Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


how doi deal with a redirecting virus????please help

  • Please log in to reply
2 replies to this topic

#1 lulolias


  • Members
  • 31 posts
  • Local time:10:07 AM

Posted 15 May 2011 - 06:07 AM


i have a virus that redirects to to spampages on google and other searchengines...and also sometimes when i mon my normal pages.

i have ran malwarebytes , but it didnt help...it is still the same.

can someone pls helpme...i am starting to get despearet since i cant use my internet anymore...

this is what i got from my malware:

Malwarebytes' Anti-Malware

Database version: 6582

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

5/15/2011 5:53:52 PM
mbam-log-2011-05-15 (17-53-52).txt

Scan type: Full scan (C:\|)
Objects scanned: 230595
Time elapsed: 1 hour(s), 46 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 4
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\WINDOWS\system32\0F6226 (Worm.AutoRun) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\5A8DCC (Worm.AutoRun) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\76682F (Worm.AutoRun) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\ACF7EF (Worm.AutoRun) -> Quarantined and deleted successfully.

Files Infected:
c:\WINDOWS\system32\5A8DCC\dp1.fne (Worm.Autorun) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\5A8DCC\HtmlView.fne (HackTool.Patcher) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\5A8DCC\internet.fne (HackTool.Patcher) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\5A8DCC\krnln.fnr (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\5A8DCC\RegEx.fnr (Worm.AutoRun) -> Quarantined and deleted successfully.
c:\documents and settings\Anny\start menu\Programs\Startup\74BE16.lnk (Worm.AutoRun) -> Quarantined and deleted successfully.

thank u guys:)

BC AdBot (Login to Remove)


#2 coles1mom


  • Members
  • 212 posts
  • Gender:Female
  • Local time:11:07 AM

Posted 16 May 2011 - 08:26 AM

Hi lulolias,

Try this for your redirects http://www.bleepingcomputer.com/virus-removal/remove-tdss-tdl3-alureon-rootkit-using-tdsskiller
Then run malwarebytes again.

#3 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 51,768 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:07 AM

Posted 16 May 2011 - 12:35 PM

Before doing anything if you have not already done so, you should back up all your important documents, personal data files and photos to a CD or DVD drive as some infections may render your computer unbootable during or before the disinfection process. The safest practice is not to backup any files with the following file extensions: exe, .scr, .ini, .htm, .html, .php, .asp, .xml, .zip, .rar, .cab as they may be infected.
After running TDSSKiller, a log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:). Copy and paste the contents of that file in your next reply.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users