This is my first post on BleepingComputers... I hope I got it in the right spot.
Like many others here, I have been going crazy the past several days trying to get this redirecting problem fixed. I have tried everything and I mean everything I could think of. I read all the posts. In the past, I have always managed to find the solution here, but not this time. It's time to give a little back.
First off, here are the symptoms I experienced. I got the trojan that tells you, "Your hard drive is corrupted!" and all the desktop icons dissapeared, the C:\WINDOWS folder looked empty, and the programs list was empty as well (sorry I cannot remember the name of it). Based on what I read here on Bleeping, I used the RKill tool to shut it down, then good old malwarebytes to remove it, and an additional scan with superantispyware just to be sure, then the unhide program. Things were looking good until I tried a google search and any link I clicked on sent me to StopZilla. IE, FF, Chrome, all of them.
So I started trying all the tools I could think of, in safe mode and in normal mode, as administrator and as a different user. Here is a list of the tools I tried. GMer, MWB, SuperAntiSpyware, RKUnhooker, combofix, MGtools, tdskiller, Hitman pro, and Symantec. I tried to use the Eset online scanner but was redirected to StopZilla. I cleaned out the cache and temp files and reset the browsers to default. I ran the ATF cleaner and deleted everything. Nothing worked!
There were a couple clues... during boot it would say loading Windows (default), not Windows XP pro. The boot.ini tab was gone from msconfig. TDSkiller would not run even when renamed. The only clue I got from any of those tools was from Hitman pro, which detected a "bootkit" in the MBR. So, I used Hitman to "fix" the bootkit on one of the machines I was working on and it hosed it, bsod style, so I dont recommend that. On the other machine with the same problem I was a little more careful. After googling around a bit I decided to try to rebuild the MBR with the Windows Recovery Console. So I booted up to the install disk, got to the recovery console, used fixmbr, crossed my fingers and.........
Everything is back to normal now. No more redirecting Yay!
Please be careful if you try to do this. Like I said Hitman pretty much hosed my other system, if fixmbr hoses yours, I'm sorry!
Edited by Dagwood333, 12 July 2011 - 06:12 PM.