TechSpot

Had win32.netsky.q, now slow internet and google redirection

By Madraykin
Dec 18, 2008
  1. Hi

    I had the win32.netsky.q 'virus' on my PC, i followed some insturctions to remove it, it went along the lines or removing a "Google" folder under Applications Data folder.

    I did that, and ran CleanUp! and I have run ad-aware and AVG and it has picked up no viruses.
    However I am still getting redirected to random spyware websites when using a search engine or a Failed to Connect message when trying to view websites.

    I am using XP and Firefox at the moment. Before the only website I could view was facebook (hahaha) at least now I can view a few more, but I really need help in figuring this out.

    My internet is SO slow now. I have attatched a new HJT file
    Can anyone please offer any suggestions?

    Many thanks

    Update: I was trying to follow the 8 Steps, a. I clock 'Run' to install, and NOTHING happens. I have disabled my firewall and still nothing.

    I ran Avira and it found 3 things. Tr/Fakealert.AWE.3 which I deleted because the file was something to do with the win32.netsky.q thing, and it found Tr/Dldr.Swizzor.bo in files A0007085.eve and A0007086.exe which I quarantined....
     

    Attached Files:

  2. rf6647

    rf6647 TS Maniac Posts: 829

    Part of the description mentions 'redirection'. In case of difficulty, attempt this method (follow link for 'How To')
    • Message # 1 - Effective against other non-plug and play exploits
    • Message #3 - link to 'fixit download' has demonstrated its effectiveness in many cases. Go to message # 3 'fixit download'
     
  3. Madraykin

    Madraykin TS Rookie Topic Starter Posts: 16

    Excellent - thanks! I am now able to install malwarebytes and Superantispyware!

    I shall update with logs after scan....
    After I disabled the TDSSserve.sys I keep getting notifications that "windows/system32/tdsscfub.dll" is trying to access things and is part of harmful BDS/TDSS.KD (or something or other)
    I just keep denying access at the moment, should I be quarantine/deleting this?

    Thanks

    ok here are the new logs....

    how does it look?
     

    Attached Files:

  4. rf6647

    rf6647 TS Maniac Posts: 829

    The TDSS exploit (among other non-plug and play driver exploits) is quite the rage. The temptation is to package a method for this. However, the result would be quite lengthy and possibly confusing, since it is not possible to anticipate contributing factors.

    MBAM detection is improved, yet SAS still finds 'tdss' residue. Usually the next scan shows clean or something it cannot clean.


    Supplement to guide. Successive scans used to uncover additional infections.
    • Update both MBAM & SAS. Rerun them both.

    • This effort is complete when logs report NO infections/threats, or reporting something it can not clean.
      • Typically extra repeat scans are not needed
      .
    • Install & run ComboFix. Instructions referenced below.
      • ComboFix is a very effective tool that scans / fixes hard to clean infections. Additionally, it includes diagnostic information.
      • Uninstall old copy of ComboFix - if used previously.

    • Examine the last few lines in the log for ‘Completion time:’ ……. ‘machine was rebooted

    • Restart the computer, if first run of ComboFix did not concluded with ‘reboot’.

    • Repeat ComboFix.

    • Restart the computer

    • Scan with HJT.

    • Posts logs. Report progress & what changes are observed. Include logs that found infections.


    Supporting Informatin
     
  5. Madraykin

    Madraykin TS Rookie Topic Starter Posts: 16

    MAB and SAS found nothing

    ComboFix and HJT reports attatched....

    I dont seem to be having any probs anymore, and my pc/internet is x20 times faster so I am hopeful :)

    Thanks for taking a look..
     
  6. rf6647

    rf6647 TS Maniac Posts: 829

    Things look clean. Remember to uninstall ComboFix.

    HJT scan. Tick & Fix. Exit. Restart the computer.
    Remarks:
    www.sky.com - does not comply with Internet security standards
    O16 - no info available.

    Establish a new clean restore point and Clear your existing System Restore points:
    • New
      • Go to Start > All Programs > Accessories > System Tools > System Restore>
      • Select Create a restore point> OK.
    • Clear Old
      • go to Start > Run > cleanmgr > Select the More options tab >
      • Choose the option to clean up System Restore > OK

        • This will remove all restore points except the new one you just created.
     
  7. Madraykin

    Madraykin TS Rookie Topic Starter Posts: 16

    Thankyou very much for all your help =)
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...