Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect virus removal success


  • Please log in to reply
5 replies to this topic

#1 1BadM6

1BadM6

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:52 PM

Posted 18 June 2010 - 03:50 AM

This is a long story but to get to the point of it quickly, I finally got rid of my link/Google/IE redirect problems using TDSS Killer. Now for the long version. I had been having this redirect problem for a couple of weeks and it eventually opened up multiple windows in IE8 which I promptly closed. One of those windows was actually a web page designed to look like a normal pop up with a button on the top right where you normally close it. It said it had scanned my system and recommended I click on the download button to download a new virus scanner but I chose to close it instead by clicking on the 'x'. It immediatetly started downloading the FakeAVSoft virus of which mine turned out to be the Protection Center. I won't go into details of what it did since those are already available on this site. It was nasty but it lead me to this great site and forum and after spending nearly 40 hours battling this bug I eventually quarantined it by using Malware Bytes, Super Antispyware and RKill. McAfee was not able to identify one malware file while the others located no less than 26. I perfomed some registry cleaning of my own, ran Scan Disk and Defrag and turned off a lot of services that were starting automatically to see if I could gain a little more speed. When I went back to surfing the web I noticed I was still being redirected to other sites than what I typed or differing site than the links I clicked on. I decided to rescan my system but when I booted into safe mode nothing showed up on my screen. My PC had performed the POST with no errors and I figured I had lost my hard drive from all of the work I was putting it through. Bummed but fully prepared to build a new system, I was just about to start ordering new parts when I though I would mess with my video card first. I plugged in a serial cable to the back of my card, my previous cable was a DVI, and low and behold I had video. I then preceded to reseat the DVI cable and I had video with that cable as well.

With my system running once more but still having the redirect problem I decided to do some more research on this amazing site when I came across a topic written by an IT professional seeing this redirect problem on multiple computers and only being able to fix it by reformatting and reinstalling windows. In that same article someone recommened downloading TDSS Killer as it might be a problem in a root file. I had nothing to lose so I downloading the program, ran it and it did find one corrupt file that it deleted for me and I have had no problems with being redirected to any other sites for the last 4 hours. Crossing my fingers and I hope this helps some of you experiencing the same problem which can lead to much bigger problems as I outlinged. Good luck! If anyone has links to these sites or posts please feel free to add them in your replies or I will add them at a later time as it is very late right now.
Regards,

Dwight

Edited by 1BadM6, 18 June 2010 - 03:55 AM.


BC AdBot (Login to Remove)

 


#2 RCSea

RCSea

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:52 PM

Posted 18 June 2010 - 09:38 AM

Thanks, that tool is the only thing that found the last remaining bit of malware on my PC. I had success removing 95% of the infection using Spybot S&D, Anti-Malware, and even Microsoft Security Essentials, but once they all declared me virus/trojan free, I still could not connect to Microsoft Update (either through Internet Explorer or Automatic Updates) and occasionally Internet Explorer would launch extra copies of itself for weird advertisment sites. Anyway I ran TDSS Killer and sure enough, it found a bogus driver that the others had failed to detect. Once my computer rebooted my automatic Windows Updates started downloading again right away.

FYI, TDSS Killer doesn't seem to create a log file. I remember the bad driver was called TCPIP.sys but it was not in the %windows%\system32\drivers folder (but without a log I can't tell you where it was locatated). There is a legit driver called TCPIP.sys, so if you decide to delete it, make sure you are not deleting the legitimate one, which you need.

Anyways thanks again for posting this even though you had already solved your problem on your own, you helped at least me anyway and hopefully a few others as well. Now hopefully one of these major anti-malware tools will start detecting this baddie as well.

Edited by RCSea, 18 June 2010 - 09:42 AM.


#3 mark867

mark867

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:52 PM

Posted 18 June 2010 - 10:18 AM

Thank you. I too have been battling the redirect, hours and hours and hours. I must have downloaded and installed every antimalware, anti virus and cleanup app out there. It was like a bad dream, quick scans, long scans, full scans...reboot....Reboot...REBOOT...on and on. Sorry for the dramatics, just feel like a huge weight has been lifted off my shoulders. TDSS Killer appears to be working for me as this is the first time in a week or two that my browsers(IE and Firefox) have not been redirecting me. It mentioned some sort of ftsys file that it deleted on the restart. As I type this...I am on my knees at my desk thanking you from the bottom of my heart. Like on stage at some award show-->I'd like to thank all of you at Bleepingcomputer.com for making this moment possible, I'd also like to thank 1badm6 for his post which got me to where I am today. I'd also like to give a shot out to Kaspersky for developing the superbad tdss killer and of course I'd like to thank my mom and dad for without whom, none of this would have been possible. <sniffle> Yay!! Looking out the window now, it seems like a whole new world is out there. The future looks almost as bright as the sun. I think I'll go for a walk.

#4 pixyz

pixyz

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:52 PM

Posted 18 June 2010 - 10:39 AM

:thumbsup: Congratulations! I'm glad you're all clear and I hope you stay clear...

These redirect viruses remind me of real viruses.

In some cases, we get diagnosed, start antibiotics, start to feel better, and then stop before we finish the entire prescription. Next thing you know, the virus symptoms returns and can become drug resistant.

Not to rain on anyone's parade, but redirecting can lie dormant for a little while after running some tools and then start up again. At least this has been my case. It wouldn't hurt to have a malware response team member check your logs and give you the "all clear".

#5 1BadM6

1BadM6
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:52 PM

Posted 19 June 2010 - 12:27 AM

Glad I could help get the word out but I am just a messenger and I hope that stinking redirect doesn't go dormant on me. I hope TDSS Killer can resolve everyone's symptoms but I only have experience with my machine. Try it, what is there to lose? I hope other will have success with this as I well because this seems to be a pretty rampant virus.

After scratching my brain and trying to figure where I got the virus from I realized the only major additions I made to my PC was Office 2010 and Rhapsody. The redirects started happening before I loaded Office but after loading Rhapsody. To say the least, Rhapsody got the boot and never shall it return. This is my home office PC and far too much data to risk by downloading play toys.
Regards,

Dwight

#6 mark867

mark867

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:52 PM

Posted 19 June 2010 - 09:20 AM

I have no idea where I got this problem from, I did visit a site that was "questionable" but don't remember anything saying it was downloading anything to my comp. I hope it stays away. On a side note, I have been using my wifes laptop next to my desktop to help diagnose since my system was bad and unfortunately, it got the bsod. 6 hours later, and a complete reformat...I think it is a bad memory stick. I hope it is not another virus. Does it ever end? Thanks again.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users