Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Directrdr redirects


  • Please log in to reply
2 replies to this topic

#1 Dworrakk

Dworrakk

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:09 PM

Posted 22 January 2010 - 09:03 PM

For the last week or so, I have noticed several redirects through directrdr using Firefox, and Opera. I never use IE, i don't trust it. Normally when I have issues, I run a few scans and the issue or problem is found and removed.

I started scanning, I scanned with:

McAfee
Spybot Search & Destroy
Ad-Aware SE
Malwarebytes' Anti-Malware
SUPERAntiSpyware
Windows Defender

They all found the usual tracking cookies and other small removable items and such, but they didn't fix the redirects. I have also noticed that Internet Explorer opens randomly in the task manager under processes, but no window is open for it. Thinking it might be Windows Media Player, I didn't open Media Player for a few days just to keep an eye, and the IE process pops up randomly still.

My operating system is Windows Vista Ultimate 32bit
Browser versions: Firefox: 3.5.7, Opera 10.10

Any help would greatly be appreciated.

BC AdBot (Login to Remove)

 


#2 yupp

yupp

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:09 PM

Posted 26 January 2010 - 03:55 PM

Hello Dworrakk.

I also have a problem with directrdr.com.
Every link that redirects or if I search via google and yahoo and take there a link.

I also scanned with all that was found. Took 3 days.

My solution was the desinfec't 8 tool from german pc magazin c't by www.heise.de
I don't know if it was available for you.
But I think you also can do it without.
My problem was the file atapi.sys
(2010-01-26 14:34:50 localhost.localdomain avscan[13798]: AVGU: ALERT AntiVir FUND in Datei "/media/sdb1-System/WINDOWS/system32/drivers/atapi.sys": TR/Patched.Gen ; trojan ; Is the Trojan horse TR/Patched.Gen)
I use win xp.

Short, the desinfect has a version of Knoppicillin.
It was bootable linux cd and load the newest antivirus def's from kaspersky, bitdefender an avira antivirus.
It took about 6 hours for 750gb(500+250) harddisks. Have a lot of pics.
And Avira found that one. My avira free edition running under windows itself, does not found it.
It deleted the atapi.sys and windows could not launch. After I copied that file from my windows cd to my HD, it booted and I do not get that problem since 3 hours testing.

Somewhere in the WWW I remand also someone who told he had the virus in atapi.sys.

Be sure of copying the file from the original windows cd.
If you are not familar with pc work, copy first the file to a usb stick or to a partition(not C) on HD.
Boot a linux cd (ubuntu or something), delete the atapi.sys on you windows directory and copy over the one from your cd.
Perhaps it works. Be sure about your windows system recovery.

I don't know if there were any issues with that old atapi.sys file.


Hope it works for you, and others, too. :thumbsup:

(sorry for my bad english, hope all understand)

perhaps this goes easier:
http://www.iishacks.com/index.php/2009/11/...alse-positives/

Edited by yupp, 26 January 2010 - 04:06 PM.


#3 yupp

yupp

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:09 PM

Posted 06 February 2010 - 01:08 PM

Say, as I named it, it worked.
I(some anti-spywork) killed the atapi.sys and I copied tho old one from my system cd.
Since then I got no problems anymore.

But be carefull about the atapi.sys and the reboot issue.

regards




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users