Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijacked in Austin


  • Please log in to reply
1 reply to this topic

#1 barryd

barryd

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:45 AM

Posted 29 March 2010 - 06:26 PM

Using IE 8 I am consistently being redirected. Typically I wind up being transferred to the Myshovel URL and am asked to type in an authentication pattern. Sometimes I wind up at YellowPages. When I tried to download some of the AntiVirus programs the redirection viruses would terminate my browser. I used a 2nd PC to download the programs below onto a memory stick and then installed then one by one in Safe Mode and removing them w/unistall when they failed to cure the virus. I now do not know what all is legacy and can work on the PC but am still infected.

I loaded PCTools - and had no luck w/presenting problem. Same with Pareto, MalwareBytes, SpySweeper, Eusing Registry cleaner, HiJack This.......and so on. They all found problems and cleaned them up but I am still infected. I tried the unpublished reinstall of Windows which was successful in whatever it did - I know this because at the end I was able to use all my pre-existing S/W and over the course of two days I iteratively downloaded all patches.

I did find an anomalous file in Windows/System32 called cbed.sys that was created 2/23/10. I tried to remove it and failed. I have a laptop also running XP but it does not contain this file. I asked a friend in IT who has XP on several machines and he does not have cbed.sys either. Can you explain what or why a WINDOWS/SYSTEM32 file would have a creation date that is substantially different created on date? This makes no sense and I think it is about this time that my system went bonkers.

I had a "pro" come over and we ran Kaversky - or something like that, which supposedly is a Linux program booted from CD that can scan the system outside the XP O/S. I ran this several times and while it found some things that it considered anomalous my Browser still gets hijacked.

I have loaded Safari as well as Chrome to use as secondary browsers and still have hijacking issues.

Under direction of the PCTools staff in Australia, I downloaded Combofix and ran it and only now see that I might have screwed up by doing so before being told by this forum.

I do have a log but Pareto S/W was running at the time and it might not have allowed the running of one of the ComboFix checks.

I can follow directions fairly well and am willing to have someone be my brain while I am their eyes and hands.

Hijacked in Austin
Barry L. Dichter

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:45 AM

Posted 29 March 2010 - 09:13 PM

Hello since you ran Combo. we may as well post the log for review with these.
Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic from step 9. Not here,thanks.
If Gmer won't run,skip it and move on.
Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users