Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

terdir.com adware/virus?


  • Please log in to reply
5 replies to this topic

#1 zfighter00

zfighter00

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:48 PM

Posted 19 November 2014 - 10:27 AM

I was infected with some adware.  My Kaspersky anitvirus did not catch it.  I used an adware removal program and removed infected files, as well as uninstalled several programs that were installed at the same time (and I did not install them).  I removed the google toolbars, and reinstalled them.  But everytime I click on something in internet explorer, a new tab opens up with terdir.com.  I processes for a minute and the tab turns into some random website.  Mostly advertisements, or websites with a bunch of ads trying to get you to buy or download something.  My anitvirus and adware removal does not detect anything.  Also, when watch tv shows from places like cwtv.com, or cbs.com, etc...random tabs open up and random popups open up and start playing video or audio advertisements.  One popup looks like a windows notification box, and the title says ads, the message says something like ads ok, and only gives you the option of pressing ok button. 

Any ideas on what this terdir.com is, and how to stop all this nonsense? 

FYI, I just loaded a fresh Windows 7 last week.



BC AdBot (Login to Remove)

 


#2 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:48 AM

Posted 19 November 2014 - 03:48 PM

Hi zfighter00 and :welcome:

Cannot open this terdir.com

 

icon1348768721.jpgDownload Screen317 Security Check HERE and save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Please post the contents of that document.
Note:: If any security program requests permission to access the Internet, allow it to do so

icon1337954655.pngPlease download MiniToolBox HERE to your desktop to run it.
Checkmark the following boxes:
* List content of Hosts
* Flush DNS
* Report IE Proxy Settings
* Reset IE Proxy Settings
* Report FF Proxy Settings
* Reset FF Proxy Settings
* List last 10 Event Viewer log
* List Installed Programs
* List Devices (do NOT change any settings here)
* List Users, Partitions and Memory size
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
Click Go and Copy / Paste the result. (result.txt)

icon1337952077.pngPlease download Farbar Service Scanner (FSS) HERE and run it on the computer with the issue.

    Make sure the following options are checked:
        Internet Services
        Windows Firewall
        System Restore
        Security Center/Action Center
        Windows Update
        Windows Defender
        Other Services
    Press "Scan".
    It will create a log (FSS.txt) in the same directory the tool is run.
    Please copy and paste the log to your reply.

logo.jpgDownload Malwarebytes Anti-Rootkit HERE
    Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
    Double click on downloaded file. OK self extracting prompt.
    MBAR will start. Click "Next" to continue.
    Click in the following screen "Update" to obtain the latest malware definitions.
    Once the update is complete select "Next" and click "Scan".
    When the scan is finished and no malware has been found select "Exit".
    If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
    Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
    "mbar-log-{date} (xx-xx-xx).txt"
    "system-log.txt"

 

Thank you!



#3 pduclo

pduclo

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:48 PM

Posted 21 January 2015 - 01:29 AM

Same exact issue. Spent hours scanning with all the various malware tools. Not my first rodeo. Turns out to be malware that changed the DNS servers in the network card info to manual. Set it back to automatic DNS pickup and all if fixed (since malware was removed in previous steps). 

 

Old topic, but I hope this helps others.



#4 pduclo

pduclo

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:48 PM

Posted 21 January 2015 - 01:37 AM

After you correct the DNS setting issue, then flush dns (ipconfig /flushdns) then clear browser caches (IE, Chrome, Firefox, etc). 



#5 zfighter00

zfighter00
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:48 PM

Posted 21 January 2015 - 11:27 AM

I changed the DNS setting, I even changed it back to manual and put in my own settings.  Neither worked.  This was before and after Malware was supposedly removed.  I finally just wiped it clean and did a fresh Windows install.  Since I had all my drivers downloaded now, I could install the drivers and Antivirus before connecting to internet this time.



#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:48 PM

Posted 21 January 2015 - 01:04 PM

Lets do this..

newtool3_zpsae6d2122.png

Please download Powelikscleaner (by ESET) and save it to your Desktop.

1. Double-click on ESETPoweliksCleaner.exe to start the tool.

2. Read the terms of the End-user license agreement and click Agree.

3. The tool will run automatically. If the cleaner finds a Poweliks infection, press the Y key on your keyboard to remove it.

newtool1_zpsa1caa06e.png

4. If Poweliks was detected "Win32/Poweliks was successfully removed from your system" will be displayed. Press any key to exit the tool and reboot your PC.

newtool2_zps0e6d39b1.png

The tool will produce a log in the same directory the tool was run from.

Please copy and paste the log in your next reply.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users