Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

63.209.69.107 google redirect. TDSSKiller cannot find rootkit.


  • Please log in to reply
2 replies to this topic

#1 WhiteMike

WhiteMike

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:38 AM

Posted 01 January 2012 - 01:52 PM

Hi,

I believe I have a rootkit issue. I am currently running WindowsXP and nearly every link I click on (via IE) redirects me to 63.209.69.107. When this happens, an error message (or several) pops up stating that it cannot find "http://[about 65 characters and symbols]" and advises me to check the path or internet address. Every message is exactly the same. I just lack the Unicode knowledge to copy the text. When I close the message, or hit "OK", another IE window opens up to my homepage. I have run several different malware and antivirus programs, which found nothing.
I have successfully run TDSSKiller as both TDSSKiller.exe and as Something.com, but it could not find any problems. Then I ran TDSSkiller again, but this time I set it to search for digital signature issues as well. This came up with 2 results:NVRPMPR5 and IPSec. Both of these files appear to be working properly. I ran TDSSKiller in Safemode and had the same results.
When I disconnect my computer from the internet, IE opens without an issue.
Thank you in advance for any help you can give me.

Edited by Budapest, 01 January 2012 - 03:28 PM.
Moved from XP ~Budapest


BC AdBot (Login to Remove)

 


#2 Whacky98

Whacky98

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:38 AM

Posted 02 January 2012 - 09:54 AM

I had a similar issue about a month ago. When I looked at the partition table of the computer there was a partition which did not belong which was not there prior to the infection. I had to right click computer left click manage. It showed as an unknown partition I believe and was active. I had to hook the hard drive to another pc and eliminate the partition and set the Windows Partition to Active. A forum that may help if this is the issue is Patition Fix. Hope this helps.

#3 WhiteMike

WhiteMike
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:38 AM

Posted 03 January 2012 - 12:35 AM

I checked and I can't seem to find anything unusual about the device partitions.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users