Had win32.netsky.q, now slow internet and google redirection

[Madraykin]

Hi

I had the win32.netsky.q 'virus' on my PC, I followed some insturctions to remove it, it went along the lines or removing a "Google" folder under Applications Data folder.

I did that, and ran CleanUp! and I have run ad-aware and AVG and it has picked up no viruses.
However I am still getting redirected to random spyware websites when using a search engine or a Failed to Connect message when trying to view websites.

I am using XP and Firefox at the moment. Before the only website I could view was facebook (hahaha) at least now I can view a few more, but I really need help in figuring this out.

My internet is SO slow now. I have attatched a new HJT file
Can anyone please offer any suggestions?

Many thanks

Update: I was trying to follow the 8 Steps, a. I clock 'Run' to install, and NOTHING happens. I have disabled my firewall and still nothing.

I ran Avira and it found 3 things. Tr/Fakealert.AWE.3 which I deleted because the file was something to do with the win32.netsky.q thing, and it found Tr/Dldr.Swizzor.bo in files A0007085.eve and A0007086.exe which I quarantined....

 

[rf6647]

Part of the description mentions 'redirection'. In case of difficulty, attempt this method (follow link for 'How To')

• Message # 1 - Effective against other non-plug and play exploits
• Message #3 - link to 'fixit download' has demonstrated its effectiveness in many cases. Go to message # 3 'fixit download'

 

[Madraykin]

Excellent - thanks! I am now able to install malwarebytes and Superantispyware!

I shall update with logs after scan....
After I disabled the TDSSserve.sys I keep getting notifications that "windows/system32/tdsscfub.dll" is trying to access things and is part of harmful BDS/TDSS.KD (or something or other)
I just keep denying access at the moment, should I be quarantine/deleting this?

Thanks

ok here are the new logs....

how does it look?

 

[rf6647]

The TDSS exploit (among other non-plug and play driver exploits) is quite the rage. The temptation is to package a method for this. However, the result would be quite lengthy and possibly confusing, since it is not possible to anticipate contributing factors.

MBAM detection is improved, yet SAS still finds 'tdss' residue. Usually the next scan shows clean or something it cannot clean.


Supplement to guide. Successive scans used to uncover additional infections.

• Update both MBAM & SAS. Rerun them both.
  
  
• This effort is complete when logs report NO infections/threats, or reporting something it can not clean.
  • Typically extra repeat scans are not needed
  .
  
• Install & run ComboFix. Instructions referenced below.
  • ComboFix is a very effective tool that scans / fixes hard to clean infections. Additionally, it includes diagnostic information.
  • Uninstall old copy of ComboFix - if used previously.
  
  
• Examine the last few lines in the log for ‘Completion time:’ ……. ‘machine was rebooted’
  
  
• Restart the computer, if first run of ComboFix did not concluded with ‘reboot’.
  
  
• Repeat ComboFix.
  
  
• Restart the computer
  
  
• Scan with HJT.
  
  
• Posts logs. Report progress & what changes are observed. Include logs that found infections.

Supporting Informatin

Uninstall Combofix

Simplified Instructions for ComboFix + link to download
How-to-use instructions - full version

Please see this for instructions:
Temporarily Disable Real Time Monitoring Programs:

• 1 Spybot S&D (Teatimer)
• 2 Ad-Aware Ad-Watch
• 3 Spywareguard
• 4 Windows Defender
• 5 TrojanHunter Guard
• 6 Disable SpySweeper
• 7 WinPatrol
• 8 CounterSpy
• 9 AVG Anti-Spyware (formerly ewido)
• 10 Spyware Doctor
• 11 Prevx
• 12 ProcessGuard
• 13 ZoneAlarm's OS Firewall
• 14 Ad-Aware 2007 Service

 

[Madraykin]

MAB and SAS found nothing

ComboFix and HJT reports attatched....

I dont seem to be having any probs anymore, and my pc/internet is x20 times faster so I am hopeful

Thanks for taking a look..

 

[rf6647]

Things look clean. Remember to uninstall ComboFix.

HJT scan. Tick & Fix. Exit. Restart the computer.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sky.com/
O15 - Trusted Zone: *.hotmail.com
O15 - Trusted Zone: *.live.com
O15 - Trusted Zone: *.msn.com
O15 - Trusted Zone: *.passport.com
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} –

Remarks:
www.sky.com - does not comply with Internet security standards
O16 - no info available.

Establish a new clean restore point and Clear your existing System Restore points:

• New
  • Go to Start > All Programs > Accessories > System Tools > System Restore>
  • Select Create a restore point> OK.
• Clear Old
  • go to Start > Run > cleanmgr > Select the More options tab >
  • Choose the option to clean up System Restore > OK
    • 
      This will remove all restore points except the new one you just created.

 

[Madraykin]

Thankyou very much for all your help =)