Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

XP Security Centre + redirect


  • This topic is locked This topic is locked
4 replies to this topic

#1 jonm01

jonm01

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:10 AM

Posted 14 April 2010 - 04:36 AM

I clicked on a rogue link and got the AVE virus.

I ran the little fix that allows MBAM to work and that got rid of the AVE virus ok but on reboot I was getting the Google redirects which attempted to install AVE again but this time was stopped as I had turned on the AVG link scanner.

I ran GMER which indictated a rootkit present and an altered atapi.sys.

I ran the TDDS killer from kapersky and that seems to have sorted the redirects, however, I have had a couple of total freezes since so I think there may be something still present. I've run full scans of AVG, MBAM and Spybot, Hitman and PrevX and nothing showing.

Would it be advisable to run Combofix?

I have used this a couple of times on other PC's to get rid of similar variants but I am always nervous about running it.

BC AdBot (Login to Remove)

 


#2 jonm01

jonm01
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:10 AM

Posted 15 April 2010 - 05:47 AM

My redirects came back, it seems something keeps spawning new attacks and disguising them in svchost.exe processes.

#3 jonm01

jonm01
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:10 AM

Posted 16 April 2010 - 04:09 AM

It seems the experts on here are only able to help a small number of people so I will post updates on my problem in the hope it helps others.

I ran a scan with Cure It and that highlighted the TDSS virus on the system file afd.sys. I clicked on 'cure' and it repeated the same thing 55 times before completing the scan overnight and not finding anything else.

Also AVG had run during the night and highlighted the same file twice but it said it was a white listed critical system file and not to move it.

So i don't really know what else to do now. i haven't rebooted yet so I don't know if Cureit deleted the afd.sys file and if that will cause the PC to not boot.

I'm going to try the Kapersky online scan now.

#4 jonm01

jonm01
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:10 AM

Posted 16 April 2010 - 03:03 PM

Kapersky found nothing.

Tried StopZilla. Found lots of Registry stuff, didn't bother to pay for the full version.

Started getting svchost.exe problems every five minutes i.e making temp directories.

Ran ComboFix. The AVE virus came back as I was trying to close AVG 9 but i was desperate so let CF carry on.

Seems to have worked :thumbsup:

#5 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,806 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:09:10 AM

Posted 18 April 2010 - 08:46 AM

Hello,

Rootkits are bad business and you are fortunate that you didn't hose your system by what you have done. Please note that if your symptoms are gone, the infection may not be. I see that you have a log posted here: http://www.bleepingcomputer.com/forums/t/309977/more-redirect-virus/ I'm going to edit the link to this topic into it so the team can see the contextual information regarding your issue. Please note: you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take a few more days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users