Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Browser Redirect / Koobface Worm Removal

  • Please log in to reply
1 reply to this topic

#1 Tom King

Tom King

  • Members
  • 2 posts
  • Local time:11:58 AM

Posted 13 November 2010 - 02:22 AM

Here's the problem...

I've got a Gateway E-3600 with a 128 GB IDE boot drive and a SATA 300GB data drive and 1GB of RAM

I've set up a wireless network with two laptops and a desktop on the wireless network and the Gateway hardwired into the wireless router.

I picked up the Koobface worm by accidentally clicking on the damned "Update Flash Player" link on an e-mail from a friend. I didn't meant to do it and when I realized what it was doing I shut down the computer at the switch - but apparently not before it finished installing the worm.

I ran a MacAffee scan and Advanced System Care Pro scan but wasn't able to clear the worm. Downloaded Malwarebytes Anti-Malware tool. and did a scan. It eliminated a list of trojans related to the Koobface worm. When i rebooted everything seemed fine, but after a while, it started redirecting again.

I'm rerunning Malwarebytes again disconnected from the Internet. After I eliminate the reinstalled Trojans, I intend to reboot off-line and see if I can find the sneaky little program that keeps resetting the redirect worm on my browsers. I also have Emisoft Hijackfree and A2 Free hijack software, but don't know how to use them effectively. I plan to run Glary and Advanced System Care Pro's registry cleaners before rebooting. Don't know if that will work, but if you have any ideas about what I should do further let me know. I know there's some nasty little worm buried on my hard drive, but haven't the skills to find it nor the cash to pay a pro to fix it.

Any help would be appreciated. I don't think my skills are sophisticated enough to handle Combofix or manually piddling around in the registry without some supervision. If I have to, I'll take a shot, but please make the instructions as clear as you can and please don't skip steps.

Tom King - Tyler, TX

Edited by hamluis, 13 November 2010 - 08:52 AM.
Moved from XP to Am I Infected ~ Hamluis.

BC AdBot (Login to Remove)


#2 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 52,098 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:58 PM

Posted 13 November 2010 - 08:56 AM

Please download the TDSS Rootkit Removing Tool (TDSSKiller.zip) and save it to your Desktop. <-Important!!!
Be sure to print out and follow all instructions for performing a scan or refer to these instructions with screenshots.
  • Extract (unzip) the file to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the Desktop. Vista/Windows 7 users refer to these instructions if you're unsure how to unzip a file.
  • If you don't have an extracting program, you can download TDSSKiller.exe and use that instead.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • When the program opens, click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure is selected, then click Continue > Reboot now to finish the cleaning process.<- Important!!
    Note: If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.

-- For any files detected as 'Suspicious' (except those identified as Forged to be cured after reboot) get a second opinion by submitting to Jotti's virusscan or VirusTotal. In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.

Please download Norman Malware Cleaner and save to your desktop.
alternate download link
If you previously used Norman, delete that version and download it again as the tool is frequently updated!
  • Be sure to read all the information Norman provides on that same page.
  • Double-click on Norman_Malware_Cleaner.exe to start. Vista/Windows 7 users right-click and select Run As Administrator.
    The tool is very slow to load as it uses a special driver. This is normal so please be patient.
  • Read the End User License Agreement and click the Accept button to open the scanning window.
  • Click Start Scan to begin.
  • In some cases Norman Malware Cleaner may require that you restart the computer to completely remove an infection. If prompted, reboot to ensure that all infections are removed.
  • After the scan has finished, a log file a log file named NFix_date_time (i.e. NFix_2009-06-22_07-08-56.log) will be created on your desktop with the results.
  • Copy and paste the contents of that file in your next reply.
-- Note: If you need to scan usb flash drives and/or other removable drives, use the Add button to browse to the drives location, click on the drive to highlight and choose Ok.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users