Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware remnants--browser redirects and Windows Update funnies


  • Please log in to reply
1 reply to this topic

#1 MysticCobra

MysticCobra

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:46 PM

Posted 22 April 2011 - 12:35 AM

Visiting my sister's house for Easter, I thought I'd do some routine maintenance on her PC (running WinXP Pro SP3, 32-bit). Automatic Windows Updates were not enabled, so I went to the Windows Update site and after 2 or 3 cycles (including at least one reboot), had all the applicable patches installed. After all patches were installed, I turned on Automatic Windows Updates. Finally, I tried to go to the Microsoft Security Essentials site to install that, but got redirected to some off-brand search site.

Uh oh!

Tried to Google MSE and open various links from www.microsoft.com, but all were redirected.

Downloaded MalwareBytes on a 2nd, uninfected computer, carried that to the infected machine and tried to install it. Got the classic "What program do you want to use to open this file with?" problem. Searched Google on the uninfected machine, found a registry edit to solve the "can't launch .exe files" problem, and successfully ran MalwareBytes. It found some problems, I asked it to repair them, and crossed my fingers that everything would be okay.

Unfortunately, it's not. I have noticed the following problems so far:
  • Firefox is still being redirected.
  • IE doesn't seem to be getting redirected, but the Windows Update site does not respond correctly. It asks if I want to turn on Automatic Windows Updates, even though if I go to Control Panel > System > Austomatic Updates, "Automatic" is checked.
  • When I go to the Windows Update page and try to "Upgrade to Microsoft Update", the install fails with error 0x8007024

I was eventually able to install MSE and run a Quick Scan, but it did not resolve the issues. I tried to run the Kaspersky Online Scanner v7 (in both Firefox and IE), but it failed with the error "License has expired".

Could someone please help me stamp out these last malware remnants?

Thank you,
Jim

BC AdBot (Login to Remove)

 


#2 MysticCobra

MysticCobra
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:46 PM

Posted 22 April 2011 - 10:05 AM

After digging some more this morning, I realized the problem was the TDSS rootkit, and MalwareBytes had not completely cured it. Following the advice in the "Browser Hijacked" thread on this forum, I ran the Kaspersky TDSS removal tool, which identified the TDSS infection and cured it. That solved the browser redirect issues.

I still had the problem with the MS Update not working properly, and the disconnect between various bits of Windows thinking I had not enabled Automatic Updates when I had. Via some Google searching, I found a suggestion to re-register the wuaueng.dll (Start>Run "regsvr32 wuaueng.dll"). After doing this, visiting the Windows Update site gets me the Microsoft Update service, and it also correctly reports that Automatic Updates are enabled.

My sister's computer appears to be back in business. I'm now running deep scans using MalwareBytes and MS Security Essentials to get some confidence that it's okay.

Jim




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users