Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows XP Repair & Search Engine Redirect


  • This topic is locked This topic is locked
2 replies to this topic

#1 teknojo

teknojo

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 19 July 2011 - 04:37 PM

Hello,

I have used this site many times to fix my friends and families computers. The computer my sister has been using became infected with the Windows XP Repair fake anti-virus through a Java exploit I believe. I managed re-install (I don't know why they were gone) malwarebytes and Avast. I also got ComboFix ATF-Cleaner HijackThis and unhide onto the infected computer. I believe I jumped the gun in HOW I ran the programs. I know enough to get myself in trouble it seems.

The 'Windows XP Repair' part of the problem seems to be gone, all files are unhidden, the program is no longer popping up on start up and preventing you from doing anything else. In fact you can access and run anything.

Primary problem now is a search engine redirect and invisible internet explorer. All browsers are experiencing the search engine redirect, iexplorer, firefox, safari. Internet Explorer is running invisibly and can be seen in taskmanager and winpatrol. The program can be terminated but it restarts within ten to fifteen minutes. It also occasionally starts up a visible Iexplorer window that surfs to seemingly random sites.

I seem to recall that this is most likely registry edits performed by the Windows XP Repair virus. Nothing I have run can see them, though Malwarebytes and Avast keep seeing verious threats and "fixing" them, they are not actually being fixed or are just being replaced by what ever the redirect is doing. I can not find my notes on how to manually remove the entries as I have done on previous occasions.

So... Help?!

Thank you,
Teknojo

BC AdBot (Login to Remove)

 


#2 teknojo

teknojo
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 26 July 2011 - 04:14 PM

Thank you for not replying to my query.

Problem appears to be solved.

I reviewed the "Windows XP Fix" Removal Guide (here: http://www.bleepingcomputer.com/virus-removal/remove-windows-xp-fix ). I believe the "Windows XP Repair" was a variant of this one, such originality these hackers show. I apparently needed an RKILL.exe file with a different name. Downloaded and ran the RKILL and the TDSSKiller again and it worked this time!

Malwarebytes and super anti-spyware where both able to run completely, identify and remove a few additional threats.

Now the computer is no longer redirecting and no invisible internet explorers are running so all appears to be kosher once more.

MS Security Essentials is installed and running as well as SUPER Anti-Spyware and WinPatrol so I think the computer should be good now.

Only question is this: In the realm of the free anti-virus is MS Security Essentials good enough or is Avast a better choice?

#3 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:43 PM

Posted 26 July 2011 - 04:39 PM

As this issue appears to be resolved I am closing the topic. Please send me (or any other Moderator) a Personal Message (PM) if you would like the topic re-opened.

Only question is this: In the realm of the free anti-virus is MS Security Essentials good enough or is Avast a better choice?

Personally I think they are about equal. Remember that no anti-virus can be 100% effective. Have a read of this:

http://www.bleepingcomputer.com/forums/topic2520.html
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users