Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


New Browser Redirects via rootkits

  • Please log in to reply
1 reply to this topic

#1 na6t


  • Members
  • 1 posts
  • Local time:04:50 PM

Posted 11 June 2010 - 02:53 AM

Hi all,
I've been using 'bleepingcomputer.com' for a few years in trouble shooting all kinds of problems. I ran into one today that's new to
me and a few other people i've talked to.

I had a client get 4 emails concerning her e-mail account being compromised. the email looked 'good' but it had an attachment
to it called 'open.html'. She said she didn't open the attachment before she called me. However, when I checked the computer
out you would get 'browser redirects' intermittantly to porn and other websites.
IE: google search on 'microsoft windows updates'. google would display the choices correctly, however when you clicked on
one of the MS links you would be taken to various other websites, NOT MS website that was displayed by the google search.

Checking IE: "internet options" I had NO proxy server redirects, "HiJackThis" looked good and the "HOSTS" file ONLY had the
" localhost" entry. This computer was on a fixed internal IP with the DNS hard coded into the network connection.

The fix was 'good old" combofix.exe. It ran, it found evidence of 'ROOTKIT' activity, rebooted and completed the check. It found
two 'suspecious files that it deleted and found 1 MS file "redbook.sys" infected. It cleaned it and finished the log.

After running combofix I checked the Google Search problem again and it was working correctly. Problem cured.

Thanks for being available everyone, I learned about combofix a year or so ago from this fourm.

Bob Smith
Robert Smith Consulting :thumbsup:

Edited by na6t, 11 June 2010 - 03:04 AM.

BC AdBot (Login to Remove)


#2 hamluis



  • Moderator
  • 56,406 posts
  • Gender:Male
  • Location:Killeen, TX
  • Local time:05:50 PM

Posted 11 June 2010 - 08:50 AM

Thank you for reporting your apparent success.


Since this is the XP forum, I would like all users to understand...that ComboFix is anything but a routine solution to malware situations. It is a specialized malware tool which is only to be run under the supervision of qualified malware personnel.

Please read the following for BC's policy on this malware tool. Doing so will probably save many users from needless frustration and possible self-inflicted wounds.

ComboFix usage, Questions, Help - Look here - http://www.bleepingcomputer.com/forums/t/273628/combofix-usage-questions-help-look-here/


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users