Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect virus, backups and networks


  • This topic is locked This topic is locked
10 replies to this topic

#1 straightupwv

straightupwv

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:03 PM

Posted 04 October 2010 - 08:59 AM

I hope this is the correct section of the forum to post this.

To get out from under this nasty redirect virus that bunches of people here seem to have, I formatted my hard drive and reinstalled Windows XP Pro. I had backed up my important files in a single folder and transferred it to my wife's computer, which also runs XP Pro, via our home network which uses a D-Link DIR-615 router. After the formatting and the reinstall, I brought the stuff I had backed up onto my computer, again via the network. I went on line to download Mozilla Firefox from download.com so that I could download antivirus software and similar cleaning programs without having to use IE. Once I had Firefox installed and ran it, I discovered that I either still have the virus or I got it again. I installed the NoScript add-on in Foxfire and while it keeps the redirections a bay, it can be difficult for a lay person like me to understand. Plus, I still have the virus and I still may be infecting others without my knowledge.

My questions are, can this virus be lurking on the network or in my backup folder? If so, is there any way of backing things up while preventing the virus from becoming active? Is the format going deep enough? I was quite surprised to find that my audio drivers were already installed when the computer booted for the first time after the format. I have an older sound card that I dearly love and I had to locate and install the drivers for it the first time the computer ran but not after the format and reinstall. Oddly enough, I did have to reinstall the network drivers. Anyway, and and all help would be greatly appreciated. I've been here so much these last few weeks, I feel like I should pitch a tent.

An editorial comment: It's a shame that Firefox seems to have become a victim of its own popularity. I dislike IE and Google Chrome has a long way to go before it's my every day browser.

Life is too short to have anything but delusional notions about yourself.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:03 PM

Posted 04 October 2010 - 11:07 AM

Hello, reinfection is possible from the back ups.

2 guidelines/rules when backing up

1) Backup all your important data files, pictures, music, work etc... and save it onto an external hard-drive. These files usually include .doc, .txt, .mp3, .jpg etc...
2) Do not backup any executables files or any window files. These include .exe/.scr/.htm/.html/.xml/.zip/.rar files as they may contain traces of malware. Also, .html or .htm files that are webpages should also be avoided.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 straightupwv

straightupwv
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:03 PM

Posted 04 October 2010 - 12:20 PM

Hello boopme. You've helped me in the past. I only backed up mp3s, docs, txts, jpgs and bmps. From the evidence I provided, could the format be at fault? Might it not go deep enough? I was really concerned when I realized that I still had the virus and my drivers were already in place after the format.

Life is too short to have anything but delusional notions about yourself.


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:03 PM

Posted 04 October 2010 - 01:28 PM

Hello again, Yes that is also possible.
The best proceedure is a low level format. This completely wipes the drive. Then reinstall the OS.
Use the free version of Active@ KillDisk.
Or Darik's Boot And Nuke

The best sources of Information on this are
Reformatting Windows XP
Michael Stevens Tech
Windows XP: Clean Install

Of course also feel free to ask anything on this in the XP forum. They'd be glad to help.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 straightupwv

straightupwv
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:03 PM

Posted 04 October 2010 - 04:21 PM

Thank you again boopme for the help and suggestions. A low level format it is. I've already downloaded Darik's Boot And Nuke, (love the name. I also loved the reviews I read on line), and I'm in the process of backing things up again. I have the day off tomorrow so here goes. Do you want to close this thread or do you want me to report back on the outcome?

Life is too short to have anything but delusional notions about yourself.


#6 robert1957

robert1957

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Winnipeg, Manitob, Canada
  • Local time:01:03 PM

Posted 04 October 2010 - 07:13 PM

Not to butt in but is there a way to get rid of this virus without reinstalling the OS

I am running XP and Winddows 7

Rob

Edited by robert1957, 04 October 2010 - 07:14 PM.


#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:03 PM

Posted 04 October 2010 - 09:18 PM

We'd like to know all is good :thumbsup: It help me get byond insanity :flowers:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 straightupwv

straightupwv
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:03 PM

Posted 10 October 2010 - 06:55 AM

I'm back, but not without problems. Sorry it took as long as it did. As they say, God laughs while man makes plans. I downloaded Boot and Nuke 2.2.6 but it would not run after twelve failed attempts, ("configuration file not found". Their forums said to just keep trying and that it would eventually work. Wrong!). I found an older version, 1.07, at Downlaod.com and was able to run it successfully. I chose the "Autonuke" method and ran it. That may have been a mistake. When my computer booted for the first time, my drivers and other settings were in place. Not good. Plus, I'm still being redirected. This virus, malware or what ever you want to call it is just NASTY! I'm going to do the whole thing again, only this time I'll see if there's a deeper format to choose from. Maybe there's a flamethrower or sandpaper setting. I'll report back with the results of attempt #2. Explain to me if you would; just how does someone get beyond insanity?

The IT guy where my wife works suggested wiping out the personal profiles and setting up new user accounts. Have ever you heard of this method? It sure seems entirely too simple to me.

You must admit, the person who created this virus is quite good at what he does. I'd like to shake his hand and congratulate him while they're strapping him to the table for his lethal injection.

Edited by straightupwv, 10 October 2010 - 06:59 AM.

Life is too short to have anything but delusional notions about yourself.


#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:03 PM

Posted 10 October 2010 - 02:05 PM

Explain to me if you would; just how does someone get beyond insanity?

Well we had a meeting and the other 3 insige my head said we should keep it a secret :thumbsup:

The IT suggestion could be a possibility but if the MBR (master boot record) is what's infected it won't help. Probably the best thing to do now is post a DDS log and see wher the infection is and get it out safely.

We need a deeper look. Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If Gmer won't run,skip it and move on.
Let me know if that went well.


You must admit, the person who created this virus is quite good at what he does. I'd like to shake his hand and congratulate him while they're strapping him to the table for his lethal injection.

I agrre ,just be certain they didn't get the electric chair. :flowers:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 straightupwv

straightupwv
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:03 PM

Posted 11 October 2010 - 06:42 AM

I've successfully run DDS and Gmer and posted the logs at the Virus, Trojan, Spyware and Malware Removal Logs section as you suggested under the title "DDS and gmer logs as instructed by boopme". I do have another question before we close this thread. The Windows Repair Console has a FIXMBR command to rewrite the master boot record. Would doing that help at all or am I just now thinking of something that others have unsuccessfully tried in the past? I'm very good at that. I've also registered at the Boot and Nuke forum to see if I somehow messed that up or if there's a better way to run it.

On a personal note, I want to thank you for all of your help. I don't know if you'll be the person who will help me in the other section or not but I wanted to let you know how appreciative I am. I've been in the customer service industry for 26 years. You've done your best to get me out of a situation I probably put myself into and you've treated me with respect. It doesn't get any better.

Life is too short to have anything but delusional notions about yourself.


#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:03 PM

Posted 11 October 2010 - 09:25 AM

That is a possibilty ,but we have not yet confirmed an MBR infection. The DDS log review will tell you.

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

To avoid confusion, I am closing this topic.

Edited by boopme, 11 October 2010 - 09:26 AM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users