Google Redirects, Unable to Boot into Safe Mode, boot.ini problem

By dangerwill
Dec 18, 2009
Topic Status:
Not open for further replies.
  1. Hi,

    Like so many others, I'm glad I found this site. You guys seem to really know how to handle this stuff.

    My problems started when I acquired one of those "anti-virus" scam viruses. It hijacked my desktop background, putting an imaged that said "your computer is infected", etc... Popups kept jumping out....saying to buy a certain program to get rid of all this. I investigated it and found the malaware program...which got rid of all of that.

    However, I still have a lot of critters in my computer that I CAN'T get rid of.

    Like many other recent posts, my search engines have been hijacked. I can do a search and even see the results. When I click on one, though, I get redirected to random sites.

    Or times when I am able to get to the site I want, additional windows open up with surveys and others sites on them.

    I became really concerned when, one morning I woke up early and checked my email on my cell phone -- I had just received an email from MYSELF! Something had emailed random people from my Yahoo account with a link to some website! (my gmail address was in my yahoo address book...so it emailed me along with everyone else)

    I immediately emailed everyone in my address book...telling them my computer had been jacked...and to not open the previous email. I then used my phone to get online and change all my passwords.

    Originally, I had AVG free. Then I was using AVG Premium (on a trial run). I tried to get into Safe Mode so I cound run it, but I have a problem with my boot.ini file. I cannot get into Safe Mode by pressing F8 during startup.

    I was able to get into diagnostic mode by going into "Run" -- "msconfig". However, AVG was not active in this mode, and I never figured out how to use it there.

    I found your site and went through the 8-Step process for removing malware and viruses. Based on a recommendation from a post on this site, I replaced AVG with Avira Free.

    I also tried to go back into diagnostic mode so I could run Avira, but now I cannot access msconfig! Something changed when I went from AVG to Avira.

    So the main problems (that I know of) are the search engine redirects and the inability to get into safe mode.

    I have attached the 3 log files you requested in your 8-step process, as well as the Avira log file.

    I built this computer for music production and would really like to save it. If you guys help me fix this, I'll get another computer for my internet stuff...and keep this one offline!

    Thanks,

    -Will
  2. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    You still have AVG7 installed

    Please run the AVG Remover Tool: http://www.avg.com/filedir/util/support/avgremover_en.exe
    Then Restart

    Also your Malwarebytes definitions are a day old (possibly two)
    Update it to the current version and run another quick scan

    Did you run CCleaner? Because SUPERAntispyware reports many temp files
    Also run TFC from here: http://oldtimer.geekstogo.com/TFC.exe

    I'd also recommend IE Reset Tool:
    [​IMG]
    Or manually from here http://www.techspot.com/vb/post682762-2.html
    Then restart Internet Explorer
  3. dangerwill

    dangerwill Newcomer, in training Topic Starter

    Thanks for the quick response

    Hi,

    Thank you for replying so quickly. I had run the AVG uninstall program previously, so it's odd it is still on there. Perhaps it's another, older version.

    After posting, I used my Windows XP cd rom to try and rebuild my boot.ini file.

    When I tried "bootcfg /rebuild"

    It said "error: Failed to successfully scan disks for Windows installations. This error may be caused by a corrupt file system, which would prevent Bootcfg from successfully scanning. Use chkdsk to detect any disk errors. This operation must complete successfully in order for the /add or /rebuild commands to be utilized.


    I then ran chkdsk:

    It said "the volume appears to have one or more unrecoverable problems"

    I'm guessing I have some registry issues?

    Strangely enough, after this bad news I rebooted my computer and was able to access msconfig! I rebooted again in diagnostic
    mode. *Now I am re-scanning my computer with Avira while in diagnostic mode.

    When this finishes, I will go back and do all the things you asked me to do.

    Thanks again!

    -Will
  4. dangerwill

    dangerwill Newcomer, in training Topic Starter

    I could not find AVG7 installed anywhere on my machine. I searched for it, looked through all my installed programs, etc... However, I did run the AVG uninstall app again just in case.

    Yes, I did run CCleaner twice previously (as directed in the 8 step plan). I ran it again just now.

    I also updated Malaware as you suggested and ran it again. It found nothing this time.

    I followed your links and ran both TFC and Microsoft Fix It.

    I tried searching again and at first the problem went away. After a few searches, however, the problem returned.

    I previously had Google Chrome and Mozilla Firefox on my machine. When this problem started I uninstalled both of those as a troubleshooting gesture.

    Interestingly, I seem to have no problems searching with Bing, Microsoft's new venture. I searched several times. When I go to google, live or yahoo, though...I get redirects like crazy!

    When I am getting a redirect...it's really weird...I see numerous web addresses loading...almost like it's a "webpage slot machine". Then it "lands" on a certain random address and the browser goes there.

    Could this be the reason why you saw many temp files even after I ran CCleaner?

    One good thing is I can once again access msconfig. I ran Avira in diagnostic mode...but it didn't find anything.

    I have attached my new malaware log.

    Thanks for any more input.

    -Will
  5. dangerwill

    dangerwill Newcomer, in training Topic Starter

    Kimsland,

    I couldn't find AVG 7 anywhere on my computer, but I still ran the uninstall program again like you suggested.

    I also updated malwarebytes and ran it again. It didn't find anything. I will post the new log.

    I did run CCleaner previously (twice as directed in the 8 steps). I ran it again today.

    I also ran TFC and Microsoft Fix It as you suggested.

    When I first began to perform interenet searches, the problem seemed to be resolved. After a few searches, though, it returned.

    I want to add that I used to have Google Chrome and Firefox on this machine as well. When this problem began, I removed them as a troubleshooting gesture.

    Interestingly, I have no issues when I search with Bing. None! I get redirects with google, live, and yahoo, but not Bing. Weird, eh?

    I appreciate any help anyone has to offer. Attached is my new Malwarebytes log.

    Thanks,

    -Will
  6. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    Combofix:
    • Download [​IMG]Combofix to your desktop.
    • Disable your Antivirus (as Combofix will remove any found malwares)
    • Double click ComboFix & follow the prompts.
    • A window will open with a warning.
    • When the scan completes it will open a text window. Please attach that log back here
    Also restart and provide a fresh HJT Scan log After you restart
  7. dangerwill

    dangerwill Newcomer, in training Topic Starter

    Wow, Combofix is a powerful program!

    It installed Windows System Restore for me (after detecting that I was missing it).

    It found a rootkit and killed it for me.

    After rebooting I was able to go into safe mode!

    I did an Avira scan as well as an HJT scan while in safe mode.
    The Avira scan did find one more threat.

    My logs are attached.

    I have now been able to search with Google with no redirect issues! Thank you!

    Do you notice any other issues that need attention?
  8. Velexia

    Velexia Newcomer, in training Posts: 34

    Looks like you caught the same internet bug I did. Be careful! I recommend restarting your computer as little as possible (I am not able to access mine anymore after a restart suggested by Avast).

    Reading further, it seems you're in the clear actually... I only wish I could follow the same steps ^_^
  9. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    Un-install Combofix
    • Click START then RUN
    • Now type Combofix /uninstall in the runbox and click OK
    • Any popup errors about Antivirus just ok or close
    Note: 1 space after ComboFix in that uninstall command



    Uninstall SUPERAntispyware
    Start > Control Panel > Add/Remove Programs > SUPERAntispyware > Uninstall



    Update Java and remove older Java versions
    Run JavaRa
    This will remove all your old Java stuff (that is not required)
    It will also help you check for new Java updates Runtime updates
    Or just go here and auto check: http://java.com/en/download/installed.jsp?detect=jre&try=1



    Download and run TFC http://oldtimer.geekstogo.com/TFC.exe
    Your computer may need to Restart



    Clear & Reset System Restore's Cache
    Go to Start >> Run - type or copy/paste control sysdm.cpl,,4 and then press Enter
    • Tick on the checkbox - Turn off System Restore on all drives
    • Click Apply
    Turn it back 'On' by unticking the same checkbox & click Apply, and then OK


    Restart, and let me know how its performing
  10. dangerwill

    dangerwill Newcomer, in training Topic Starter

    Ok, I did all that you asked:

    Uninstalled ComboFix
    Uninstalled SUPERAntispyware
    Updated Java and made sure there were no older versions
    Ran TFC again
    Cleared/Reset System Restore Cache
    Restarted Computer

    It's running GREAT! Better than it has in a long, LONG time! Thank you!

    No redirect issues or random webpage popups.

    Super, SUPER fast

    My recording software is running great (before, I was getting pops and clicks while recording)

    Now, until I get another computer to do all of my "web work", how do you recommend I keep this protected? I still have Avira. Should I have anything else? (I was surprised you wanted me to uninstall SUPERAntispyware, for instance).

    Thanks again!

    -Will
  11. dangerwill

    dangerwill Newcomer, in training Topic Starter

    Hi Velexia,

    Sorry to hear about your computer. Perhaps someone can help you access it via an MS DOS prompt?

    -Will
     
  12. AnonymousSurfer

    AnonymousSurfer TechSpot Enthusiast Posts: 306   +8

    Hi Will,

    I'm trying a new test that i found could lead to the redirecting. Go to

    • C:\WINDOWS\system32\drivers\etc and open hosts.
    • It will then prompt you to select what to open it with, click on notepad.
    • Copy and paste everything that is inside onto the forums or upload the log.
  13. AnonymousSurfer

    AnonymousSurfer TechSpot Enthusiast Posts: 306   +8

    It's not really a log, but either copy and paste what it contains onto the forums or upload the file as .txt.
  14. dangerwill

    dangerwill Newcomer, in training Topic Starter

    AnonymousSurfer,

    Here is a txt file with the info you requested. There wasn't much in that host file.

    Now there is another file in the etc folder called "lmhosts". I am unable to open that file. It is called a "SAM file". Any idea what that is?
  15. AnonymousSurfer

    AnonymousSurfer TechSpot Enthusiast Posts: 306   +8

    Yes, you don't have to worry about that. You aren't getting any redirects via hosts.
  16. Velexia

    Velexia Newcomer, in training Posts: 34

    I managed to make a partition in the Hard Drive and install a fresh windows xp onto it. I'm currently scanning it for viruses and such, no hits yet (I did some butt kicking in the recovery console) but I hope that one of these scans picks up something...

    Something is causing this BSoD and I am bound and determined to find it ^_^

    This is the most progress I have made all week though ^_^

    Glad to hear your problem is solved =) !
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.