Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus that I cannot get rid of is redirecting my browser, not allowing me to access windows update and cannot restore to factory settings


  • This topic is locked This topic is locked
4 replies to this topic

#1 brs24

brs24

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:31 PM

Posted 05 June 2010 - 01:56 AM

Hi, I've tried a combination of every anti-virus and malaware remover I can think of. I've use AVG and super-anti as bases either having one or the other installed, while having ad-aware and malawarebytes. I've used these combination's with my computer set in safe mode. I've also ran a few browser scanners but nothing has fixed my problem.

Basically what's happening is my browser is being redirected 50% of the time, I cannot connect to windows update, and I for some reason I cannot do a factory restore (I have a dell and the ctrl-f11 is not working and I've tried many times, and yes it has worked for me before on this computer). What's weird is when I am starting up my computer to do the dell factory restore and I am about to press control f11 simultaneously ( the only way it works is if you hit them together as the blue bar is just beginning to start loading or filling up), but now the blue bar is automatically half loaded or full at the start up, which I think is why I cannot do the dell restore.

Anyways I've ran tons scans on my computer but nothing has worked, so if you guys can help, that would be great. Thanks

Attached Files


Edited by Budapest, 05 June 2010 - 06:26 AM.
Moved from XP ~BP


BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,711 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:31 AM

Posted 07 June 2010 - 07:16 PM

Hi brs24,

Welcome to BC Malware Removal forum.

You computer is infected with a rootkit.

Download http://download.bleepingcomputer.com/farbar/TDLfix.exe and save it to your desktop.
  • Disable real-time protection of your security software and make sure it will not run at startup after reboot. They may otherwise interfere with the tool. (Information on A/V control HERE)
  • Close all the open windows.
  • Double-click TDLfix.exe to run the tool, a command window opens.
  • Type (or copy the following and right-click to paste) in the command window and press Enter:

    rdpcdd


  • The application shall restart the computer immediately and runs after restart.
  • Tell me if the computer rebooted and the tool ran to completion. Also see if the problem is resolved.



#3 brs24

brs24
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:31 PM

Posted 08 June 2010 - 01:14 AM

Everything worked, thank you. I was asked if I wanted to insert a windows cd to restore the computer because my files were altered but I clicked no (sorry paraphrasing). That's okay, right? . Thanks again for all the help, my internet is working and I can get a windows update again.

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,711 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:31 AM

Posted 08 June 2010 - 03:14 AM

It looks good and you are welcome. thumbup2.gif

No need for Windows CD, the tool used the legit copy on the computer. But if you have inserted your Windows CD windows should have used an older copy which would work.
  1. Run TDLfix, type del and press Enter. This will delete the quarantined infected file and mbr.exe. Delete the tool from your desktop.

    Also remove any tool or log we used from your computer.

  2. Please download OTC and save it to Desktop.
    • Make sure you have internet connection.
    • Double-click OTC. In Windows Vista right-click to run it as administrator.
    • Click the CleanUp! button.
    • Select Yes when the "Begin cleanup Process?" prompt appears.
    • If you are prompted to Reboot during the cleanup, select Yes.

  3. First Set a New Restore Point then Remove the Old Restore Points to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

    To set a new restore point:
    • Go to Start > Programs > Accessories > System Tools and click "System Restore".
    • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next".
    • Give the Restore Point a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.

    To remove the old restore points:
    • Go to Start > Run then type: Cleanmgr in the box and click "OK".
    • You get a window to select the drive to clean, the default is already set to (C:) drive. Click OK.
    • Click the "More Options" Tab.
    • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
    • Click OK and Yes.

Happy Surfing. smile.gif

#5 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,711 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:31 AM

Posted 14 June 2010 - 06:29 AM

This thread will now be closed due to lack of activity.

If you should have a new issue, please start a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users