TechSpot

I Have the Browswer Redirect Problem

Solved
By heavystrato
Aug 15, 2010
Topic Status:
Not open for further replies.
  1. heavystrato

    heavystrato TS Rookie Topic Starter Posts: 56

    ah crap, it didnt work :(
    i just found my windos computer. What to do ?
  2. Broni

    Broni Malware Annihilator Posts: 46,728   +254

    Do you mean Windows CD?
  3. heavystrato

    heavystrato TS Rookie Topic Starter Posts: 56

    yea sorry that is what i meant
  4. Broni

    Broni Malware Annihilator Posts: 46,728   +254

    OK, here is the situation...
    Your computer is seriously infected, including two crucial Windows files.
    In that situation, normally I suggest reinstalling Windows, but we'll give it a couple of shots before we go there.
    We tried to replaced those infected files, but it didn't work.

    We'll need to perform Windows repair, as described here: http://www.geekstogo.com/forum/topic/138-how-to-repair-windows-xp/
  5. heavystrato

    heavystrato TS Rookie Topic Starter Posts: 56

    Ok , Thanks again for your help, Broni Im gonna do this right away cuz i depen on this computer...
  6. heavystrato

    heavystrato TS Rookie Topic Starter Posts: 56

    Broni One thing, It looks like im able to reboot in safemode... should i still go ahead with the Windows repair setps. or should we just continiu from here ( safe mode)?
  7. Broni

    Broni Malware Annihilator Posts: 46,728   +254

    OOOOK....see, if you can run system restore from safe mode.
    As far back, as you can.
  8. heavystrato

    heavystrato TS Rookie Topic Starter Posts: 56

    well i was able to accest system restore and i went as 3 days ago. The computere rebooted and it still gives me the same error, Shold i go ahead wih the windws repair steps?
  9. Broni

    Broni Malware Annihilator Posts: 46,728   +254

    I think, this will be the best option.
  10. heavystrato

    heavystrato TS Rookie Topic Starter Posts: 56

    ok doing it as we speak.
  11. Broni

    Broni Malware Annihilator Posts: 46,728   +254

    Good luck :)
     
  12. heavystrato

    heavystrato TS Rookie Topic Starter Posts: 56

    now I have a question,
    The blue screen that im presented at first is a bit differetn to what i see on that link

    Instead of the Wellcome set up i get aList of the diferent partitions of my computer..
    So i select the first one wich is the one where My curent installation is, then i hit enter and the next blue screen gives me the following options
    FORMAT THE PARTISION USING THE NFT FILE SYSTEM (QUICK)
    FORMAT THE PARTISION USING THE NFT FILE SYSTEM
    LEAVE THE CURENT FILE SYSTEM INTACT.

    What should i do , Last thing i wann do is delet all my files in the computer.
  13. Broni

    Broni Malware Annihilator Posts: 46,728   +254

    Leave the curent file system intact.
  14. heavystrato

    heavystrato TS Rookie Topic Starter Posts: 56

    alrite, Now it gives m the folowing bue screen
    All the Files subfolders useraccounts , aplications security and desktom setting for that window istallation wil be deleted. The MY DOCUMENT lder my also be deleted
    To use the Flder nd delet the existing windows installation in it press L
    To use and differtn Folder Pres ESC
    To quit Pres F3

    What shoud i do
  15. Broni

    Broni Malware Annihilator Posts: 46,728   +254

  16. heavystrato

    heavystrato TS Rookie Topic Starter Posts: 56

    As soon as The computter boots fromt the cd I get the Blue screen That says Windows XP professional Setp up but im not presented with any of the 3 options instead i get a list of the Partions
    C: partition 1 NFTS
    A few UKNOWN DISKS
    D:partiton

    To Set up windows Xp on the selected Partition Press Enter
  17. Broni

    Broni Malware Annihilator Posts: 46,728   +254

    When the computer boots from the CD, do you see files loading for a while, at the bottom of the screen?

    Is it full version of Windows XP CD?
  18. heavystrato

    heavystrato TS Rookie Topic Starter Posts: 56

    yea, it starts loading for a while, i can see a bunch suff being loaded at the bottom of the Screen.
    Im really not sure if is the full version on that Cd,
  19. Broni

    Broni Malware Annihilator Posts: 46,728   +254

    What is the exact name of that CD? I need all details.
  20. heavystrato

    heavystrato TS Rookie Topic Starter Posts: 56

    Ok I Think Im Lucky , I acces a diferetn Restore point from The safe mode and it has loaded without any problem. wooo
  21. heavystrato

    heavystrato TS Rookie Topic Starter Posts: 56

    THe cd is came as a burn copy and it says WIndowsXpMC but it looks like it only comes with a set up option but not with the repair option. Im just glad i was able to reboot from the Safe mode.
  22. Broni

    Broni Malware Annihilator Posts: 46,728   +254

    Yoohooo!!!
    Let me gather my thoughts...
  23. heavystrato

    heavystrato TS Rookie Topic Starter Posts: 56

    Hehe Ok , thanks Broni!
  24. Broni

    Broni Malware Annihilator Posts: 46,728   +254

    WIndowsXpMC - looks like Media Center Edition

    OK, we have to rescan everything again.....

    STEP 1. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/mbam.php to your desktop.
    (Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform Quick Scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt


    STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
    Alternative downloads:
    - http://majorgeeks.com/GMER_d5198.html
    - http://www.softpedia.com/get/Interne...ers/GMER.shtml
    Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
    Do NOT use the computer while GMER is running!
    When scan is completed, click Save button, and save the results as gmer.log
    Warning ! Please, do not select the "Show all" checkbox during the scan.
    Post the log to your next reply.

    IMPORTANT! If for some reason GMER refuses to run, try again.
    If it still fails, try to UN-check "Devices" in right pane.
    If still no joy, try to run it from Safe Mode.


    STEP 3. Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.



    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  25. heavystrato

    heavystrato TS Rookie Topic Starter Posts: 56

    alrite all done, MBAM fund someting again. Also i got that Explorer Error once again.
    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4438

    Windows 5.1.2600 Service Pack 2
    Internet Explorer 7.0.5730.13

    8/17/2010 12:46:53 AM
    mbam-log-2010-08-17 (00-46-53).txt

    Scan type: Quick scan
    Objects scanned: 141097
    Time elapsed: 6 minute(s), 6 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\WINDOWS\system32\winlogon(2).exe (Trojan.Agent) -> Quarantined and deleted successfully.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.