the permissions on targeted programs so that they cannot run or complete scans. There are some new variants of rootkits in the wild right now that will require custom scripts to remove the infection, the process must be completed by HJT team members or above.

Failure to follow the proper removal process can and will cause serious damage to a machine. Recovery of the machine may be difficult, if not impossible.


Next please go here HijackThis Logs and Virus/Trojan/Spyware/Malware Removal ,click New Topic,give it a relevant Title and post the above Win32kDiag.exe log.

Let me know how that went.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 HarleyLady

HarleyLady
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:18 PM

Posted 24 December 2009 - 05:56 PM

Thank you for directing me to the proper forum...got it all fixed and running correctly.

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:18 AM

Posted 24 December 2009 - 09:12 PM

You're most welcome!! I saw that you were in need of specialized tools. As new malware is getting stronger and harder to remove....
Please take a moment to read quietman7's excellent prevention tips in post 3 here
Click >>>> Tips to protect yourself against malware and reduce the potential for re-infection:

Happy Holidays :thumbsup:

Edited by boopme, 24 December 2009 - 09:13 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users