TechSpot

Random redirect problem

By pktchspt
Jan 28, 2010
  1. Looks like I became a victim of the Random Redirect virus/malware/evildoer. A couple of days ago I (accidentially?) opened my laptop to the attack of the 'Internet Security 2010' trojan horse. Previously, I didn't run any virus scan software or firewall on my laptop (yeah, I liked living dangerously). After my laptop was infected, I downloaded and tried a few free virus scan/removal tools and it appears that most of the IS2010 has been removed. The only apparent problem remains is the annoying 'random redirect' behavior.

    I use IE8, Firefox, and Chrome. They all exhibit the same problem. RED HERRING WARNING: I haven't confirmed this yet, it appears to me that after I reboot the system, if I start Chrome first and use it, everything is fine in Chrome. However, if I start IE8 later, the redirect happens pretty much right away, and Chrome in turn started behaving badly as well.

    I just finished the 'UPDATED 8-step Viruses/Spyware/Malware Preliminary Removal Instructions'. Attached are the log files.

    Currently I have AVG Free and ZoneAlarm Free running.

    thanks in advance

    PK
     

    Attached Files:

  2. Tmagic650

    Tmagic650 TS Ambassador Posts: 17,244   +234

    Run Combofix:
    Combofix Instructions

    Follow the instructions carefully about disabling antivirus, firewalls and disconnecting from the Internet
     
  3. pktchspt

    pktchspt TS Rookie Topic Starter

    here is the combofix log

    Ran the combofix and here is the log.

    btw, updates on what I did before I ran combofix:

    - RED HERRING confirmed - after rebooting, I was able to reproduce the random redirect problem in Chrome without launching IE8 or Firefox first.

    - After surfing the web a bit more, i ran into some links mentioned that Hitman Pro might fix the problem. I downloaded Hitman Pro and it detected that atapi.sys is a 'rootkit' virus. Since I don't have an activation key, I just exited from Hitman Pro (which does not (or is not supposed to) correct problems without an activation key).

    - I downloaded combofix and ran it. Had some problem with installing recovery console but finally got it installed the system was rebooted. When the system came back on, Hitman Pro started running (it was configured to run on reboot). This time it didn't report any virus.

    - I ran combofix to finally get to the point where the report was generated (and attached here).

    - I tried to reproduce the 'random redirect' issue in the browers. Now I *cannot* reproduce it in IE8, firefox, or chrome after clicking about a dozen google search results in each of the browsers.

    Did the malware go hiding (that's one smart virus)? Did Hitman Pro do something (even though it said it wouldn't do anything until an activation key is provided)? Did ComboFix do something?

    very weird...

    thanks

    PK
     

    Attached Files:

  4. Tmagic650

    Tmagic650 TS Ambassador Posts: 17,244   +234

    Just keep an eye on things and let us know if you need anything more
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...