Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Website redirects that I can not seem to stop


  • Please log in to reply
13 replies to this topic

#1 Tomcmustang

Tomcmustang

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:07 AM

Posted 03 September 2012 - 07:36 AM

A few days ago I had some sort of virus and I was able to fix most of it up with a combination of Avast, Spybot Search and Destroy, and Malwarebytes. However every few minutes avast pops up and says they blocked a malicious URL going to [randomword]puma.com (for example cigarpuma.com) and if I search something through google and click on of their links my browser will redirect. Lastly Firefox is refusing to load, if I launch it says Firefox is already running please close process and try again. After a while of this I simply uninstalled Firefox and tried to reinstall but it continued.

Hope you can help, and thanks in advance.

*Moderator Edit: Moved topic from XP to the more appropriate forum. ~ Queen-Evie*

Edited by Queen-Evie, 03 September 2012 - 08:15 AM.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:07 AM

Posted 03 September 2012 - 07:42 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 Tomcmustang

Tomcmustang
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:07 AM

Posted 03 September 2012 - 07:55 AM

When I tried to load tdsskiller from the exe nothing happened. Same for Asw. Eset opened a menu that had the start button but nothing happened. Could it be because I have Avast and Spybot on?

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:07 AM

Posted 03 September 2012 - 08:00 AM

Download

FIXTDSS

Launch it ,It may ask for restart,reboot the PC

On reboot,click on REPAIR

Now run both TDSSkiller and aswmbr

#5 Tomcmustang

Tomcmustang
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:07 AM

Posted 03 September 2012 - 08:05 AM

Nothing is happening when I try and run that exe too.

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:07 AM

Posted 03 September 2012 - 08:08 AM

.

Edited by narenxp, 27 October 2012 - 07:00 PM.


#7 Tomcmustang

Tomcmustang
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:07 AM

Posted 03 September 2012 - 08:21 AM

The file saved as tdsskiller again but this time loaded. It scanned and found two things, one was a locked file (service sptd, suspicious object, medium risk) and the other was Rootkit.Boot.SST.b (physical drive: \Device\Harddisk0\DR0, Malware Object, High risk). It skips the locked file and tries to cure the Rootkit.Boot.SST.b but can not. It then asks me to reboot my computer

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:07 AM

Posted 03 September 2012 - 08:25 AM

Reboot the PC and run TDSSkiller again and post the log

#9 Tomcmustang

Tomcmustang
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:07 AM

Posted 03 September 2012 - 08:34 AM

Tdsskiller, the first one you had me download, still wont run. The second one, tdssfix that downloaded at tdsskiller, ran and found the locked file (Service: sptd, suspicious object, medium risk) and the Rootkit.Boot.SST.b (Physical drive: \Device\Harddisk0\DR0, Malware Object, High risk) again. It wants to skip the Locked File and cure the Rootkit.Boot.SST.b again.

I can not seem to find any log other than the scan results, if this is incorrect and you are looking for some other information please let me know.

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:07 AM

Posted 03 September 2012 - 08:36 AM

It wants to skip the Locked File and cure the Rootkit.Boot.SST.b again.


SPTD-Skip it

Rootkit.boot.sst-CURE IT

Restart the PC ,run TDSSkiller again and see if it comes out clean

#11 Tomcmustang

Tomcmustang
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:07 AM

Posted 03 September 2012 - 08:39 AM

I am getting a warning through tdsskiller that is saying that Can't cure MBR. Write standard Code? If you installed a custom bootloader you will need to reinstall them after the treatment. Then it just says yes or no

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:07 AM

Posted 03 September 2012 - 08:46 AM

Click YES and restart the PC

#13 Tomcmustang

Tomcmustang
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:07 AM

Posted 03 September 2012 - 08:51 AM

Ran tdsskiller and found the locked file (Service: sptd, suspicious object, medium risk) and the Rootkit.Boot.SST.b (Physical drive: \Device\Harddisk0\DR0, Malware Object, High risk) again. It wants to skip the Locked File and cure the Rootkit.Boot.SST.b again.

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:07 AM

Posted 03 September 2012 - 08:53 AM

Looks like TDSSkiller has problems removing the rootkit

Read the guide here on preparing logs

http://www.bleepingcomputer.com/forums/topic34773.html

and create a topic here with logs

http://www.bleepingcomputer.com/forums/forum22.html

Good luck

Edited by narenxp, 03 September 2012 - 08:53 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users