Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect virus I can't get rid of


  • Please log in to reply
14 replies to this topic

#1 ffltstn

ffltstn

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 17 September 2010 - 12:14 PM

I have managed to download a redirect virus that I can not seem to get rid of. I am using XP pro, and IE8. After doing a search if I click on a link it "sometimes" will redirect me. If I back up I can usually reclick and go to correct site. I have run all the usual, Malwarebtyes, avg, symantec, CCleaner. When I run combofix it comepletes step 50 then crashed the computer, which comes back up with a critcal recovery error wanting me to report it to MS. I have Run highjackthis and have the log. Tell where to go from here and i will post whatever you need.
Thanks,
Ken

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,440 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:08 AM

Posted 17 September 2010 - 03:12 PM

Hello as you have have already run CombFix...
Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If Gmer won't run,skip it and move on.
Include your ComboFix scan log.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 ffltstn

ffltstn
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 18 September 2010 - 01:30 PM

As I stated combofix runs thru step 50 then crashes, so where do i start?

Edited by ffltstn, 18 September 2010 - 01:30 PM.


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,440 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:08 AM

Posted 18 September 2010 - 03:04 PM

OK,please do not run and post a ComboFix log. ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer.

Please run the tool here How to remove Google Redirects

When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 ffltstn

ffltstn
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 18 September 2010 - 10:47 PM

OK TDSSKiller did not find anything and therefore did not make a log to post. MBAM you said to run in normal mode the reboot to normal mode?? I ran it in normal mode and it too did not find anything her is the MBAM log.
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 4650

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

9/18/2010 11:45:03 PM
mbam-log-2010-09-18 (23-45-03).txt

Scan type: Quick scan
Objects scanned: 180016
Time elapsed: 13 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,440 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:08 AM

Posted 19 September 2010 - 02:12 PM

Hello. A question.... Did you type this part
Malwarebytes' Anti-Malware 1.45

As MBAM is at 1.46 and your database seems correct.

Looks like we will need to do the prep guide after all.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 ffltstn

ffltstn
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 19 September 2010 - 04:29 PM

no I did not type that part. I had MBAM on computer all ready. I will delete and redown load. If log coms back different i will post it. What is the prep guide?

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,440 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:08 AM

Posted 19 September 2010 - 06:51 PM

The one in post 2,especially if some malware has altered your MBAM version.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 ffltstn

ffltstn
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 19 September 2010 - 08:40 PM

OK uninstalled 1.45, downloaded and ran MBAM 1.46 Did not find anything. reran TDSSKiller it did not find anything. Here Is MBAM log. What next?



Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4653

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

9/19/2010 9:36:59 PM
mbam-log-2010-09-19 (21-36-59).txt

Scan type: Quick scan
Objects scanned: 201776
Time elapsed: 10 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,440 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:08 AM

Posted 19 September 2010 - 08:57 PM

If still redirecting>>>
Change your DNS Servers:
  • Go to Posted Image > Run... and in the open box, type: cmd
  • Press OK or Hit Enter.
  • At the command prompt, type or copy/paste: ipconfig /flushdns
  • Hit Enter.
  • You will get a confirmation that the flush was successful.
  • Close the command box.
If the above commands did not resolve the problem, the next thing to try is to reset your network settings and Configure TCP/IP to use DNS.
  • Go to Posted Image > Control Panel, and choose Network Connections.
  • Right-click on your default connection, usually Local Area Connection or Dial-up Connection if you are using Dial-up, and and choose Properties.
  • Double-click on Internet Protocol (TCP/IP) or highlight it and select Properties.
  • Under the General tab, write down any settings in case you should need to change them back.
  • Select the button that says "Obtain an IP address automatically" or make sure the DNS server IP address is the same as provided by your ISP.
  • Select the button that says "Obtain DNS servers automatically".
  • If unknown Preferred or Alternate DNS servers are listed, uncheck the box that says "Use the following DNS server address".
  • Click OK twice to get out of the properties screen and restart your computer. If not prompted to reboot go ahead and reboot manually.
-- Vista users can refer to How to Change TCP/IP settings

CAUTION: It's possible that your ISP (Internet Service Provider) requires specific DNS settings here. Make sure you know if you need these settings or not BEFORE you make any changes or you may lose your Internet connection. If you're sure you do not need a specific DNS address,
then you may proceed.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 ffltstn

ffltstn
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 20 September 2010 - 04:16 PM

OK will try it. Nope didn't fix it.
Thanks,
Ken

Edited by ffltstn, 20 September 2010 - 06:07 PM.


#12 ffltstn

ffltstn
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 21 September 2010 - 05:29 PM

OK now what?

#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,440 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:08 AM

Posted 21 September 2010 - 07:46 PM

Ken I believe your router has been infected.
Update MBAM (below) Do not run yet.

Next you must reset the router to its default configuration. This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds). If you donít know the router's default password, you can look it up HERE.

However, if there are other infected machines using the same router, they will need to be cleared with the above steps before resetting the router. Otherwise, the malware will simply go back and change the router's DNS settings. You also need to reconfigure any security settings you had in place prior to the reset. Check out this site HERE for video tutorials on how to properly configure your router's encryption and security settings. You may also need to consult with your Internet service provider to find out which DNS servers your network should be using.

Once you have ran Malwarebytes' Anti-Malware on the infected system, and reset the router to its default configuration you can reconnect to the internet, and router.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 ffltstn

ffltstn
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 23 September 2010 - 12:16 PM

I tried the router reset and ran mbam but still had it. I ran Ad-aware and it found something then my symantec found something in a restore file on another partition. It seems to be gone now, haven't been redirected all day. Thanks for your help.
Ken

#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,440 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:08 AM

Posted 23 September 2010 - 01:32 PM

Excellent.. In case there are still some in the restore Points.. Now you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista and Windows 7 users can refer to these links: Create a New Restore Point in Vista or Windows 7 and Disk Cleanup in Vista.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users