Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirecting virus


  • Please log in to reply
7 replies to this topic

#1 OhSHIZZZ

OhSHIZZZ

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:31 AM

Posted 06 June 2011 - 03:17 PM

I got the redirecting virus from Windows XP Recovery. I've thus far removed Windows XP Recovery from my computer, but theredirecting virus stays. I tried Malwarebytes, Avira, and HijackThis. None of them seem to work. Right now I'm running Super AntiSpyware. Whe I tried to run TDSSKiller, no window popped up, even after I changed it's name. How do I get this virus out?

BC AdBot (Login to Remove)

 


#2 pityocamptes

pityocamptes

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:04:31 AM

Posted 06 June 2011 - 03:21 PM

Do you have some funky extension.exe running in your task manager list - like A.exe or A12345.exe. etc? I had one like this years ago, and was able to narrow which redirect I had and found the appropriate fix. Just a thought.

#3 OhSHIZZZ

OhSHIZZZ
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:31 AM

Posted 06 July 2011 - 06:28 PM

Do you have some funky extension.exe running in your task manager list - like A.exe or A12345.exe. etc? I had one like this years ago, and was able to narrow which redirect I had and found the appropriate fix. Just a thought.

No....

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:31 AM

Posted 06 July 2011 - 07:20 PM

Hello If SAS finds more than cookies post that log.


Download the FixTDSS.exe

Save the file to your Windows desktop.
Close all running programs.
If you are running Windows XP, turn off System Restore. How to turn off or turn on Windows XP System Restore
Double-click the FixTDSS.exe file to start the removal tool.
Click Start to begin the process, and then allow the tool to run.
Restart the computer when prompted by the tool.
After the computer has started, the tool will inform you of the state of infection (make sure to let me know what it said)
If you are running Windows XP, re-enable System Restore.


This infection changes settings on your computer so that when you launch an executable, a file ending with .exe, it will instead launch the infection rather than the desired program. To fix this we must first download a Registry file that will fix these changes. From a clean computer, please download the following file and save it to a removable media such as a CD/DVD, external Drive, or USB flash drive.

FixNCR.reg

insert the removable device into the infected computer and open the folder the drive letter associated with it. You should now see the FixNCR.reg file that you had downloaded onto it. Double-click on the FixNCR.reg file to fix the Registry on your infected computer.



>>>>
Run RKill....

Download and Run RKill
  • Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

    Link 1
    Link 2
    Link 3
    Link 4

  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply

Do not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.


Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal/regular mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 OhSHIZZZ

OhSHIZZZ
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:31 AM

Posted 07 July 2011 - 04:05 PM

I was able to run FixTDSS but when I restarted the computer It went all BSOD on me.

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:31 AM

Posted 07 July 2011 - 07:28 PM

So now it will not boot to windows.
Did the BSOD give you a error message/number?

If it is going away too fast... Do this to stop the screen so you can read it and post the error.

Click on Start, then right click on My Computer.
Scroll and select Properties, then choose Advanced tab.
Under Start up and Recovery click Settings.
Under System Failure uncheck Automatic System Restart.

Now when the BSOD occurs the screen will stop and you can write the complete error down to post
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 OhSHIZZZ

OhSHIZZZ
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:31 AM

Posted 08 July 2011 - 01:09 PM

Well I was fixing my sisters net book, and she doesn't want me to mess it up anymore. I think she'll just take it to the shop later. Sorry if I wasted any of your time.

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:31 AM

Posted 08 July 2011 - 08:18 PM

Not a waste, no problem .. We can get it back if its not booting. It's her machine and choice. Good luck in which ever you choose.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users