Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search redirect


  • This topic is locked This topic is locked
2 replies to this topic

#1 youronlysin

youronlysin

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Williamsburg, VA.
  • Local time:06:07 AM

Posted 29 March 2011 - 08:56 AM

I tried to follow the directions best I could, but I am having trouble getting DDS to provide me with any files. It runs and runs and I have to reboot the computer to get rid of it. Aside from disabling AVG and AdAware, I'm not sure what else I can do to make it run correctly. GMER ran fine.

My issues are search result redirects. I currently have installed AVG 2011, AdAware, hijackthis and Malwarebytes. While the spyware programs were able to find their own issues and deal with them, the redirecting issue is still present.

Currently, I have run GMER and DeFogger and also have a hijackthis log, should it be needed. Heres the GMER info:

GMER 1.0.15.15570 - http://www.gmer.net
Rootkit scan 2011-03-29 08:09:07
Windows 5.1.2600 Service Pack 2 Harddisk1\DR1 -> \Device\0000008e ST3250410AS rev.3.AAF
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fglirfod.sys


---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xB812887E]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xA3E3E6C0]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xB8128BFE]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xA3E3E770]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xA3E3E810]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xA3E3E8B0]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2788 80501678 4 Bytes CALL 9914BA60
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB54C23A0, 0x5CC259, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[1380] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 009D000A
.text C:\WINDOWS\System32\svchost.exe[1380] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 009E000A
.text C:\WINDOWS\System32\svchost.exe[1380] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 009C000C
.text C:\WINDOWS\System32\svchost.exe[1380] ole32.dll!CoCreateInstance 774FFAC3 5 Bytes JMP 00BC000A
.text C:\WINDOWS\Explorer.EXE[1992] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00BC000A
.text C:\WINDOWS\Explorer.EXE[1992] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00BD000A
.text C:\WINDOWS\Explorer.EXE[1992] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B6000C

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \FileSystem\Ntfs \Ntfs SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp Lbd.sys (Boot Driver/Lavasoft AB)

Device \Device\0000007e -> \??\IDE#DiskST3250410AS_____________________________3.AAF___#2020202020202020202020205236335946424C33#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- EOF - GMER 1.0.15 ----

I already have a post in the logs section and one of the prep. items is to run DDS and supply the resulting log. The issue I have is that DDS starts and looks like it is operating correctly, yet it never supplies a log file. In addition, I cannot close the DDS window. It will minimize, etc, and I can continue to use the computer but the program just isn't running right.

Currently, I have installed AVG 2011, AdAware, hijackthis and Malware Bytes(free). Before I run the DDS program, I disable AVG, and exit AdAware. Malware Bytes free does not provide any live operation.

Previously, I had SpyBot Search and Destroy installed but was having issues with it's TeaTimer so I uninstalled it. I can't think of anything else to disable that might be causing DDS to malfunction. I was able to get GMER to run and provide a log, hijackthis runs and provides a log as well. Anyone have any ideas?

Merged topics then posts. ~ OB

Edited by Orange Blossom, 29 March 2011 - 02:43 PM.


BC AdBot (Login to Remove)

 


#2 youronlysin

youronlysin
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Williamsburg, VA.
  • Local time:06:07 AM

Posted 03 April 2011 - 07:56 AM

Please cancel my help request. While I appreciate your help and all the work that you do, time was against me so I chose to re-image the drive.

#3 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:07 AM

Posted 03 April 2011 - 11:34 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users