Posted 24 March 2010 - 05:14 PM
Using IE 8 I am consistently being redirected. Typically I wind up being transferred to the Myshovel URL and am asked to type in an authentication pattern. Sometimes I wind up at YellowPages. When I tried to download some of the AntiVirus programs the redirection viruses would terminate my browser. I used a 2nd PC to download the programs below onto a memory stick and then installed then one by one in Safe Mode and removing them w/unistall when they failed to cure the virus. I now do not know what all is legacy and can work on the PC but am still infected.
I loaded PCTools - and had no luck w/presenting problem. Same with Pareto, MalwareBytes, SpySweeper, Eusing Registry cleaner, HiJack This.......and so on. They all found problems and cleaned them up but I am still infected. I tried the unpublished reinstall of Windows which was successful in whatever it did - I know this because at the end I was able to use all my pre-existing S/W and over the course of two days I iteratively downloaded all patches.
I did find an anomalous file in Windows/System32 called cbed.sys that was created 2/23/10. I tried to remove it and failed. I have a laptop also running XP but it does not contain this file. I asked a friend in IT who has XP on several machines and he does not have cbed.sys either. Can you explain what or why a WINDOWS/SYSTEM32 file would have a creation date that is substantially different created on date? This makes no sense and I think it is about this time that my system went bonkers.
I had a "pro" come over and we ran Kaversky - or something like that, which supposedly is a Linux program booted from CD that can scan the system outside the XP O/S. I ran this several times and while it found some things that it considered anomalous my Browser still gets hijacked.
I have loaded Safari as well as Chrome to use as secondary browsers and still have hijacking issues.
Under direction of the PCTools staff in Australia, I downloaded Combofix and ran it and only now see that I might have screwed up by doing so before being told by this forum.
I do have a log but Pareto S/W was running at the time and it might not have allowed the running of one of the ComboFix checks.
I can follow directions fairly well and am willing to have someone be my brain while I am their eyes and hands.
Hijacked in Austin
Barry L. Dichter