Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

the dreaded redirect virus!


  • Please log in to reply
8 replies to this topic

#1 cjford

cjford

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:33 PM

Posted 05 June 2011 - 08:05 PM

I have the dreaded redirect virus that seems to be infecting everybody. I am running windows 7, and whenever I try to visit a website via search I am taken to one of a few different weird pages. The web address remains the address for the page I am trying to visit, but the page that is displayed is somethign different. if I try to refresh the page I'll get a different weird webpage (they all seem to be ads) but they go through a cycle. This happens when I search through google or yahoo. If i type a page directly, however, it will come up fine.

I have webroot antivirus with spysweeper. I have malwarebytes antimalware but I can't get it to run; I keep getting error messages. I have tried running rkill in order to get mbam to run, but when I start rkill I get a couple of error messages and then it opens and starts to run, but gets stuck at the "be patient" line. It never seems to progress past that point.

What next? Thanks in advance!

BC AdBot (Login to Remove)

 


#2 cjford

cjford
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:33 PM

Posted 06 June 2011 - 07:03 AM

also, my computer is randomly shutting itself down as well. This symptom began late last night.

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:33 PM

Posted 06 June 2011 - 07:24 AM

Please download the TDSS Rootkit Removing Tool (TDSSKiller.zip) and save it to your Desktop. <-Important!!!
Be sure to print out and follow all instructions for performing a scan or refer to these instructions with screenshots.

  • Extract (unzip) the file to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the Desktop. Vista/Windows 7 users refer to these instructions if you're unsure how to unzip a file.
  • If you don't have an extracting program, you can download TDSSKiller.exe and use that instead.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • When the program opens, click the Start Scan button.

    Posted Image
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • Any objects found, will show in the Scan results - Select action for found objects and offer three options.
  • If an infected file is detected, the default action will be Cure...do not change it.

    Posted Image
  • Click Continue > Reboot now to finish the cleaning process.<- Important!!

    Posted Image
  • If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection. Leave it as such for now.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.

-- For any files detected as 'Suspicious' (except those identified as Forged to be cured after reboot) get a second opinion by submitting to Jotti's virusscan or VirusTotal. In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 cjford

cjford
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:33 PM

Posted 06 June 2011 - 07:37 AM

:( I have tried that program a couple of times to no avail; it does not find anything.

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:33 PM

Posted 06 June 2011 - 08:29 AM

Please download and scan with the Kaspersky Virus Removal Tool from one of the links provided below and save it to your desktop.
Link 1
Link 2Be sure to print out and read the instructions provided in:How to Install Kaspersky Virus Removal Tool
How to use the Kaspersky Virus Removal Tool to automatically remove viruses
  • Double-click the setup file (i.e. setup_9.0.0.722_22.01.2010_10-04.exe) to select your language and install the utility.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If you receive a UAC prompt asking if you would like to continue running the program, you should press the Continue button.
  • At the 'Setup page', click Next, check the box 'I accept the license agreement' and click Next twice more to extract the required files.
  • Setup may recommend to scan the computer in Safe Mode. Click Ok.
  • A window will open with a tab that says Autoscan and one for Manual disinfection.
  • Click the green Start scan button on the Autoscan tab in the main window.
  • If malware is detected, you will see the Scan Alert screen.
  • Place a checkmark in the Apply to all box, and click Disinfect if the button is active.
  • After the scan finishes, if any threats are left unneutralized in the Scan window (Red exclamation point), click the Neutralize all button.
  • Place a checkmark in the Apply to all box, and click Disinfect if the button is active.
  • If advised that a special disinfection procedure is required which demands system reboot, click the Ok button to close the window.
  • In the Scan window click the Reports button, choose Critical events and select Save to save the results to a file (name it avptool.txt).
  • Copy and paste the report results of any threats detected. Do not include the longer list marked Events.
  • When finished, follow these instructions on How to uninstall Kaspersky Virus Removal Tool 2010.
-- If you cannot run this tool in normal mode, then try using it in "safe mode".


Please download aswMBR.exe and save it to your Desktop.
  • Double click on aswMBR.exe to run it. Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Scan button to start scan.

    Posted Image
  • On completion of the scan click, click the Save log button and save it to your Desktop.
  • Do not select any Fix options at this time.
  • Copy and paste the contents of that log in your next reply.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 cjford

cjford
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:33 PM

Posted 06 June 2011 - 10:22 AM

I downloaded and ran the kaspusky scan, and it did find some sort of "backdoor" file. I ran the disinfect process which included a reboot. At the reboot windows would not run; all I get is a blank screen with a cursor. That is also true in safe mode. now what? yikes!

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:33 PM

Posted 06 June 2011 - 10:43 AM

It can be difficult to determine what exactly caused this problem. Bootup failure can be due to a variety of issues to include application faults, hardware failures, loose pin connections or malware (to include attempts to remove it). The scan could have removed a critical file (patched by malware) required for booting.

Windows 7 Repair Options:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 cjford

cjford
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:33 PM

Posted 06 June 2011 - 07:06 PM

well I had to do a full recovery. bum deal but such is life! This is a NASTY virus. Fortunately I don't keep a whole lot on my hard drive, and don't have much in the way of special programs or anything like that. A full recovery from the hard drive and everything seems to be fine. Thanks for all the assistance! I hope other folks fare better with this one. I did end up getting malwarebytes to run and it did NOT find this problem, nor did my webroot. :(

#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:33 PM

Posted 06 June 2011 - 08:53 PM

Sorry to hear that but sometimes it's the best solution. In some instances an infection may have caused so much damage to your system that it cannot be successfully cleaned, repaired or trusted. The malware may leave so many remnants behind that security tools cannot find them.

To avoid something like this in the future you may want to start doing system image backups periodically.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users