Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 - browser hijacked, gernerally sick PC


  • Please log in to reply
2 replies to this topic

#1 Dizzley

Dizzley

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:52 PM

Posted 30 June 2011 - 05:06 AM

I ran a program with a trojan and my Acer 5738Z laptop immediately rebooted into Startup Repair.

The story so far:
  • Startup Repair failed several times.
  • I used F10 to get into Acer recovery... eventually got in.
  • Acer recovery (Disk 2 Disk) would not start twice, but started and recovered a system.
  • Seeking a more reliable recovery - I looked for the Recovery DVDs I made on purchase but I've lost them.
  • Meanwhile I took a disk drive backup using a trusted Live CD installation so have that on external USB drive.
  • The D2D recovered system apparently booted OK and I cautiously used it.
  • Both Chrome and IE8 seem hijacked :( - Clicking a result from Google search or occasionally trying a website in the location bar leads to a variety of hijacked sites not the page requested.
  • I did an AVG free full virus scan.
  • I downloaded Search and Destroy from cnet.com updated it and ran it. Nothing reported.
  • Windows Update ran and installed a number of updates. This happened at least twice.
  • The last Windows update caused a Startup Repair to run but it seemed to complete OK in one pass and restart.
  • I downloaded Opera to see if browsing behaved better. It has been a bit better.
  • Here I am looking for help in sorting this out please. I have good PC admin/programming skills but I don't do this kind of thing these days.


BC AdBot (Login to Remove)

 


#2 Dizzley

Dizzley
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:52 PM

Posted 30 June 2011 - 05:08 AM

Bonus steps:
  • Created Recovery Disks from recently recovered system.
  • Allowed Spybot S&D to add entries to Hosts file to trap the worst of the redirects.

Thanks,
Dizz.

#3 Dizzley

Dizzley
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:52 PM

Posted 30 June 2011 - 10:34 PM

OK... not much happening here, so I searched the forums and spotted activity on the Google Redirect virus. This led me to the extremely helpful post: "Infected with the Google Redirect virus".

I followed the instructions therein and getting a positive rootkit detection from Kaspersky TDSSkiller I completed the whole set of instructions and that has fixed the problem. TDSSkiller was the only tool to find what must be a common infection and I am now a Kaspersky fan.

Thanks for the forums, people - I'll remember you.

Edited by Dizzley, 30 June 2011 - 10:35 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users