Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows XP Recovery and Google re-directs


  • Please log in to reply
1 reply to this topic

#1 aeavey

aeavey

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 31 May 2011 - 11:17 PM

I have an XP machine that is infected by the Windows XP Recovery virus and has the Google redirect issue. I have been able regain control of the machine and temporarily shut down the self starting virus. I have downloaded the Rkill and been able to run it with no processes found. I have not been able to update or even reach the Malwarebytes site before being redirected. I can run the existing old copy on the machine currently but it does not solve the problem. So, I downloaded and transfered the TDSSKiller file from another machine to this one but can not run it. does anyone know what I can do from this point forward?

Thanks, Andy

Edited by hamluis, 02 June 2011 - 01:24 PM.
No logs, moved from MRl to AII.


BC AdBot (Login to Remove)

 


#2 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:03:18 PM

Posted 05 June 2011 - 06:42 PM

Hi aeavey,

:welcome: to BleepingComputer. Sorry for the delay. My name is Jason, and I'll be helping you. You can call be by my screename jntkwx or Jason is fine.

:step1: Let's try rebooting into Safe Mode.
This can be done tapping the F8 key as soon as you start your computer
You will be brought to a menu with several options. Press the arrow keys until Safe Mode with Networking is selected. Press Enter. Please see here for additional details.

:step2: Once in Safe Mode with Networking, try running TDSSKiller. If you cannot run it, please describe how it is unable to run.

:step3: To manually update Malwarebytes, try updating Malwarebytes on your clean computer to the latest database version, and then copy the latest rules.def file from the clean computer to your infected computer using a USB key or CD. On Windows XP, it's located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\ On Windows Vista and Windows 7, it's located in C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\ Replace the existing file on your infected computer.

:step3: Try running a Full Scan with the updated Malwarebytes' and remove any infections it finds. Restart your computer if prompted to do so. Please post the Malwarebytes' log in your reply.

:step4: Download Unhide.exe

Once the program has been downloaded, double-click on the Unhide.exe icon on your desktop and allow the program to run. This program will remove the +H, or hidden, attribute from all the files on your hard drives. If there are any files that were purposely hidden by you, you will need to hide them again after this tool is run.


In your next reply, please include:
  • Malwarebytes' log file
  • How's the computer running now?

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users