Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser/search engine redirect virus - TDSS?


  • Please log in to reply
5 replies to this topic

#1 lucym

lucym

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:45 PM

Posted 19 January 2012 - 03:46 PM

Hi,

I'm hoping someone can help me.

My PC (running Windows 7) was infected on new year's day. I began getting numerous delayed write failed and numerous hard disk failure messages, my desktop background disappeared and all my files and icons were hidden. McAfee picked up a virus, but it wouldn't let me remove it. In the end, I got a professional to look at it, and he thought he'd removed the virus (using Combofix and HijackThis, as far as I can see), but he discovered that all browsers (IE, Firefox, Chrome, Opera and Safari - I'm a web designer so have them all installed) were still infected and were redirecting to dodgy sites on start up. He thought he'd fixed it and returned the PC to me.

All seemed fine until a couple of days later when I used Google on IE and realised that, when I clicked on a link, it was momentarily redirecting to strange websites. This became more frequent, so that it was actually redirecting to these sites and now my browsers either won't start at all or start up and then Windows will error.

From what I've read, I think it might be a rootkit/TDSS virus. McAfee is not picking anything up, and I have tried using Malwarebytes, but it also didn't pick up anything either.

Can anyone help me or suggest a program that might be able to get rid of it?

Many thanks in advance.

Lucy

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:45 PM

Posted 19 January 2012 - 03:54 PM

Download

TDSSkiller

Launch it Click on "Scan".Please post the LOG report

Download

http://public.avast.com/~gmerek/aswMBR.exe

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Good luck

Edited by narenxp, 19 January 2012 - 03:54 PM.


#3 lucym

lucym
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:45 PM

Posted 20 January 2012 - 02:51 PM

Thanks so much for responding.

I can't download the applications directly onto my PC, as I can't use the browsers, but I have downloaded it on to a USB on another computer and transferred the files that way.

However, when I try to run TDSSkiller, I do get a Windows 'Run as administrator' prompt but when I choose yes, it does not load. The green timer circle goes round the cursor as if it's thinking about it, but nothing appears. It is almost as if it the virus is blocking it.

Does this require a program like Rkill to stop the malicious processes and allow the antivirus to work?

I just wanted to check before I take any further action.

Lucy

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:45 PM

Posted 20 January 2012 - 11:39 PM

Before i could say another way to bypass tdsskiller, i need your aswMBR log

Please skip tdsskiller and follow the next instruction

Good luck

Edited by narenxp, 20 January 2012 - 11:39 PM.


#5 lucym

lucym
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:45 PM

Posted 22 January 2012 - 07:08 AM

Hi Naren,

It's not letting me run Avast either. It seems to think about it, but the programme never loads.

What should I do next?

Note: I Have applied Windows security updates and can now start up browsers, though the search engine redirect problem still persists. I also ran McAfee again, and it found one Trojan which it won't let me delete. It's called W32/Mariofev!mem (Trojan) and it's in c:\\Windows|system32\services.exe - don't know if that info helps!

Thanks,

Lucy

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:45 PM

Posted 22 January 2012 - 08:51 AM

You may have infected MBR

At this stage it is safe to

read the preparation guide

http://www.bleepingcomputer.com/forums/topic34773.html

and create a topic here

http://www.bleepingcomputer.com/forums/forum22.html

Good luck




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users