Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Just in Time Debugger and Browser Redirect


  • Please log in to reply
1 reply to this topic

#1 agilulf

agilulf

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:02:16 AM

Posted 12 January 2011 - 10:06 AM

Hello,

Just returned to work today and it looks like one of our accounting PCs has some kind of infection. The user started getting the Just in Time debugger popups yesterday and it also appears that there is some kind of browser redirect going on Please let me know where to start or what I should do.

I am thinking of backing up the users data and wiping the PC, but I would like to know what happened to see if there is a better way to prevent this from re-occurring.

Thanks.

I ran a scan with malwarebytes but it was in safe mode with networking.

This PC has windows XP with SP3, and looks to be up to date with updates.
I am going to try using system restore, but I am worried about root kits or malware that might slip through detection.

Edited by agilulf, 12 January 2011 - 10:15 AM.


BC AdBot (Login to Remove)

 


#2 agilulf

agilulf
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:02:16 AM

Posted 12 January 2011 - 10:43 AM

Ran system restore and browser redirect appears to be fixed, but just out of curiousity rand TDSSKiller and it found and cured Rootkit.Win32.TDSS.tdl4

I would like to backup all of the users data and then delete the drive partition and then reformat and reinstall OS, but how can I be sure that there isn't something in memory or the boot sector, that won't come back?

I found MBRCheck and ran that and it looks like the Master Boot Record is okay

Edited by agilulf, 12 January 2011 - 11:26 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users