Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser search redirects and can't use Windows Update


  • Please log in to reply
1 reply to this topic

#1 Johnc6955

Johnc6955

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:11 PM

Posted 12 June 2010 - 06:13 PM

Hello,

I'm a system admin and I have an employees work computer that has a search page redirect. Also, they are unable to go to windows update and it looks like this may have been for some time. I've dealt with a lot of rootkits before similar to this but I have always been able to clean them up(thanks to your site and admins posts). However, in this case, I can't seem to get rid of it. I have run rootrepeal, McAfee Root detective(we also use McAfee Enterprise) and rootreveal, spybot, combofix, Ad-Aware, HJT, MBAM, mbr, TDLfix, GMER, new MVPS host file and more. Most attempts were based on the directions of what was posted by admins here. All the data was backed up, so losing everything and reinstalling would not be a problem. However, I prefer to learn by doing and I want to know how to handle this one going forward. Also, another computer seems to have the same symptoms and reformatting THAT one is an absolute last resort. OK, enough small talk, here we go.

The computer runs XP Professional with SP3 and IE 7. It also had Opera but I uninstalled that and other programs not needed. At work, we use an Oracle Forms app that limits our browser and java choices due to compatability. For example, IE8 and Java 6.20 do not work so we need to use lesser versions like IE7. The ComboFix did ran fine and said it needed to reboot after rootkit activity. The log said that PCIIDE.SYS was infected and cleaned. However, after rebooting the redirects remained. I also ran Combofix twice in a row and it still found the rootkit for PCIIDE.SYS. GMER also revealed issues with ATAPI.SYS("suspicious modification of atapi.sys") and I replaced both with clean disk copies (I check versions too) and still the same problems. MBAM, Spybot, McAfee, Ad-Aware, etc. have not found anything. I know I should have come to the experts here before the attempts, but since I always was able to clean up viruses and spyware before, I didn't want to admit defeat, well now I admit defeat. Again, my attempts did follow the steps posted for similar problems. Also MBAM realtime does decrease redirects by catching attempts to sites like 91.212.226.59 and 94.228.209.200. I checked the hosts file (no entries) but did change it to the MVP hosts file. As of right now, I have MBAM with realtime protection, McAfee Enterprise and HiJack this installed. I uninstalled Ad-Aware, Spybot, Combofix, etc. I hope I didn't ramble too much.

John

PS - I'm not the OTS admin so I don't set security policies for all our computers. I'm more a dba and database admin, so I hope I don't get yelled at here for some crappy virus/spyware protection policies. I certainly going to improve them now for our department.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:11 PM

Posted 12 June 2010 - 08:12 PM

Hello and welcome. I feel it would be best to get a deeper look and have our Malware Removal Team ID the problem.

Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
Include your ComboFix log.
Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users