Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google link redirector/hijacker - Windows update service


  • Please log in to reply
3 replies to this topic

#1 c_robertson

c_robertson

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:32 PM

Posted 05 September 2010 - 08:44 PM

Firstly, I'm a computer repair professional and troll this site to see what is new in the way of trojans.
Recently My NIS2010 began warning me about several files that were "infected" and removed them.
Shortly there after, My links in google and yahoo searches would get redirected. This is what I tried.
XP-pro IE8 hijacked links, most any search engine.
Tested google chrome - No redirected links
Reset IE8, cleaned all temp files (ccleaner & ATF cleaner) & Disabled all addons.

Scanned with, NIS 2010, hijack this, SAS, MBM, NTT, rookit revealer, and about 10 other little utilities and such. They all found nothing.
I've had this before and had an idea of what it was, but wanted to find a program that could detect this. I considered combofix, but that's my last ditch program.

In Hijack-this, I removed all BHOs and really stripped the system bare.
I use Anvir to check the services and processes.
I Have a few programs that turn off all un-nesessary services
Then turned off optional serivces. No good.
I begin turning off non-critical services.
The first, my fist suspect - Windows update service.

I've had this before, and used this same process to find it. I had already determined to re-install windows, so I ran combo-fix and it confirmed and replace it, but there were enough other problems, plus a few audio drivers were infected to all I got after that was BSOD.

Yes, sure enough, it was windows update service, it showed as a Microsoft product and showed no signs of being infected.

The one thing I would like to know from this community is. What is the best way to repair this, especially since none of the programs see it as a trojan?

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,012 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:09:32 PM

Posted 05 September 2010 - 09:14 PM

Hello,

Since you are not actually experiencing an infection, I am moving this topic to the AntiVirus, Firewall and Privacy Products and Protection Methods forum.

As for your question, there is no best way to repair what you describe; there are far too many variables involved. Further, many different kinds of infections can cause the same symptoms. Therefore, each infection requires a unique removal process.

Orange Blossom :thumbsup:

Edited to add: You may wish to read this post: http://www.bleepingcomputer.com/forums/ind...t&p=1918015

~ OB

Edited by Orange Blossom, 05 September 2010 - 09:28 PM.

Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 Cyber-Flux

Cyber-Flux

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:32 AM

Posted 08 September 2010 - 07:38 AM

Hi,

I've seen this before and quite familiar with it.

The infected system files acts as loaders to the actual set of codes/instructions stored in an encrypted section of the HDD.

How does that information help? not much.

How can it be fixed? Replace the infected files. How? Windows Repair Install... is the easiest option.
there is a manual way of doing it but it involves the windows recovery console/linux. repair it from outside Windows.

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,771 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:32 PM

Posted 08 September 2010 - 10:57 AM

Attempting to reinstall Windows (repair install) without first wiping the entire hard drive with a repartition/reformat will not always remove the infection. The reinstall will only overwrite the Windows files. Any malware on the system causing problems will still be there afterwards and a Repair will NOT help!.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users