Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search Engine Redirect


  • This topic is locked This topic is locked
53 replies to this topic

#1 lydora

lydora

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 06 September 2010 - 09:24 AM

Hey, I'm still currently in the process of scanning with GMER, it's already taken upwards of 3 hours, so i figure making this thread and getting rolling is probably a good idea. If this is not appropriate then my apologies, please delete the thread.

I'm something of a computer novice, suffering from the (apparently) extremely common problem of redirected search results on google/all search engines. I basically followed the steps i took to remove antimalware doctor previously.

- Rebooted in safe mode (or ran rkill)
- Scanned with a variety of diagnostic tools (Stinger, TDSSkiller, Hitman Pro, Malwarebytes and the like)

However despite some "success" in finding rootkits via both tdsskiller and malwarebytes, I was unable to successfully remove either (despite the product's claims that the removal HAD been successful). Bizarrely Hitmanpro denoted explorer.exe as malware, and in fact, my IE has been unable to access any websites since I contracted antimalware doctor previously (some weeks ago). Though this is more of a curious coincidence i suppose, than to blame for the trouble i am presently experiencing. A number of sites/people advocate using combofix but frankly I am not willing to do so without being ordered to by someone who actually has a clue tongue.gif

My DDS logs are attached, GMER will follow when finished.

Many thanks,

Rhys.

Browser - Firefox Os - XP

Attached Files


Edited by lydora, 06 September 2010 - 09:26 AM.


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:43 PM

Posted 13 September 2010 - 12:44 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 lydora

lydora
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 15 September 2010 - 08:56 AM

Hey, great to finally get a response. I hadn't gone elsewhere, or performed any further steps since i initially contacted you, since the redirect virus isn't exactly that crippling.

My logs will be inc shortly.


EDIT - Having some difficulty getting OTL to complete atm, it goes to "Manual File Scan - Getting folder Structure", then becomes unresponsive.

Edited by lydora, 15 September 2010 - 09:08 AM.


#4 lydora

lydora
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 15 September 2010 - 09:07 AM

Never mind, managed to get the scan to complete 3rd time lucky :D

Attached are the results.

Attached Files



#5 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:43 PM

Posted 15 September 2010 - 02:03 PM

Hi,

please run a scan with Rootkit Unhooker:

Please download Rootkit Unhooker and save it to your Desktop
  • Double-click on RKUnhookerLE to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth, and uncheck the rest
  • Click OK
  • Wait until it's finished and then go to File > Save Report
  • Save the report to your Desktop
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


And a scan with Gooredfix:
Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#6 lydora

lydora
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 17 September 2010 - 08:31 AM

.

Attached Files



#7 lydora

lydora
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 17 September 2010 - 08:45 AM

Seems better now, many thanks! <3

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:43 PM

Posted 17 September 2010 - 09:33 AM

Hi,

that looks good! smile.gif Please run a scan with Eset next:
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 lydora

lydora
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 17 September 2010 - 10:55 AM

Hmm seems we may yet not be finished, Eset found 3 uncleanable trojans :S

Attached Files



#10 lydora

lydora
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 18 September 2010 - 07:33 AM

I must admit, i'm distinctly unhappy at the moment, at least yesterday I had a working computer with a virus. Now my computer won't even boot up. I didn't take any steps towards fixing those trojans (that had not been detected by countless previous scans), thinking it better for you to look at the logs 1st. My computer was working fine, i fixed the problem with the google redirect with your help, but now this morning my coputer will not even boot up, it only makes it to the "windows screen", i can select safe mode etc but again none of that works.

I'm really quiite distressed as I say I have acted on nothing but your advice and am more than a little concerned that on the strength of acting on those advices my computer seems to have copped it sad.gif

#11 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:43 PM

Posted 20 September 2010 - 08:39 AM

Hi,

I am sorry. I have been busy yesterday and couldn't get online. I see what the problem is and know how to fix it. I forgot to mention that Eset shouldn't delete the files. It confirmed the infection the suspected, but did also delete a part of it, so that it became unbootable.

This is totally fixable. It might just take a moment.

Do you have a windows CD or any other CD that will allow you to boot the PC from CD?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#12 lydora

lydora
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 20 September 2010 - 02:16 PM

Hiya,

Well therein lies the problem. I do not have a boot disk (a "proper" one).

I attempted to make a boot disk using spybot's online resources, but my attempts to boot from it proved unsuccessful. I was fairly satisfied i'd made it correctly, though of course it's always possible that i made a mistake. (I suspect in light of what you're tellng me this must be the case?)

So to all intents and purposes, no, I don't have a boot disk.

Thanks for your continued help smile.gif

#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:43 PM

Posted 20 September 2010 - 04:12 PM

Hi,

Ok, let's create a live-cd I am familiar with then, this should help us inDownload GETxPUD.exe to the desktop of your clean computer
  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.

Then do you know how to boot from the CD?

Do you know how to boot from a flash drive and if your PC supports booting from a flash drive? If so, and you don't have any CDs I could also provide you with instructions on how to create a bootable flash drive.

regads myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#14 lydora

lydora
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 20 September 2010 - 04:41 PM

Hiya, if you mean accessing the boot menu and choosing to boot from cd then yes, beyond that, no.

No idea if my pc supports booting from a flash drive but i suppose i could give it a try, since i only have dvds and no cds.

#15 lydora

lydora
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 20 September 2010 - 04:49 PM

I should add that obviously i will buy a cd to make this disc, just right now I can't since the shops are closed! tongue.gif

Edited by lydora, 20 September 2010 - 04:49 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users