Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Lingering issues


  • This topic is locked This topic is locked
3 replies to this topic

#1 teknojo

teknojo

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:32 PM

Posted 04 January 2013 - 09:03 PM

Hello,

My brother has an JP DV6-6150 running Windows 7 Professional with Service Pack 1 installed.

Yesterday he started getting redirect in his Google searches. I told him to save important data and do a wipe with a clean install.

He requested I try to fix it first. I had not done anything with these in a while as if my computers become infected I just do as I suggested, wipe and reinstall, but I gave it a shot.

I bombarded his computer with:
CCleaner
ComboFix
HijackThis
MalewareBytes
RougeKiller
&
TDSSkiller

Not in that order. Basically all the tools I had in my "kill it fast" folder.
After the last restart the redirecting seems to have stopped, but I am now getting a popup from WinPatrol every five minutes asking to approve the addition of C:\Windows\System32\userinit.exe to the startup settings.

This file does not appear to have been altered since 2010 and it was not doing this before.

I also had a number of popups for adding the alothelperbho.dll to the explorer. I did not see a lot of info on this thing but I am suspect of anything with 'helper' in the title.

I want to make sure it is fully clean and as I have not done anything along these lines in a long while I would like a suggestion on how to check this.

Thank you,
Teknojo

Edited by hamluis, 05 January 2013 - 11:07 AM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:10:32 PM

Posted 07 January 2013 - 01:20 PM

Hello teknojo, and welcome to the forums! :thumbsup:

We apologize for the delay in response! My name is bloopie and I'll be helping you with your problems as best I can! :thumbup2:

==========

Just a note: I am moving this topic over to the Malware Removal forum where it will stay, so we can get the proper logs posted.

==========

Since you've already run Combofix, I'm going to need to see the logfile it makes. The file can be found at C:\Combofix.txt. Please copy and paste all logs for me, do not attach them unless otherwise instructed.

In addition to the Combofix log, I would also like to see the logfiles from MalewareBytes, RougeKiller & TDSSkiller as well. I'll need this information to understand what's already been done to the machine. If you'd like information on how to find the logs, just let me know. :)

bloopie

#3 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:10:32 PM

Posted 10 January 2013 - 06:20 PM

Hello again,

Are you still with me? :)

This is a 3-Day Bump! If you still wish to receive help please follow the instructions in my last post.

If you do not respond in another 48 hours, I will be forced to close this topic!

bloopie

#4 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:10:32 PM

Posted 21 January 2013 - 05:40 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users