TechSpot

8-step Viruses/Spyware/Malware Preliminary Removal Instructions Help!

Inactive
By Megcx
Nov 21, 2010
  1. Megcx

    Megcx TS Rookie Topic Starter Posts: 21

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Meghan
    ->Temp folder emptied: 8089 bytes
    ->Temporary Internet Files folder emptied: 45764788 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 765 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 12978 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 44.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Meghan
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb

    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.17.3 log created on 11242010_132713

    Files\Folders moved on Reboot...
    C:\Users\Meghan\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    Registry entries deleted on Reboot...
     
  2. Megcx

    Megcx TS Rookie Topic Starter Posts: 21

    I'm still getting redirected ): It was really good the other day, but for some reason today it's a lot worse
     
  3. Broni

    Broni Malware Annihilator Posts: 47,622   +267

    Go Start>Run ("Start search" in Vista), type in:
    cmd
    Click OK (hit Enter in Vista).

    At Command Prompt, paste this:
    ipconfig /all>c:\ipconfig_all.txt&notepad c:\ipconfig_all.txt&exit
    Hit Enter.

    Copy and paste what you see in Notepad into a Reply here.
     
  4. Megcx

    Megcx TS Rookie Topic Starter Posts: 21

    A blanks Notepad opens. It says it cannot find the file and asks if I want to create a new file
     
  5. Broni

    Broni Malware Annihilator Posts: 47,622   +267

    Go Start>Run ("Start search" in Vista).
    Type in:
    cmd
    Click OK (press Enter in Vista)

    At command prompt, type in:
    ipconfig /all (<-----watch for "space" after "ipconfig")
    Press Enter.

    Click the icon on the menubar on the left and then Edit>Select all
    Click the icon in the menubar again then Edit>Copy

    [​IMG]

    This copies all the text to the clipboard.

    Paste the output into your next reply.
     
  6. Megcx

    Megcx TS Rookie Topic Starter Posts: 21

    Microsoft Windows [Version 6.1.7600]
    Copyright (c) 2009 Microsoft Corporation. All rights reserved.

    C:\Users\Meghan>ipconfig /all

    Windows IP Configuration

    Host Name . . . . . . . . . . . . : Meghan-PC
    Primary Dns Suffix . . . . . . . :
    Node Type . . . . . . . . . . . . : Broadcast
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No
    DNS Suffix Search List. . . . . . : lan

    Wireless LAN adapter Wireless Network Connection 2:

    Connection-specific DNS Suffix . : lan
    Description . . . . . . . . . . . : Atheros AR5B95 Wireless Network Adapter
    Physical Address. . . . . . . . . : 90-4C-E5-5D-6A-C9
    DHCP Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes
    Link-local IPv6 Address . . . . . : fe80::3075:3789:c2c7:2a97%12(Preferred)
    IPv4 Address. . . . . . . . . . . : 192.168.1.66(Preferred)
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Lease Obtained. . . . . . . . . . : November-24-10 10:04:50 PM
    Lease Expires . . . . . . . . . . : November-26-10 8:40:37 AM
    Default Gateway . . . . . . . . . : 192.168.1.254
    DHCP Server . . . . . . . . . . . : 192.168.1.254
    DHCPv6 IAID . . . . . . . . . . . : 328223973
    DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-9D-C7-58-00-26-22-8D-14-6F

    DNS Servers . . . . . . . . . . . : 192.168.1.254
    NetBIOS over Tcpip. . . . . . . . : Enabled

    Ethernet adapter Local Area Connection:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Atheros AR8132 PCI-E Fast Ethernet Contro
    ller (NDIS 6.20)
    Physical Address. . . . . . . . . : 00-26-22-8D-14-6F
    DHCP Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter isatap.lan:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . : lan
    Description . . . . . . . . . . . : Microsoft ISATAP Adapter
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter isatap.{2BE7B38B-9ACF-414D-B060-E9CD1C76DF17}:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter Teredo Tunneling Pseudo-Interface:

    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes
    IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:186b:20c8:5231:feb0(Pref
    erred)
    Link-local IPv6 Address . . . . . : fe80::186b:20c8:5231:feb0%13(Preferred)
    Default Gateway . . . . . . . . . : ::
    NetBIOS over Tcpip. . . . . . . . : Disabled

    C:\Users\Meghan>
     
  7. Broni

    Broni Malware Annihilator Posts: 47,622   +267

    Go Start>Run (Start search in Vista), type in:
    cmd
    Click OK (in Vista and Windows 7, while holding CTRL, and SHIFT, press Enter).

    In Command Prompt window, type in following commands, and hit Enter after each one:
    ipconfig /flushdns
    ipconfig /registerdns
    ipconfig /release
    ipconfig /renew
    net stop "dns client"
    net start "dns client"


    Turn the computer off.

    On your router, you'll find a pinhole marked "Reset".
    Keep pushing the hole, using a pencil, or a paperclip until all lights briefly come off and on.
    NOTE. Simple router disconnecting from a power source will NOT do.
    Restart computer and check for redirections.

    NOTE. You may need to re-check your router security settings, as described HERE
     
  8. Megcx

    Megcx TS Rookie Topic Starter Posts: 21

    Before I do any of this, is it possible to not reset the router... or is that neccessary? The last time I reset it my internet connection got lost, so I had to call my service's tech people and they fixed it after a few hours, but they told me to not do that again and to only turn it off by pulling the cord...so yeah...):
     
  9. Broni

    Broni Malware Annihilator Posts: 47,622   +267

    Unfortunately, I see no other way to make sure, your router is not hijacked.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.