TechSpot

Another Google redirect virus, MBAM crashes during all scans

By bsithil
Aug 16, 2010
  1. Hi!

    Unfortunately I am also facing a redirect virus/malware issue that seems to be plaguing these boards. Google links will redirect to ads/other sites, but typing sites into the address bar or bookmarked sites load fine.

    I have AVG antivirus, Spybot S&D, and Malwarebytes, but none of these programs find any infections. Malwarebytes will crash during any scan, whether it be a quick scan or a full scan.

    Any help or advice would be appreciated, thanks in advance!
     
  2. crunchie

    crunchie Malware Helper Posts: 728

    Hi and welcome to TechSpot forums :).

    ====

    Please read the directions given here and when done, post the requested logs.
    Please do not attach the logs unless requested, or unless they are to large to paste.
     
  3. bsithil

    bsithil TS Rookie Topic Starter Posts: 26

    Hi Crunchie,

    Thank you for helping. I will follow the steps and post the logs by tomorrow.

    Note: Malwarebytes still crashes during scans, but I will attempt to try it again while moving through the steps.
     
  4. crunchie

    crunchie Malware Helper Posts: 728

    If it will not run, just get what logs you can and post them :).
     
  5. bsithil

    bsithil TS Rookie Topic Starter Posts: 26

    Here are the logs.

    Unfortunately malwarebytes still crashes so i couldn't get a log for that.

    Thanks again!
     

    Attached Files:

  6. crunchie

    crunchie Malware Helper Posts: 728

    Please download JavaRa

    If you get this message:
    Problems with the download? Please use this direct link or try another mirror.

    Select the Direct link download unzip it to your Desktop.

    Double click JavaRa.exe then click Remove Older Versions.

    Follow any prompts; a log will popup (JavaRa.log)-- please post the contents of this log.

    Next, open JavaRa.exe again, and select Search For Updates.

    Select Update Using Sun Java's Website --> Search, and continue the instructions for downloading and installing the latest Java version. Look for JDK 6 Update 21 (JDK or JRE). On the right select this one Download JRE..

    In Vista and Windows 7 run the tool as Administrator.

    =============

    Please download ComboFix by sUBs from HERE or HERE
    • You must download it to and run it from your Desktop
    • Physically disconnect from the internet.
    • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
    • Double click combofix.exe & follow the prompts.
    • When finished, it will produce a log. Please save that log to post in your next reply.
    • Re-enable all the programs that were disabled during the running of ComboFix..

    Note:
    Do not mouse-click combofix's window while it is running. That may cause it to stall.

    CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

    Run Combofix ONCE only!!
     
  7. bsithil

    bsithil TS Rookie Topic Starter Posts: 26

    I followed the Java steps with no issue, but after running combofix my computer seems to be in a worse situation.

    The scan went smoothly until it found and infection and automatically rebooted. I did not do anything as instructed, but upon reboot, I receive a blue screen of death message,

    "STOP: c000021a Fatal System Error
    The windows logon Process system terminated unexpectedly with a status of 0xc0000005 (0x0000000 0x00000000).
    The system has been shut down."

    After manual reboots, the computer will load the desktop, then reboot itself and give the same blue screen.


    Please advise!
     
  8. bsithil

    bsithil TS Rookie Topic Starter Posts: 26

    Also, forgot to mention that combofix asked me to download/install recovery console. I followed the prompt and it downloaded and installed.

    I have the computer off as it will boot up normally then crash after loading.

    Currently posting from another computer.
     
  9. crunchie

    crunchie Malware Helper Posts: 728

    When you attempt to boot, go to selective startup and see if it will boot ok from 'Use the last known good configuration.'

    If it will not do so, try booting to safe mode and do a system restore.

    Report back how you went please.
     
  10. bsithil

    bsithil TS Rookie Topic Starter Posts: 26

    I loaded last known good configuration.

    Windows loaded fine, but it gave me a winlogon.exe stop working (probably because it was deleted?). But, no reboots or blue screens.

    Also, redirect seems to be gone. Unfortunately there was no log produced from combofix as it was giving me blue screens.

    I have attached the JavaRa log as well.

    Thanks again crunchie
     

    Attached Files:

  11. bsithil

    bsithil TS Rookie Topic Starter Posts: 26

    Ok so, now the comp wont start up again, having same issues. After i loaded last known good config it was working fine, after i turned off comp and turned it on again, it started giving me the same error and would give me a blue screen after loading.

    thanks
     
  12. crunchie

    crunchie Malware Helper Posts: 728

    Can you try rolling back by using system restore please and we will see where we go after that :).
     
  13. bsithil

    bsithil TS Rookie Topic Starter Posts: 26

    Sorry, I've never performed a system restore, could you guide me as to how to go about doing this?

    thanks!
     
  14. bsithil

    bsithil TS Rookie Topic Starter Posts: 26

    Sorry crunchie, disregard that last post.

    I figured it out but, this looks like it wont work either, before loading the system restore box, the comp crashes with the same blue screen error
     
  15. crunchie

    crunchie Malware Helper Posts: 728

    Go to Start | Run and type in msconfig and hit OK. Select the Launch System Restore button.
    The radio button for Restore my computer to an earlier time should be selected then go next.
    Select a date that you wish to restore to and select next.
     
  16. bsithil

    bsithil TS Rookie Topic Starter Posts: 26

    Crunchie,

    the system restore fixed the crashing, but the virus is back ;(
     
  17. crunchie

    crunchie Malware Helper Posts: 728

    Download Bootkit Remover to your Desktop.

    • You then need to extract the remover.exe file from the RAR using a program capable of extracting RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/
    • After extracting remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator.
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
     
  18. bsithil

    bsithil TS Rookie Topic Starter Posts: 26

    Here are the bootkit results

    Bootkit Remover
    (c) 2009 eSage Lab
    www.esagelab.com

    Program version: 1.1.0.0
    OS Version: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`3ec10000
    Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd

    Size Device Name MBR Status
    --------------------------------------------
    298 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


    Done;
    Press any key to quit...
     
  19. crunchie

    crunchie Malware Helper Posts: 728

    That looks ok.

    Please Run the ESET Online Scanner and post the ScanLog with your post for assistance.
    • You will need to use Internet Explorer to complete this scan.
    • You will need to temporarily Disable your current Anti-virus program.
    • Be sure the option to Remove found threats is Un-checked at this time (we may have it clean what it finds at a later time), and the option to Scan unwanted applications is Checked.
    • When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us as directed below.

    NOTE: If you are unable to complete the ESET scan, please try another from the list below:

     
  20. bsithil

    bsithil TS Rookie Topic Starter Posts: 26

    ESET would not run, and Kaspersky required a java framework download, so I am currently running a panda active scan.

    Will post results when finished
     
  21. bsithil

    bsithil TS Rookie Topic Starter Posts: 26

    Here is the active scan results
     

    Attached Files:

  22. crunchie

    crunchie Malware Helper Posts: 728

    Please download and save SecurityCheck.exe to your Desktop from one of the links below.

    Link 1
    Link 2

    Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    A Notepad document should open automatically called checkup.txt
    Please post the contents of that document in your next reply.
     
  23. bsithil

    bsithil TS Rookie Topic Starter Posts: 26

    Here is the checkup log
     

    Attached Files:

  24. crunchie

    crunchie Malware Helper Posts: 728

    Please update Adobe Reader.

    Download random's system information tool (RSIT) by random/random from >>here<< and save it to your desktop.
    • Double click on RSIT.exe to launch program.
    • Click Continue at the disclaimer screen.
    • Your firewall may alert you that RSIT is requesting Internet access. Please allow it.
    • Once it has finished, two logs will open: log.txt<-- this will be maximized and info.txt<-- this will be minimized.
     
  25. bsithil

    bsithil TS Rookie Topic Starter Posts: 26

    Here are the logs
     

    Attached Files:

Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...