Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirecting virus for IE and Firefox


  • This topic is locked This topic is locked
33 replies to this topic

#1 jezabelle

jezabelle

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:35 AM

Posted 15 November 2010 - 09:22 PM

Recently I have encountered this very annoying problem where every single link I click on or try to open in a new tab is redirected to a variety of websites. However, if I copy and paste the link, it works fine. I have tried doing a system restore, but that has not helped the problem and it has gotten much worse. This all started with random popups in new tabs and seems to have steadily gotten worse over the past couple of weeks. Also, I have noticed that when I click on the Firefox and IE icons in the taskbar, they often do not start, but they do show up in the task manager, but they just use very little memory. Also, the task manager does not have any tabs at the top, so it's stuck on the processes section. I have run SUPER Antispyware and Malwarebytes, but they have not come up with anything. I do a lot of research, so not being able to open links from Google is rather crippling, so I would appreciate help ASAP.

I saw the guidebook for posting, and I've attached the 2 files as instructed, but GMER does not have a 64 bit version, so I clearly have not attached that.

Thank you!

Attached Files


Edited by jezabelle, 16 November 2010 - 08:50 AM.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:35 PM

Posted 23 November 2010 - 09:07 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 jezabelle

jezabelle
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:35 AM

Posted 24 November 2010 - 12:21 AM

I'm here! Thanks for your help!

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:35 PM

Posted 24 November 2010 - 11:57 AM

Please run TDSSKiller and MBRCheck, we are looking for rootkit activity here

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\


Then


Please download MBRCheck to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log when you reply.
Posted Image
m0le is a proud member of UNITE

#5 jezabelle

jezabelle
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:35 AM

Posted 24 November 2010 - 01:32 PM

So I ran the TDSS Killer, and my selected reboot now, but my computer won't reboot and I'm having a panic attack. I finished about 5 hours worth of work last night at 3am and didn't have a chance to back it up, so I would be incredibly upset if this completely screwed up my computer. When I turn it on, the blue screen of death quickly flashes, then windows appears to try to start normally, but a screen comes up that says windows failed to start. I tried running the startup repair, but that didn't do anything, so I opted to restore the computer, but every restore I try fails, so I'm at a complete loss at what to do except for wipe the hard drive, which really is the worst option imaginable at this point in time. I would really appreciate your timely help in this situation.

#6 jezabelle

jezabelle
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:35 AM

Posted 24 November 2010 - 01:40 PM

Also, the only thing I can access is a box called System Recovery Options, which are Startup Repair, which failed, System Restore, which failed at both the restore points I tried, System Image Recovery, but I don't have an image, Windows Memory Diagnostic which I am running now, but extremely doubtful it will help, and something like Command Prompt or Command Box, which I have no idea what to do with.

#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:35 PM

Posted 24 November 2010 - 01:45 PM

Don't panic, what I thought you have has now been confirmed and this (TDSS) will stop you booting your PC.

We do need to access the PC but now we have to do it outside of the normal operating system.

Download http://unetbootin.sourceforge.net/unetbootin-xpud-windows-latest.exe & http://noahdfear.net/downloads/bootable/xPUD/xpud-0.9.2.iso to the desktop of your clean computer
  • Insert your USB drive
  • Press Start > My Computer > right click your USB drive > choose Format > Quick format
  • Double click the unetbootin-xpud-windows-387.exe that you just downloaded
  • Press Run then OK
  • Select the DiskImage option then click the browse button located on the right side of the textbox field.
  • Browse to and select the xpud-0.9.2.iso file you downloaded
  • Verify the correct drive letter is selected for your USB device then click OK
  • It will install a little bootable OS on your USB device
  • Once the files have been written to the device you will be prompted to reboot ~ do not reboot and instead just Exit the UNetbootin interface
  • After it has completed do not choose to reboot the clean computer simply close the installer
  • Next download http://noahdfear.net/downloads/driver.sh to your USB
  • Remove the USB and insert it in the sick computer
  • Boot the Sick computer
  • Press F12 and choose to boot from the USB
  • Follow the prompts
  • A Welcome to xPUD screen will appear

When that happens then let me know.
Posted Image
m0le is a proud member of UNITE

#8 jezabelle

jezabelle
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:35 AM

Posted 24 November 2010 - 02:02 PM

I did everything you said, but when I press F12, nothing happens. Is there a specific time I should be pressing it?

#9 jezabelle

jezabelle
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:35 AM

Posted 24 November 2010 - 03:01 PM

To clarify, when I boot my computer, it goes straight to a screen that asks me either to start windows normally or to run startup repair. If I start windows normally, it eventually just loops around to the first screen again. I've tried pressing F12 during all points of the start up when I select both start windows normally and after I run the startup repair.

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:35 PM

Posted 24 November 2010 - 04:38 PM

When you start the PC the first screen you see (the splash screen) should be when you press F12. Tap it more than once to make sure. Are you saying that when you boot it goes straight to a blak screen with the two options?
Posted Image
m0le is a proud member of UNITE

#11 jezabelle

jezabelle
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:35 AM

Posted 24 November 2010 - 05:03 PM

First I get the HP logo, then it immediately goes to the Windows Error Recovery screen with the two options. If I select Start Windows Normally, I get the loading screen for windows that says starting up, then it freezes and it goes back to the black screen with the two options and says that Windows failed to start normally.

#12 jezabelle

jezabelle
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:35 AM

Posted 24 November 2010 - 05:05 PM

Ok, I tried it again, this time tapping F12 at the splash screen. The laptop tries to start up normally, so it goes to the windows loading screen, skipping the black screen with the two options, but then the screen freezes, a blue screen flashes for a second, and then it goes back to the black screen with the two options.

#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:35 PM

Posted 24 November 2010 - 05:06 PM

Cross-posting.

Have you got a reinstallation or repair disk for the laptop?

Edited by m0le, 24 November 2010 - 05:07 PM.

Posted Image
m0le is a proud member of UNITE

#14 jezabelle

jezabelle
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:35 AM

Posted 24 November 2010 - 05:07 PM

I've done that, and that's when it skips the black screen and tries to start normally, but then it fails.

#15 jezabelle

jezabelle
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:35 AM

Posted 24 November 2010 - 05:08 PM

I tried it a few times again, and this time it goes from the HP screen to the black screen even when I tap F12 at the HP screen repeatedly, so I have no idea what the deal with that is.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users