Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Still redirected after format


  • Please log in to reply
1 reply to this topic

#1 ACA service

ACA service

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:33 PM

Posted 15 November 2010 - 04:50 PM

Hello all, long time viewer here, not (m)any posts. Most of the time our 2-man team is able to figure out our problems on our own, with the help of a tool or two, like rkill and MAM. Still we lurk here for specific tips and just to see what the current procedures are, in case we miss something.

With that said, we've run into a bit of a pickle. Thankfully this wasn't a critical system, or even one that had data we had to worry about. We started getting redirected to random web sites every time we clicked a link, using both IE and Firefox. After our standard gauntlet of cleaning tools, and a good look at the HJT log, it seemed to be clean, but we still got redirected on EVERY link we clicked.

Not wanting to waste time trying to clean an infected system, we tried a format/reinstall. Still got redirected. Then my partner here got a little frustrated. He turned off the modem and router, erased all the partitions on the drive, erased and re-created the MBR, and then used a tool to write zeros to the drive. Then he powered everything off, disconnected the hard drive, and flashed the bios to the latest version.

Then he reconnected the hard drive, and did a clean install of Windows 7 32-bit using the Dell disk that came with the system. On the first boot, the start page was Dell's MSN page. He clicked the address bar and entered "www.google.com", google's page came up, and he searched "combofix". Then clicked the link to "A guide and tutorial on using ComboFix", and was redirected to some survey site. Subsequent searches were all re-directed to somewhere else.

This one has us perplexed. Where could the problem be coming from? The router it's behind is a Linksys WRT54G. The Windows 7 firewall is on. Nothing was installed. After this, we installed MWB, but it wouldn't let us update. We ran rkill, and it showed nothing. We did a full scan with the Trend Internet Security that we bought, and it comes back clean. We checked the hosts file, looks normal.

Any help would be appreciated, the only problem is I don't currently have direct access to the machine. Any requested logs or scans will take a couple of days to get back, but we're not that concerned with having someone fix it for us, we'd rather know if anyone has ever seen this type of behavior, and if so, what was the cause.

Thanks!

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,112 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:06:33 PM

Posted 15 November 2010 - 09:16 PM

Hello,

I consulted with one of our malware removal team members who states that you need to reset the router to factory settings. That is where the problem is.

Once you have done that, you need to create a new strong password for the router.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.


animinionsmalltext.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users