Browser keeps getting redirected

By kingfu
Apr 3, 2007
Topic Status:
Not open for further replies.
  1. I've picked up a nasty somewhere, and no matter how many anti virus/spyware programs i've ran i can't get rid of it.

    My browser keeps getting redirected to ad sites. I've checked out my host files and they are clean. I've attatched my hijackthis log in the hopes someone can help me.

    I see the blatently obvious system32\.exe (file missing) entry, but hijackthis doesn't seem to be able to fix it?! as every time i do a reboot and rescan its still there.

    hope someone can help!

    thanks
  2. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +17

    Hello and welcome to Techspot.

    Your system has been hijacked.

    You shouldn`t try and fix any entries in HJT yourself. Run HJT and click the config button, followed by the backups button. Place a tick in the little box next to all entries and click the restore button and click yes. Reboot your system.

    Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

    If after reading the above, you wish to clean your system, do the following.

    Please download FixWareout from one of these sites:
    http://downloads.subratam.org/Fixwareout.exe
    http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe

    Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
    The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

    Then, go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

    Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above. Also, attach the C:\fixwareout\report.txt.

    Also, let me know the results of the AVG Antirootkit scan.

    Regards Howard :wave: :wave:

    This thread is for the use of kingfu only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  3. kingfu

    kingfu Newcomer, in training Topic Starter

    thanks for your great info howard_hopkinso

    I've attatched the updated logs as requested. I also ran smitfraudfix which found i had been the victim of a dns hijack.

    hopefully im clean now!
  4. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +17

    Please post all the requested log files.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    C:\windows\ALCMTR.EXE

    reboot your system and post a fresh HJT log as well as the AVG and Combofix logs. Let me know the results of the AVG Antirootkit scan.

    Regards Howard :)

    This thread is for the use of kingfu only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.