Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

redirect virus. . .can't kill it


  • Please log in to reply
1 reply to this topic

#1 lou apo

lou apo

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:06 PM

Posted 14 August 2010 - 01:59 PM

Hello,

My machine became infected with the fake anti-virus virus and also the goolge redirects about a month ago. I decided to reformat the hard drive and start from scratch with a new install of xp pro sp3. Reinstalled my applications and moved my documents back onto the computer. To my great dismay, I now have the redirect virus again. I can only guess I copied back onto my machine when moving stuff from the documents and settings folder.

I had installed MS Defender on the system first thing after the OS and it never detected anything and continues to detect nothing.
I since have installed McAfee, Malware Bytes, SpyBot, and Kaperski's TDSS removal tool to no avail. All of them said my computer was clean except the Kaperski tool said it detected a possible infection and I did tell it to delete the files.
I also ran combofix and can post the log if you like.
It still has the virus. Combofix did do a reboot at the start as it stated it detected root kit activity.

The only other curious thing that ocurred at the same time as the virus showing up was that my registration for sync2 software was deleted (had to re-register), and my itunes profile went away (program acted as though I was running it for the first time). I believe this all happened 2 days ago when the computer bogged down with a whole bunch of hard drive activity ocurring for no legitiate reason. Following that svchost started consuming huge amounts of memory and processor activity requiring a reboot. Since the full install I have visited a limited number of websites and am not aware of any risky behavior on my part.

Also, Hitman Pro states that it has detected a possible variant of the TDL3 (alias Alureon) rootkit.

Thanks for your time.

Edited by lou apo, 14 August 2010 - 04:14 PM.


BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,962 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:03:06 PM

Posted 14 August 2010 - 09:35 PM

Hello,

Please follow the instructions in ==>This Guide<== starting at step 6.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Since you have run ComboFix, please include the ComboFix log in the new topic. Please be sure to include a description of your computer issues and what you have done to try to resolve them.


If you cannot produce any of the other logs, then please create the new topic anyway, include the information that you were unable to produce the other logs and why and include the ComboFix log along with a description of your computer issues.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users