Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I keep on getting redirected


  • This topic is locked This topic is locked
32 replies to this topic

#1 harrysang

harrysang

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:12 AM

Posted 20 February 2010 - 01:29 AM

I have windows xp service pack 3. My browser is ie and firefox.Ive been getting redirected for the past week.Ive tied malwarebytes, superantispyware and i was getting results earlier, but now they both say nothing detected but i still keep on getting redirected.If i click my mouse a couple of times at the site i need to go to I might get the right one but if i get redirected the back button wont work.Please assist I have already deleted my documents and pictures by mistake trying to get the SOB.I am not too computer savvy so bear with me.Thanks in advance.
Cheers harry

Attached Files



BC AdBot (Login to Remove)

 


#2 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:12 AM

Posted 20 February 2010 - 02:23 PM

Hi,

My name is Extremeboy (or EB for short), and I will be helping you with your log.

If you still require assistance we would like to see the current condition of your system so please post a new set of DDS Logs as well as a GMER log and a description of any remaining problems or symptoms you may still have please.

If for any reason you did not post a DDS log or GMER log please refer to this page and in step #6 and Step #7 and Step #8 for further instructions on downloading and running DDS & GMER. If you have any problems when running the tools or unable to produce a report for any reason, just let me know in your next reply.


For your next reply I would like to see:
-The DDS logs
---DDS.txt and Attach logs
-GMER log
-Description of any remaining problems you may still have.


With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#3 harrysang

harrysang
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:12 AM

Posted 20 February 2010 - 04:36 PM

Thanks partner.i did what you said.Like i said my firefox and IE keep redirecting me.Not every time but most.Also i tried to change my search on IE from fast search to something else and was blocked.I think my malwarebytes updates are getting blocked too.Attached are the docs you requested. PEACE

Attached Files

  • Attached File  Attach.txt   12.06KB   9 downloads
  • Attached File  DDS.txt   11.72KB   12 downloads
  • Attached File  gmer.zip   278.24KB   14 downloads
  • Attached File  ark.txt   3.57KB   13 downloads


#4 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:12 AM

Posted 20 February 2010 - 04:38 PM

Hello.

Seems you're infected with one of the TDL3 infection. Let's begin with Combofix and see.

Download and Run Combofix

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page on instructions on doing so.

Please include the C:\ComboFix.txt in your next reply for further review.

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#5 harrysang

harrysang
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:12 AM

Posted 20 February 2010 - 08:51 PM

Extreme boy thanks for hanging in there.I cannot do the next step due to time constraints(gotta go to work).The combo fix instructions for a novice like me need my utmost concentration.I will be back in the AM. See you tomorrow.Stay with me I have to get this bug off.Thanks in advance.PEACE

#6 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:12 AM

Posted 20 February 2010 - 08:59 PM

No problem. Thanks for letting me know ahead of time
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#7 harrysang

harrysang
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:12 AM

Posted 21 February 2010 - 03:51 PM

Hey, I ran combofix.It did not download the recovery console (boot partition cannot be enumerated correctly).I am still getting sent to sites other than what i clicked for.LATER

Attached Files



#8 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:12 AM

Posted 21 February 2010 - 07:13 PM

Hello.

Yes, Combofix did not fix it due to the fact Recovery Console was not installed. We can deal with it manually but we should also fix that boot issue of yours too. Let's fix that boot.ini file problem first.

Download and Run BootCheck

We need to check your Boot.INI File

Download BootCheck.exe to your desktop.
  • Double click BootCheck.exe to run it.
    Allow it to run when you get the security Warning
  • When complete, a Notepad window will open with the information I need.
  • Save the Notepad file to your desktop as BootCheck.txt
  • Copy and Paste the contents of BootCheck.txt in your next reply please.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#9 harrysang

harrysang
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:12 AM

Posted 21 February 2010 - 09:00 PM

-Edit-

Edited by extremeboy, 23 February 2010 - 07:50 PM.


#10 harrysang

harrysang
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:12 AM

Posted 21 February 2010 - 09:02 PM

Here it is.Thanks

Attached Files



#11 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:12 AM

Posted 22 February 2010 - 08:46 PM

Can you try running it again for me.
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#12 harrysang

harrysang
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:12 AM

Posted 22 February 2010 - 10:49 PM

-Edit-

Attached Files


Edited by extremeboy, 23 February 2010 - 07:50 PM.


#13 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:12 AM

Posted 23 February 2010 - 07:49 PM

Hello.

Download and Run SystemLook

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it. (If you are using Vista, please right-click and select run as administartor)
  • A blank Windows shall open with the title "SystemLook v1.0-by Jpshortstuff".
  • Copy and Paste the content of the following codebox into the main textfield under "File":
    CODE
    :contents
    C:\boot.ini
  • Please Confirm everything is copied and Pasted as I have provided above
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan.
  • Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
2nd Note: The scan may take a while from several seconds to a minute or more depending on the number of files you have and how fast your computer can perform the task


Submit file sample
  • Open to the Submission Channel.
  • Under Link to topic where this file was requested, input:
    CODE
    http://www.bleepingcomputer.com/forums/topic297111.htmle
  • Click Browse and select the C:\boot.ini file
  • Under the comments section, say that Extremeboy asked for the submission.
  • Then select Send File to send it
  • After that you should get a confirmation if it was uploaded successfully.

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#14 harrysang

harrysang
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:12 AM

Posted 24 February 2010 - 01:12 AM

Morning, here are the results.THANKS LATER

Attached Files


Edited by harrysang, 24 February 2010 - 12:51 PM.


#15 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:12 AM

Posted 24 February 2010 - 05:29 PM

Hello,

The boot.ini issue may take a while to deal with, so in the meantime I would like to fix one of the infected atapi.sys infection which is part of a rootkit that is dangerous. Regarding rootkits...

Unfortunatly One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

If you wish to continue follow the steps below . . . Otherwise, let me know.

We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. Under "Extra Registry" please check "Use Safelist" and also check "LOP Check" and "Purity Check" as pictured.
  6. Copy and Paste the following code into the textbox. Do not include the word "Code"

    CODE
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    CREATERESTOREPOINT

  7. Push
  8. A report will open. Copy and Paste that report in your next reply.
  9. Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized


Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users