Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

New rootkit re-direct virus


  • This topic is locked This topic is locked
4 replies to this topic

#1 refman

refman

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:52 AM

Posted 12 October 2010 - 12:55 PM

One of my users has been hit with the new re-direct virus and/root kit going around. I've tried gmer's mbr and malwarebytes but no luck. Attached is a combo fix log.

Thanks,
-Ref

Attached Files



BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:03:52 AM

Posted 20 October 2010 - 03:44 PM

Hello refman ,

Posted Image

Sorry for the delay. :( If you still need help, please post a new DDS/HijackThis log and I'll be happy to look at it. :) I also need to see the original ComboFix log, since you've run it a few times now. <_<

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 refman

refman
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:52 AM

Posted 20 October 2010 - 04:05 PM

Thanks, tea. I got it cleaned up. It was a matter of figuring out which rootkit it was.

-refman

Hello refman ,

Posted Image

Sorry for the delay. :( If you still need help, please post a new DDS/HijackThis log and I'll be happy to look at it. :) I also need to see the original ComboFix log, since you've run it a few times now. <_<

Thanks,
tea



#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:03:52 AM

Posted 20 October 2010 - 04:34 PM

Thank you for letting me know. :thumbup2: Yep, real dooooooozy you had there.

Take care,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:03:52 AM

Posted 25 October 2010 - 04:21 PM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users