Hello and welcome. Lets see if we can progress and see if the rediresting srops after these.
Are you on a router? Witrh other machines? if so do they redirect?
Please download GooredFix
from one of the locations below and save it to your DesktopDownload Mirror #1Download Mirror #2
- Ensure all Firefox windows are closed.
- To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
- When prompted to run the scan, click Yes.
- GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).
Your HOSTS file
may be infected. Reset the HOSTS file
As this infection also changes your Windows HOSTS file, we want to replace this file with the default version for your operating system.
Some types of malware will alter the HOSTS file as part of its infection. Please follow the instructions provided in How do I reset the hosts file back to the default?
To reset the hosts file automatically,go HERE
button. Then just follow the prompts in the Fix it wizard.
in the File Download
dialog box or save MicrosoftFixit50267.msi
to your Desktop and double-click on it to run. Then just follow the promots in the Fix it wizard.
Run TFC by OT
(Temp File Cleaner)
Please download TFC
by Old Timer and save it to your desktop. alternate download link
Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe
to run it. If you are using Vista, right-click on the file and choose Run As Administrator
Click the Start
button to begin the cleaning process and let it run uninterrupted to completion. Important!
If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.
Please download the TDSS Rootkit Removing Tool
) and save it to your Desktop. <-Important!!!Be sure to download TDSSKiller.exe (v126.96.36.199) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 188.8.131.52 of the tool.
- Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.
- If TDSSKiller does not run, try renaming it.
- To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
- Click the Start Scan button.
- Do not use the computer during the scan
- If the scan completes with nothing found, click Close to exit.
- If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
- Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
- A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.184.108.40.206_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
- Copy and paste the contents of that file in your next reply.
If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe
, select Rename
and give it a random name with the .com
file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these[/color] instructions
. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer
Rerun MBAM (MalwareBytes) like this:
Open MBAM in normal/regular mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, [color="#8B0000"]Post new scan log
into normal mode.
Edited by boopme, 30 July 2011 - 09:39 AM.