Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirector.bb Trojan, Malwarebytes Anti-Malware & BSOD


  • This topic is locked This topic is locked
3 replies to this topic

#1 TaxGurl

TaxGurl

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:51 AM

Posted 09 May 2013 - 06:55 PM

Here's the situation: Yesterday, I had my Chrome browser open to my internet emailbox on one tab, a Google search on a second tab.  Search results seemed less than trustworthy so I didn't click on anything, and eventually went back to review my emails. About a minute later, my screen goes white and just says "hi!" in the top left corner.  Java starts having errors and extra windows with random crap and ads start opening.

 

Knowing I had a problem, I tried to scan using Microsoft Security Essentials.  It says it didn't find anything.  So I updated and ran MBAM, hoping it could find the culprit.  This was at the end of the day, and when I returned the next morning, MBAM had frozen after about 3.5 hrs and finding 12 errors.  I restarted the computer and tried it again, but this time I tried turning off more background stuff, thinking that a scheduled scan kicked in and caused the problem the night before.  This time, after 4.25 hrs, it gave me the BSOD.  After I shut it down again, it rebooted with a second BSOD.  Finally booted in Safe Mode, then restarted to normal.  This time MSE picked up on a Trojan: Redirector.bb and "Removed" it.  While I was at lunch, a co-worker consulted with a friend and followed up with TDSSKiller, which found a Redirector item that they "Cured".  Then Spybot S&D was run with no virus/malware/spyware found.  Another MBAM scan was done and it also gave up the 2 BSOD scenario again after a little more than an hour, this time with about 25 errors.

 

Sorry for the winded explanation, but I wanted it clear what's been done so far.  Question is, what do I do now? Our tech guy can't show up until maybe Monday, but we need the computer now.  I thank you for any and all wisdom in advance!



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,916 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:51 AM

Posted 13 May 2013 - 10:41 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

Download DDS by sUBs from one of the following links, if you no longer have it available. Save it to your desktop.

1: DDS.scr (Not recommended if you use Chrome to download this .scr file. Use the other options.)
2: DDS.pif
3: DDS.COM

Double click on the DDS icon, allow it to run.
A small box will open, with an explanation about the tool. No input is needed, the scan is running.
Notepad will open with the results.
Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.

dds_scr.gif

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
Please paste the logs in your next reply, DO NOT ATTACH THEM
Let me know what problem persists.

#3 TaxGurl

TaxGurl
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:51 AM

Posted 16 May 2013 - 04:19 PM

Thanks for the reply.  However, by the time I got the reply, our regular computer guys had already taken a look at it.  It had a slowly-failing hard drive anyways, and the Trojan pretty much finished it off...it wouldn't run any sort of program needed to fix it.  So now the whole tower is being replaced.

 

Thanks anyways, and I'll keep you guys in mind next time we need help.  Which, honestly, I hope is never.  No offense.



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,916 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:51 AM

Posted 17 May 2013 - 08:37 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users