TechSpot

Browser re-direct virus?

By theRadiantChild
Jun 24, 2010
  1. Hey guys. I did the 8 step thing. removed a couple of trojans and root kits. Seems like after getting online it gets kinda slow and i get that dreaded google.com/webhp redirect problem. It auto pops up random sites. None of which are bad but spam reguardless. I have the log files but only for gmer and that .srs file. I originally was infected with the AV.exe fake spyware scanner. I got rid of it though by doing some research on the forums. Thanks for any help offered!

    UPDATE: I forgot to add that I scanned that computer with panda, malwarebytes, and other various popular virus spyware scanners recommended on the forums and Cnet. All are scanning clean. Even the deep scans. So this virus must be something left behind. This virus or browser hijacker wont let me get windows updates either...it acts as if the internet is offline when its really not.
     
  2. theRadiantChild

    theRadiantChild TS Enthusiast Topic Starter Posts: 364

    anyone? anyone? bueller....:D
     
  3. theRadiantChild

    theRadiantChild TS Enthusiast Topic Starter Posts: 364

    ?

    did I do something wrong? Seems like no one is willing to help me :/ Just let me know so I can correct it. I have seen others posts go up and 5min later has 20 replies. I just want to make sure I'm not doing something wrong in the forum.

    thanks
     
  4. Broni

    Broni Malware Annihilator Posts: 52,905   +344

    Your initial post happened 2 hours ago, so please stop bumping your topic.
    We're only volunteers and we're not here 24/7
    None of required logs shows any personal data.

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
     
  5. theRadiantChild

    theRadiantChild TS Enthusiast Topic Starter Posts: 364

    ok i apologize about that. Here are the log files. thx for any help offered :)

    -Jay
     
  6. Broni

    Broni Malware Annihilator Posts: 52,905   +344

    You're NOT following all instructions listed in 8-steps manual.
    Going that way, we won't finish before Christmas.
    I don't see any antivirus program running.
     
  7. theRadiantChild

    theRadiantChild TS Enthusiast Topic Starter Posts: 364

    I did everything I just forgot to save any log files from malwarebytes and other anti virus programs. I uninstalled them after I did a full sweep with them. they all read "clean"
     
  8. Broni

    Broni Malware Annihilator Posts: 52,905   +344

    You have to have antivirus program installed, present and updated all the time.
    When you're done with installing AV program, run full scam with it.'
    Run quick scan with MBAM, post its log.
    When done, post fresh DDS logs.
    We won't continue until you're done with all steps from here: http://www.techspot.com/vb/topic58138.html

    Your computer is infected with a rootkit.
     
  9. theRadiantChild

    theRadiantChild TS Enthusiast Topic Starter Posts: 364

    Ive done all this man. I tried several anti virus and cleaned until it found nothing. The same with malwarebytes. No programs are finding anything at all. Even after doing "Full scans" numerous times.
     
  10. Broni

    Broni Malware Annihilator Posts: 52,905   +344

    Please, re-read my last post.

    http://www.techspot.com/vb/topic58138.html
    ...and I want to see DDS log, which shows, you have AV program installed and running.

    Reply only, when you're done with ALL steps.
    I have other computer to clean and I have no time to read instructions for you.
    .
     
  11. theRadiantChild

    theRadiantChild TS Enthusiast Topic Starter Posts: 364

    as requested...updated logs :D
     
  12. theRadiantChild

    theRadiantChild TS Enthusiast Topic Starter Posts: 364

    Hope this is everything. This forum rocks! one of the best tech sites i've been too.
     
  13. Broni

    Broni Malware Annihilator Posts: 52,905   +344

    :) Thank you

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  14. theRadiantChild

    theRadiantChild TS Enthusiast Topic Starter Posts: 364

    scanning now. It found a rootkit as you called it!
     
  15. Broni

    Broni Malware Annihilator Posts: 52,905   +344

    OK :).......
     
  16. theRadiantChild

    theRadiantChild TS Enthusiast Topic Starter Posts: 364

    here ya go! :D
     
  17. Broni

    Broni Malware Annihilator Posts: 52,905   +344

    How is redirection issue?


    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    Folder::
    c:\documents and settings\NetTech\Local Settings\Application Data\ombayach
    
    Registry::
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"=dword:00000001
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    
    DDS::
    uInternet Settings,ProxyServer = http=127.0.0.1:1033
    

    3. Save the above as CFScript.txt

    4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
  18. theRadiantChild

    theRadiantChild TS Enthusiast Topic Starter Posts: 364

    appears to be cured! yippeee
     
  19. theRadiantChild

    theRadiantChild TS Enthusiast Topic Starter Posts: 364

    Guess that's all she wrote then? and how did you get so damn good man? Srsly I wish I was that good. You def. got skills. :)
     
  20. Broni

    Broni Malware Annihilator Posts: 52,905   +344

    I'm glad, your computer is doing better :)

    We're not done yet though. We need to make sure, you're 100% clean.

    Uninstall Combofix:
    Go Start > Run [Vista users, go Start>"Start search"]
    Type in:
    Combofix /Uninstall
    Note the space between the "Combofix" and the "/Uninstall"
    Click OK (Vista users - press Enter).
    Restart computer.

    ====================================================================

    Download OTL to your Desktop.

    * Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    * Under the Custom Scan box paste this in:



    netsvcs
    drivers32 /all
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\user32.dll /md5
    %systemroot%\system32\ws2_32.dll /md5
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU



    * Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  21. theRadiantChild

    theRadiantChild TS Enthusiast Topic Starter Posts: 364

    removed by author
     
  22. theRadiantChild

    theRadiantChild TS Enthusiast Topic Starter Posts: 364

    the second was too large to post. so heres the txt file
     
  23. Broni

    Broni Malware Annihilator Posts: 52,905   +344

    Update your Java version: http://java.com/en/download/index.jsp
    Uninstall all previous Java versions through Add\Remove (Programs & Features in Vista/7)

    =======================================================================

    You have some Norton's leftovers. Please, run Norton Removal Tool: http://service1.symantec.com/Support/tsgeninfo.nsf/docid/2005033108162039

    ========================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      DRV - File not found [Kernel | On_Demand | Running] --  -- (catchme)
      O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
      
      
      :Services
      
      :Reg
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [resethosts]
      [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
     
  24. theRadiantChild

    theRadiantChild TS Enthusiast Topic Starter Posts: 364

    as requested :) oh i forgot to add that this morning when i booted I got a system will shutdown in so many seconds. said something to do with services. Had a countdown timer. It never shutdown though. I haven't seen the message but once today so I dunno.
     
  25. theRadiantChild

    theRadiantChild TS Enthusiast Topic Starter Posts: 364

    is this what you need broni? see logs on last post
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...