Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect Virus On Network PCs


  • Please log in to reply
4 replies to this topic

#1 Tiggzmeister

Tiggzmeister

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:47 AM

Posted 14 May 2011 - 04:06 PM

This isn't my first (virus) rodeo, but I could use some advice. Every computer on my home network seems to have a redirect virus. On top of that, none of us can get into our gmail, google calendar, or access any google sites either.

I tried fixing the desktop (which the router is connected to) first. I tried running MalwareBytes, Avast!, tdsskiller, and others to no avail. None of them found any viruses or malware. Finally, I disconnected the router, connected the desktop directly to the modem, and ran Spybot S&D which did find problems. I fixed them and for a few hours, everything worked great. Until I plugged the router back in so I could download spybot to the laptops.

Now the desktop has the virus again. Could my laptops have infected the desktop again over the network? I did manage to get spybot on all the laptops; I'm thinking I'll disconnect the router again and run spybot on all the computers again to see if that helps. Any other thoughts?

One virus on one computer, I can handle. One on three different computers is frustrating me.

Thanks :)

BC AdBot (Login to Remove)

 


#2 coles1mom

coles1mom

  • Members
  • 212 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:47 AM

Posted 14 May 2011 - 05:58 PM

Hi Tiggzmeister,

See boopme's post #2 http://www.bleepingcomputer.com/forums/topic396069.html

#3 Tiggzmeister

Tiggzmeister
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:47 AM

Posted 15 May 2011 - 10:03 PM

Hi Tiggzmeister,

See boopme's post #2 http://www.bleepingcomputer.com/forums/topic396069.html


Thank you for your reply.

Unfortunately I have tried that, twice, and the problem keeps coming back. :(

ETA: It certainly does sound like a DNS trojan. I'm just shocked as I've never kept the default username and password.

Edited by Tiggzmeister, 15 May 2011 - 10:07 PM.


#4 Tiggzmeister

Tiggzmeister
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:47 AM

Posted 22 May 2011 - 07:40 PM

I just wanted to clarify that when I reset my router to factory settings, the problem goes away for a an hour or so and all is well. But then it comes back.

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,566 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:47 AM

Posted 23 May 2011 - 12:59 PM

Hello let's also do this
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.5.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these[/color] instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.


Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, [color="#8B0000"]Post new scan log
and Reboot into normal mode.

Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users