Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Yet Another Browser Redirect virus


  • This topic is locked This topic is locked
2 replies to this topic

#1 Dakhath

Dakhath

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:44 PM

Posted 20 June 2011 - 12:01 AM

Browser redirects will go to completely unrelated site via Google or Bing

The usual hosts of anti-virus programs do not even detect it.
TDSSKiller.exe fails to run. Immediately terminated on execution.
Tried running ComboFix.exe and thought it had some luck in cleaning a file "c:\windows\system32\Drivers\Volsnap.sys" but redirect issues continued.

Noticed the following files in system32\Drivers had dates modified to a different date than a week prior. But cannot seem to copy/replace/restore these files:

ati2erec.dll
atikmdag.sys
atikmpag.sys
srv.sys
srv2.sys
srvnet.sys
mrxsmb10.sys
mrxsmb20.sys
mrxsmb.sys
AtihdW73.sys
tcpip.sys
dfsc.sys
afd.sys

Can anyone help? Here's the dump from Combofix attached. Redirect error still occurs.

Thanks!
-Albert

Attached Files

  • Attached File  log2.txt   18.83KB   1 downloads


BC AdBot (Login to Remove)

 


#2 Dakhath

Dakhath
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:44 PM

Posted 21 June 2011 - 07:04 PM

Solved. Found the answer here:
http://www.bleepingcomputer.com/forums/topic404032.html

Issue was that TDSSKiller was being blocked. Thanks!

#3 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:05:44 PM

Posted 26 June 2011 - 11:27 AM

Thanks for posting back to inform us that the issue you were experiencing has been resolved.

This thread will now be closed.

Kindest Regards,
ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users