Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

redirecting problem


  • This topic is locked This topic is locked
2 replies to this topic

#1 LInuxftw

LInuxftw

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:58 PM

Posted 14 April 2010 - 07:15 PM

ok seems to be a pretty common problem now a days i fixed it before but idk what i did. this is my dads computer and he wont switch to linux.... anyways ive ran
sb Search & destroy
MBAM
SAS in safe mode and regular
combofix
xdelbox
gmer
hijack this
ad aware
avg
hitman pro
vundofix
bitdefender

anyways heres my hi jack this log

hellLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:14:04, on 4/14/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesAVGAVG9avgchsvx.exe
C:Program FilesAVGAVG9avgrsx.exe
C:Program FilesAVGAVG9avgcsrvx.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:Program FilesAVGAVG9avgwdsvc.exe
C:Program FilesBonjourmDNSResponder.exe
C:Program FilesSonyGiga Pocketshwserv.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesJavajre6binjqs.exe
C:Program FilesAVGAVG9avgnsx.exe
C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
C:WINDOWSSystem32ezSP_Px.exe
C:program filessupport.comclientbintgcmd.exe
C:WINDOWSAGRSMMSG.exe
C:Program FilesCommon FilesJavaJava Updatejusched.exe
C:Program FilesSpybot - Search & DestroyTeaTimer.exe
C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe
C:Program Filessonyusbsircsusbsircs.exe
C:Program FilesSonyGiga PocketReserveModule.exe
C:Program FilesSonyGiga PocketRM_SV.exe
C:WINDOWSsystem32wscntfy.exe
C:Program FilesSonyGiga Pocketgps.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Program FilesTrendMicroHiJackThisHiJackThis.exe
C:WINDOWSsystem32NOTEPAD.EXE
C:Documents and SettingslarryMy DocumentsDownloadsHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yahoo.com/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:Program FilesAVGAVG9avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~1SPYBOT~1SDHelper.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program FilesJavajre6binjp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll
O4 - HKLM..Run: [ATIPTA] C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
O4 - HKLM..Run: [ezShieldProtector for Px] C:WINDOWSSystem32ezSP_Px.exe
O4 - HKLM..Run: [ZTgServerSwitch] "c:program filessupport.comclientbintgcmd.exe" /server
O4 - HKLM..Run: [IgfxTray] C:WINDOWSSystem32igfxtray.exe
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM..Run: [VAIO Recovery] C:WINDOWSSonysysVAIO RecoveryPartSeal.exe
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesCommon FilesJavaJava Updatejusched.exe"
O4 - HKLM..Run: [HitmanPro35] "C:Program Filebleepman Pro 3.5HitmanPro35.exe" /scan:boot
O4 - HKCU..Run: [SpybotSD TeaTimer] C:Program FilesSpybot - Search & DestroyTeaTimer.exe
O4 - HKCU..Run: [SUPERAntiSpyware] C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe
O4 - Global Startup: Remocon Driver.lnk = ?
O4 - Global Startup: Timer Recording Manager.lnk = C:Program FilesSonyGiga PocketReserveModule.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~1SPYBOT~1SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~1SPYBOT~1SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} (Java Plug-in 1.6.0_15) -
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:Program FilesAVGAVG9avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:Program FilesSUPERAntiSpywareSASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:WINDOWSSYSTEM32avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:Program FilesAVGAVG9avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:Program FilesBonjourmDNSResponder.exe
O23 - Service: Giga Pocket Hardware Detector - Sony Corporation - C:Program FilesSonyGiga Pocketshwserv.exe
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:Program FilesJavajre6binjqs.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:WINDOWSSystem32nvsvc32.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:Program FilesSonyGiga Pockethalsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:Program FilesSonyGiga PocketRM_SV.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:Program FilesCommon FilesSony SharedAVLibSptisrv.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:Program FilesSonyVAIO Media Integrated ServerMusicSSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:Program FilesSonyVAIO Media Integrated ServerPlatformSV_Httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:Program FilesSonyVAIO Media Integrated ServerPlatformUPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:Program FilesSonyVAIO Media Integrated ServerPhotoappsrvPhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:Program FilesSonyVAIO Media Integrated ServerPlatformSV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:Program FilesSonyVAIO Media Integrated ServerPlatformUPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:Program FilesSonyVAIO Media Integrated ServerVideoGPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:Program FilesSonyVAIO Media Integrated ServerPlatformSV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:Program FilesSonyVAIO Media Integrated ServerPlatformUPnPFramework.exe
O24 - Desktop Component 0: (no name) - http://images.thesamba.com/vw/classifieds/pix/3051186.jpg
O24 - Desktop Component 1: (no name) - http://images.thesamba.com/vw/classifieds/pix/3146295.jpg
O24 - Desktop Component 2: (no name) - http://images.thesamba.com/vw/classifieds/pix/3144390.jpg
O24 - Desktop Component 3: (no name) - http://images.thesamba.com/vw/classifieds/pix/3147627.jpg
O24 - Desktop Component 4: (no name) - http://images.thesamba.com/vw/classifieds/pix/2597906.jpg
O24 - Desktop Component 5: (no name) - http://images.thesamba.com/vw/classifieds/pix/3094134.jpg

--
End of file - 8417 bytes

just ran a scan with TDSKILLER it says file C:/windows/system32/atapi.sys infected by tdss rootkit

then it says it will be removed upon reboot ive rebooted it 3 times and ran the scan again and it says the same thing each time..

Edit: Posts merged ~BP


problem solved i ran TDSS remover from esage labs it detected the hidden Reg

Alert Type: Hidden Object
Object Type: Registry Key
Original Name: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\gasfkykaiwqggk\main\injector

Alert Type: Hidden Object
Object Type: Registry Key
Original Name: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\gasfkykaiwqggk\main\tasks

Alert Type: Hidden Object
Object Type: Registry Key
Original Name: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\gasfkykaiwqggk\main

Alert Type: Hidden Object
Object Type: Registry Key
Original Name: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\gasfkykaiwqggk\modules

Edited by LInuxftw, 14 April 2010 - 09:03 PM.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:58 PM

Posted 18 April 2010 - 01:25 PM

Are you happy to have the topic closed?
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:58 PM

Posted 22 April 2010 - 07:29 PM

This topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users