Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google re-direct virus Win XP


  • This topic is locked This topic is locked
6 replies to this topic

#1 badflash

badflash

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:37 PM

Posted 12 December 2010 - 03:32 PM

I got hit and help so far on this forum hasn't fixed it. I ran the standard tools (MBAM, TDSKILLER), and the problem was fixed until I rebooted. Looks like it can re-infect that way.

Files are attached per steps 6-9 "Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help" per Boopme's direction. steps 6-9 were performed as directed. The GMER Log is taking a long time, so I will post it when complete.Attached File  Attach.txt   14.51KB   1 downloadsAttached File  DDS.txt   11.2KB   2 downloads

BC AdBot (Login to Remove)

 


#2 badflash

badflash
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:37 PM

Posted 12 December 2010 - 07:01 PM

The GMER Log is a no go. The 1st run resulted in the computer locking up. I re-booted and now as soon as I start it, windows halts and I get a blue screen saying windows was halted to prevent damage to my computers and a bunch of technical stuff I don't understand.

I'll try a MBAM full scan and see if it finds anything.

#3 badflash

badflash
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:37 PM

Posted 12 December 2010 - 08:44 PM

In the google forum they said that upgrading to IE8 would fix it. It didn't.

#4 badflash

badflash
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:37 PM

Posted 12 December 2010 - 09:49 PM

Another google entry said that HITMAN Pro would fix it.
My computer is now dead. I can't boot into windows at all.
I get a BSOD with the message
STOP: c000021a {Faltal System Error}

#5 badflash

badflash
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:37 PM

Posted 13 December 2010 - 09:27 PM

One of the files that HITMAN PRO killed was c:\windows\explorer.exe

After it ran I started getting pop-ups from AVG saying that it was quarantining kb.dll virus trojan horse patched_c.jyp

It did this over & over again until the computer crashed. Now the PC won't boot, even into safe mode command prompt only.

Is there a way I can boot from a floppy or CD and put a good copy of these files back?

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:37 AM

Posted 19 December 2010 - 06:37 PM

Hi,

yes there is:

Try this please. You will need a USB drive. Download http://unetbootin.sourceforge.net/unetbootin-xpud-windows-latest.exe & http://noahdfear.net/downloads/bootable/xPUD/xpud-0.9.2.iso to the desktop of your clean computer
  • Insert your USB drive
  • Press Start > My Computer > right click your USB drive > choose Format > Quick format
  • Double click the unetbootin-xpud-windows-387.exe that you just downloaded
  • Press Run then OK
  • Select the DiskImage option then click the browse button located on the right side of the textbox field.
  • Browse to and select the xpud-0.9.2.iso file you downloaded
  • Verify the correct drive letter is selected for your USB device then click OK
  • It will install a little bootable OS on your USB device
  • Once the files have been written to the device you will be prompted to reboot ~ do not reboot and instead just Exit the UNetbootin interface
  • After it has completed do not choose to reboot the clean computer simply close the installer
  • Next download http://noahdfear.net/downloads/driver.sh to your USB
  • Remove the USB and insert it in the sick computer
  • Boot the Sick computer
  • Press F12 and choose to boot from the USB
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your had drive (sda1 ?)
  • Look for Winlogon.exe and explorer.exe in the system32 and windows folder. Let me know if one or both are missing.
  • Click on the folder that represents your USB drive (sdb1)
  • Confirm that you see the driver.sh that you downloaded there
  • Press Tool at the top
  • Choose Open Terminal
  • Type bash driver.sh -f
  • Press Enter
    You will be prompted to input a filename.
    Type the following:
    Explorer.exe
    the script will search for this file.
  • After it has finished a report will be automatically saved to the USB drive as filefind.txt
  • locate this file and right click it > choose rename > rename it to explorer.txt
  • Repeat the same for winlogon.exe

  • Remove the USB drive and insert back in your working computer and navigate to explorer.txt and winlogon.txt Please note - all text entries are case sensitive
Copy and paste the reports for my review

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:37 AM

Posted 27 December 2010 - 07:46 AM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users