Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot Remove Malware


  • Please log in to reply
8 replies to this topic

#1 texan2011

texan2011

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:33 PM

Posted 15 January 2012 - 07:53 PM

Hello,
My computer was infected with the virus that opened up several windows that said critical error, etc. It also hid everything on my computer. We did a system restore to make it functional again, which worked, but now we have the google redirect virus that seems impossible to remove. We have malwarebytes and it is not finding it. We have tried several different things as well recommended by another bleeping computer discussion with no luck. Any help would be very much appreciated.

Edited by Budapest, 15 January 2012 - 07:56 PM.
Moved from Win7


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:33 PM

Posted 15 January 2012 - 08:22 PM

Can you post your malwarebytes clean log?

Download

TDSSkiller

Launch it,click on SCAN,post the generated log

If you're unable to launch TDSSkiller,download

FIXTDSS

Launch it,it should ask for a restart,let me know what it finds

Good luck

Edited by narenxp, 15 January 2012 - 08:22 PM.


#3 texan2011

texan2011
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:33 PM

Posted 15 January 2012 - 08:40 PM

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.13.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Wood :: WOOD-PC [administrator]

1/15/2012 7:33:55 PM
mbam-log-2012-01-15 (19-33-55).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 183001
Time elapsed: 2 minute(s), 40 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

TDSS Killer will not run. I am going to run the FIXTDSS now but in case of reboot I wanted to post the malwarebytes log for you. I will post FIXTDSS momentarily.

#4 texan2011

texan2011
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:33 PM

Posted 15 January 2012 - 09:00 PM

FIXTDSS says ***infected MBR detected, then I clicked repair. As of right now, I have done two google searches with no redirect (holy cow lol) Do you think this was it, or will it return....

#5 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:33 PM

Posted 15 January 2012 - 09:08 PM

Good :thumbsup:

Download

http://public.avast.com/~gmerek/aswMBR.exe

Launch it, allow it to download latest Avast! virus definitions

Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Good luck

#6 texan2011

texan2011
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:33 PM

Posted 15 January 2012 - 10:25 PM

aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-15 20:52:14
-----------------------------
20:52:14.645 OS Version: Windows x64 6.1.7601 Service Pack 1
20:52:14.645 Number of processors: 4 586 0x2A07
20:52:14.645 ComputerName: WOOD-PC UserName: Wood
20:52:16.423 Initialize success
21:02:38.803 AVAST engine defs: 12011501
21:02:50.347 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:02:50.347 Disk 0 Vendor: WDC_WD10 17.0 Size: 953869MB BusType: 3
21:02:50.347 Disk 0 MBR read successfully
21:02:50.363 Disk 0 MBR scan
21:02:50.363 Disk 0 Windows VISTA default MBR code
21:02:50.363 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63
21:02:50.379 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 13566 MB offset 81920
21:02:50.394 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 940262 MB offset 27865088
21:02:50.410 Service scanning
21:02:51.455 Modules scanning
21:02:51.455 Disk 0 trace - called modules:
21:02:51.455 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
21:02:51.455 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006296060]
21:02:51.471 3 CLASSPNP.SYS[fffff88001bce43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005fe7050]
21:02:52.656 AVAST engine scan C:\Windows
21:02:57.071 AVAST engine scan C:\Windows\system32
21:04:18.363 AVAST engine scan C:\Windows\system32\drivers
21:04:30.546 AVAST engine scan C:\Users\Wood
21:16:01.518 AVAST engine scan C:\ProgramData
21:22:28.415 Scan finished successfully
21:23:43.763 Disk 0 MBR has been saved successfully to "C:\Users\Wood\Documents\MBR.dat"
21:23:44.075 The log file has been saved successfully to "C:\Users\Wood\Documents\aswMBR.txt"


Here it is =)

#7 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:33 PM

Posted 15 January 2012 - 10:31 PM

That looks good :)

Did you unhide the files?

Check you startmenu programs.Most of the times people use unhide fix but do not check their startmenu and startmenu programs

click on startmenu,expand programs like Microsoft office and see if it looks empty.

Good luck

#8 texan2011

texan2011
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:33 PM

Posted 15 January 2012 - 10:48 PM

I have unhidden everything and my computer looks amazingly as it should lol. Apparently that FIXTDSS allowed my trendmicro to finally and I mean finally find four trojans and remove them. You are a sanity saver :clapping: . THANK YOU!!!!

#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:33 PM

Posted 15 January 2012 - 10:50 PM

You're welcome :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users