Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

cannot get to Windows Update and Browser hijack


  • This topic is locked This topic is locked
8 replies to this topic

#1 Gemsler

Gemsler

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:58 PM

Posted 24 May 2010 - 10:59 AM

I cannot get to any windows update site, many other sites are rerouted to random websites. i have McAfee, also tried Malwarebytes, adaware and Spyboot, they all found some stuff, but come up clean now. I use both IE8 and Firefox, they have the same issues
Also for some reason, Windows security center does not detect McAfee.

Regards

Gemsler

EDIT: Moved to Malware Removal Logs forum from XP ~ Hamluis.

Attached Files


Edited by hamluis, 24 May 2010 - 11:12 AM.


BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:58 PM

Posted 24 May 2010 - 11:43 AM

Hello Gemsler,



Before we get started we need to take care of a couple of issues :

I see Norton in your log.....do you use it? If you use McAfee, then I would suggest you use this tool to uninstall Norton.

The Norton uninstall tool uninstalls ALL Norton 2004/2005/2006/2007/2008-2010 products from your computer. It also uninstalls Norton Ghost 10.0/9.0/2003. http://service1.symantec.com/SUPPORT/tsgen...005033108162039

While running the tools I ask you to run, please be sure Spybot's Tea Timer is always disabled, as well as McAfee. As a precaution ComboFix will take you offline during its run, so there will be no risk of reinfection while McAfee is off.


This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

If you have trouble running it the first time, then rename ComboFix.exe to Gemsler.exe and try again.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 Gemsler

Gemsler
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:58 PM

Posted 24 May 2010 - 02:45 PM

thanks tea, after running combofix, i was able to get windows updates. Browsing seams normal now also.
Two things i notice, when the computer is almost finished booting, spyboot is warning me that something wants to turn off System Restore,
and Windows security is still not seeing McAfee.

Thanks you very much.

Gemsler

Attached Files



#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:58 PM

Posted 24 May 2010 - 02:57 PM

Hello,

You're welcome. smile.gif

Turn Spybot off, and just leave it off until we're done. It really doesn't help our cause at the moment, when we need to make several changes.

I don't see what I should normally see with this infection, so let's have a look :
  1. Go to this page and Download TDSSKiller.zip to your Desktop.
  2. Extract its contents to your desktop and drag TDSSKiller.exe on the desktop, not in the folder.
  3. Vista Start logo >All Programs> Accessories> RIGHT-click on Command Prompt and Select Run As Administrator. Copy/paste the following bolded command and hit Enter.

    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v
  4. If TDSSKiller alerts you that the system needs to reboot, please consent.
  5. When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 Gemsler

Gemsler
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:58 PM

Posted 24 May 2010 - 03:37 PM

i ran it

Attached Files



#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:58 PM

Posted 24 May 2010 - 03:51 PM

Good...thank you! Nothing there that shouldn't be. thumbup2.gif

With Spybot still off, please see if you can update MBAM (Malwarebytes) and have a scan with it. If it shows anything, please let it clean then post the report. I would also recommend you uninstall, then reinstall your McAfee and see if it is recognized. Let me know how you come out. smile.gif

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 Gemsler

Gemsler
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:58 PM

Posted 25 May 2010 - 10:52 AM

all seams fine, thank you very much for the great help!!

#8 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:58 PM

Posted 25 May 2010 - 11:29 AM

You're welcome, and I'm glad all is well. thumbup2.gif

Please delete ComboFix and its folder, C:\Qoobox. Empty your recycle bin and reboot.

Take care!
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#9 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:58 PM

Posted 01 June 2010 - 09:18 PM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users