Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Redirector (without broswer running) and audio ads

  • Please log in to reply
2 replies to this topic

#1 nummmnut


  • Members
  • 2 posts
  • Local time:07:44 AM

Posted 14 April 2011 - 08:56 AM

It appears I have a computer that has joined the bandwagon of getting infected regardless to the protection software running on board. To start off with the computer had an issue where it stated it was having SATA HDD drive issues and to run a Windows repair, and all the programs and files on the computer were hide. Luckly I was able to get around this by using unhide.exe and moving some data off to an empty jump drive so it became possible to do a system restore to a much earlier date (reason for moving data off is that the infection filled 95% of the HDD or faked it)... This was successful so the system is bootable and able to be remote managed...

Currently I have Symantec Endpoint 11 unmanaged installed and blocking explorer.exe attempts to go ontact spam IP addresses and Malewarebytes Pro (this program's auto protection service shuts off on reboot due to the infection).

Infection started 4/12/2011 - 4/13/2011

**Detail of infection as it is now: On Google and Yahoo any link you go to from a search goes off to spam sites... Also without having a broswer open explorer.exe tries to contact spam IP addresses constantly... Also audio ad/streams randomly play in the background constantly.**

**Things done: Ran RKILL.exe and unhide.exe so I could migrate enough data to free up space for a System Restore (to a far point so the infection will not be freed by system restore alone). Also ran several scans from Symantec Endpoint, malewarebytes, hijackthis, and RootkitBuster. The anti-virus and spyware come up clean with no infection, but this is false. Flushed DNS and manually changed DNS on the router to an OpenDNS. This is the only computer connected to the router that has a problem. Hosts file were deleted as they were filled with spam sites... the file is stable now and normal.**

**Additional: The SATA HDD alerts were false and caused by the infection... the computer has SSD devices, so hard drive failure would be rare... plus all reports now report back that the device is healthy. **
Any help would be lovely and I do have all the software downloaded and ready to go for the logs you might need.

(Also I will be monitoring this thread closely and should be very fast on turn around)

Thank you in advance.

Edited by Budapest, 14 April 2011 - 06:08 PM.
Moved from Virus, Trojan, Spyware, and Malware Removal Logs ~Budapest

BC AdBot (Login to Remove)


#2 Budapest


    Bleepin' Cynic

  • Moderator
  • 23,579 posts
  • Gender:Male
  • Local time:11:44 PM

Posted 14 April 2011 - 06:08 PM

Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 nummmnut

  • Topic Starter

  • Members
  • 2 posts
  • Local time:07:44 AM

Posted 14 April 2011 - 07:18 PM

Thank you guys/gals for your time...

I have already gone ahead and did a destructive format. Sadly I was under a tight time frame, which is no fault of you all...

Mod please go ahead and close the thread.

Thank you.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users