Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows XP / IE 8 Redirect virus


  • Please log in to reply
1 reply to this topic

#1 utahtundra

utahtundra

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:16 PM

Posted 09 January 2011 - 11:55 PM

I have spent the better part of the weekend working on a neighbor's laptop that is about 8 yrs old and is still hanging on. He called me and said every time he tried to go to a website, it would tell him his site has been blacklisted. I tried it myself and no matter the page, I get a black and red screen that says my website has been "blacklisted" and my request is being redirected to anther site. The url shows the page I typed at the end of another url that starts out with http://blacklistsms.com. I tried the basic stuff like resetting IE 8's advanced settings, resetting the security level, making sure no unsigned ActiveX apps were allowed and nothing. So I started to scan and although I came up with a ton of trojans, tracking cookies of various threat levesl, the redirect stayed alinve. I did do a search in the registry and found a listing but it came back.

So far, I have thrown my biggest guns at it:

Malwayrebytes.org
Spybot Search and Destroy
AdAware
Emisoft A-Squarerd
PC TOOLS
Avast!
Anti-Vir
SuperAntiSpyware

I checked the hosts file and nothing there. Then I checked the msconfig and found numerous false apps starting that were unrelated. And in the middle of all this, I have had two BSODs - one for the kernal and one for a physical dump of memory. At one time, I lost the entire program menu only to find out that one of my apps had "deleted" it. So I removed Emisoft and SuperAntiSpyware and the programs menu has come back. I ran an extensive memory diag app via a dos shell booted from a disc and still nothing.

So now I am doing another thorough scan in Safe Mode in case the virus is only resident with Windows in full mode. RIght now, AdAware is coming up emtpty and next up is Emisoft and then Malwarebytes and then I am calling a night.

The laptops is a Dell Latitude D610 and is running XP SP3 with IE8. Yes, I did boot into the DELL diagnostic option and all was good.

Any ideas would be wonderful.

Thanks!

BC AdBot (Login to Remove)

 


#2 utahtundra

utahtundra
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:16 PM

Posted 10 January 2011 - 01:24 AM

Well,

Seems I answered my own questions with a little more digging. The virus I was up against was the TDL3 (alias Allueron) which affects the detection of malicious files. And there was another minor trojan working with it called rkotrig.dll that was playing havoc. And after doing some more research, I found out that an app called HitMan Pro was recommened. So I loaded it and it scanned and isolated the two and quarantined them. Upon another reboot, no more redirect and the computer was in top notch service.

Hope this helps anyone dealing with this out there.

Utahtundra




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users