Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Triplexfeed link hijack; Malwarebytes crashes XP Pro

  • Please log in to reply
2 replies to this topic

#1 visionquest


  • Members
  • 4 posts
  • Local time:06:17 AM

Posted 17 February 2010 - 04:12 AM


A friend's HP desktop had been infected with various virus and trojans. OS is XP Pro and the system is set up with RAID 1 - not sure if it is a hardware or software RAID.

The machine was using Trend Micro which appears to have been targeted since after the infection it was not fully enabled.
The client bought Pareto Logic Anti-Virus PLUS and it removed many infections. I apologize for not having the names of the virus/trojans.

I installed Malware Bytes after downloading as different filename, installing and changing name of exe file.
More infections were removed - no details.

Afer running Malwarebytes it was hard to boot the machine. Windows would get to the splash screen then momentarily I would see BSD and be returned to the options boot up screen. Finally the machine would boot by selecting Last known good configuration. This sometimes took several goes.

Machine would not boot into safe mode.

Furthermore, running Malwarebytes again causes machine to crash (BSD) after a couple of seconds.

At this point client continued to use machine then reported virus warnings in IE pages and the program Personal Security suggesting a program to fix the problem. In Firefox I noticed that Google search links were redirected to heavy.com and not the link target.

I tried installing Microsoft Security Essentials which cleared out Personal Security and seemed to fix the heavy.com redirect.


In Firefox and IE, Google Search links now go the target URL but are redirected via triplexfeed.com. Apparently this is due to the presence of a root kit.

As well, the booting problem still exists. Sometimes boots straight up, sometimes returns to options screen and needs to be started as Last known configuration and Safe mode boot won't work. Running Malwarebytes still crashes the machine. At this point I am at a loss as to how to proceed further.

DDS won't run on this machine as it has AutoCAD installed. dds.scr is recognized as an AutoCAD script. When it runs it generates a Notepad file with gibberish.

In the absence of the dds output I have a HijackThis log and a RootRepeal report available to be posted or attached on request. I would appreciate any advice to correct this problem.

In another forum post I asked if restoring the machine to an earlier clean restore point would be effective. The answer was that it may work. If necessary I can go back to an earlier restore point but would prefer to know that all infections have been removed first.


Edited by Orange Blossom, 17 February 2010 - 07:43 PM.
Move to AII. ~ OB

BC AdBot (Login to Remove)


#2 rhawkins88


  • Members
  • 1 posts
  • Local time:03:17 PM

Posted 17 February 2010 - 10:12 PM

Download HItman Pro 3.5.... had the same problem and this found it and removed it. Good luck


#3 visionquest

  • Topic Starter

  • Members
  • 4 posts
  • Local time:06:17 AM

Posted 18 February 2010 - 03:01 AM

Thanks for the suggestion rhawkins. Is this related to the triplexfeed redirect only or does it also address the boot problem and Malwarebytes crashing the system?

Anyone have other suggestions? I see my post has been moved to the Am I Infected forum.



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users