TechSpot

[Closed] Google redirect and problems running *.exe files

By edoubleu
Aug 30, 2011
  1. I've been trying to resolve a virus/malware problem on my laptop for a week or so without any real progress. Hopefully you guys can help me out. Here's a little history to hopefully help the process.
    I first started noticing that websites were not going to the right pages the first time I picked the link. If I went back to the search results and selected the link it would, usually, get to the intended site. After a few days I noticed that some desktop shortcuts had a generic icon and wouldn't run the programs. I did some searching on removing the google.redirect.virus and ended up running FixNCR.reg with rkill.exe and then running Malware Anti-Malware. I've run TDSSKiller.exe as well. I also tried using Super AntiSpyware. I've got Symantec Endpoint Protection installed.
    At this point, in order for me to run *.exe files on the laptop after a bootup I first run the FixNCR.reg script and then rkill.exe. That seems to get my system usable until I shut down and restart. The machine is my work computer and is on a network. I also use it at home as a stand alone but connected to the internet via wireless. It seems run normal, with no real hangups, when it's connected to the work network. At home it can be painfully slow.
    It's a lot of info, but I thought it might help with the troubleshooting.

    Here are my MBAM and GMER logs. DDS with excluded as directed in my other post.

    ---------------------------------------------------------------------------

    Malwarebytes' Anti-Malware 1.51.1.1800
    www.malwarebytes.org

    Database version: 7604

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    8/29/2011 8:26:43 AM
    mbam-log-2011-08-29 (08-26-43).txt

    Scan type: Quick scan
    Objects scanned: 296910
    Time elapsed: 36 minute(s), 9 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
    -------------------------------------------------------------------

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2011-08-29 11:49:22
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e TOSHIBA_MK8046GSX rev.LB312D
    Running: ygyx1k88.exe; Driver: C:\DOCUME~1\ewelsch\LOCALS~1\Temp\pxtdapog.sys


    ---- Devices - GMER 1.0.15 ----

    Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
    Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

    AttachedDevice \Driver\Tcpip \Device\Ip wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Tcp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Udp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\RawIp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

    ---- EOF - GMER 1.0.15 ----
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Welcome To TechSpot! I'll help you sort through the problem.

    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    • Please let me know if there is any change in the system.

    If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
    =====================================
    You should understand that some of the programs you ran in an attempt to fix malware are specific to the malware infection. Running random scans in the hope that one of them will handle the problem can actually make the problem worse.

    Please remove FixNCR.reg and TDSSKiller.exe. The first is for the XP Anti-Spyware 2011 malware and the second is for the TDSL 3 or 4 rootkit family

    Continue with DDS please, then paste both logs into your next reply. Note: The logs are named DDS.txt and Attach.txt. The second is a name, not an instruction. And please don zip the second.

    When you have left those logs, I will review them.
     
  3. edoubleu

    edoubleu TS Rookie Topic Starter Posts: 27

    Thanks for the reply.
    How do I go about deleting FixNCR.reg? Do I need to remove it from the registry or just get rid of the file? Same with removing TDSSKiller. Just delete from system or is there a process that needs to be removed?

    Thanks, just wanna make sure I do this right, the first time.
     
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    edoubleu, you have 2 active threads going now for same problem.

    Please do not post again on this until Broni decides which to delete or merge.

    Same program, all descriptions and all logs are to be put on the same thread,
     
  5. Broni

    Broni Malware Annihilator Posts: 52,911   +344

Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...