Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win7, System Restore Trojan(Removed) still malware


  • Please log in to reply
2 replies to this topic

#1 purtchiarn

purtchiarn

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:32 PM

Posted 16 February 2012 - 05:11 PM

Hi all,

Can I just say a massive thanks to the help you have provided to other users of this forum, i stumbled across this website on my Vista computer to help restore my laptop from the system restore trojan and you have changed my life!!! I never made a system restore disk when I bought my computer, got infected with System restore trojan and could barely use my laptop!!!! you have given me back a usefull laptop back and speed, files and desktop that I can now use my lappy again and didn't have to buy a new one! Thank you so so much!!!!!!!!!

Unfortunately I still have 1/2 kinks I would like to clear if you can spare me your time.

1) When I click a link on a search page be it Bing or Google I get redirected to a consumer link website and not the site I was expecting / looking for. e.g. i Typed "ZDNET Microsoft" into both and instead of getting a searchlink for the microsoft news on ZDnet which I clicked I get sent to a advert/consumer website, todays is a german web address but previously its been numerous others and I have to click at least 5 times to get to the site I'm looking for, a minor inconvenience compared to not being able to use my laptop but after a while it's grating so I'll apologise now for asking for help with this query compared to the problems other users are having!!!

2) Unfortunately I also cannot provide a Hijack this log file for you to check as i get an error saying "System denied write access to the Hosts file". I have tried the suggestion of running (notepad C:\windows\System32\drivers\etc\hosts) suggested in the warning I cannot find any line detaling "Hijack This" or even "Trend Micro" lines to even delete so please accept my apologies for not being able to provide more information.

Regarding both errors I have run Malwarebytes, Macafee & Hijack this in safe mode and they have found no suspicous Malware etc and in the latter case same problem.

Any help you can provide me I will be extremely gratefull!!!!

Thanks already "bleeping computers'" I appreciate the help you have given me already and any help you can provide now!

Al

Edited by hamluis, 16 February 2012 - 06:48 PM.
Moved from Win 7 to Am I Infected.


BC AdBot (Login to Remove)

 


#2 Jacee

Jacee

    Bleeping around


  • Malware Response Team
  • 3,716 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:32 PM

Posted 16 February 2012 - 05:27 PM

Flush the DNS cache and restore MS's original Hosts file:

Copy and paste these lines in Note pad.

@Echo on
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0


Save as flush.bat to your desktop.
Double click on the flush.bat file to run it.Vista and Windows 7... right click the .bat file and choose to run as Administrator. Your computer will reboot itself.

MS_MVP.gif
MS MVP Windows-Security 2006-2016
Member of UNITE, the Unified Network of Instructors and Trusted Eliminators

Admin PC Pitstop


#3 purtchiarn

purtchiarn
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:32 PM

Posted 19 February 2012 - 09:57 AM

Seems to have worked!!! Thanks so much!!!!!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users