Redirect Virus has me worried

By Speedy72
Feb 6, 2010
Topic Status:
Not open for further replies.
  1. OK. I did something stupid. I was looking for a keygen for a small app that I was going to have to use one time for a test and downloaded a 100K file that promptly dissapeared when I double clicked on it. Initially nothing went wrong or showed up in a scan but I'm now being constantly redirected to other sites. I see I'm not the only one. I did a few things on my own before finding the 8 step program. I've tried to follow that closely and hopefully loaded the info correctly. After all scans I still have the redirect. I just did the updates to FF that I found in a recent thread with the same problem for adblock plus and cookie settings.

    My other concerns. I have mozy running. Can it upload to mozy? I'm on a network with an attached network drive. Can it jump systems that way?

    I've included log files for a couple days. The most current files are based on the 8 step procedure but I thought it might be helpful to see what happened over the past couple days of attempts. I haven't had much time to work on this and I'm leaving for a business trip tomorrow. fun fun. The Elan files that antisyware pulled is a programming utility I use and takes about an hour to reinstall. But I let it do it's thing anyway figuring better to have the virus gone and have to reload.

    Thanks in advance

    EDIT - I ran antisypware again, this time from safe mode. found adware again and deleted again. But redirects are still happening. I've done some more reading and see that you guys get pretty backed up and some of the fixes get pretty involved. painful. I won't be messing with any more keygens, that's for sure.

    Edit# 2. ran combo fix. when I went to install it I found cobo fix logs from about 15 months ago, the last time I did something stupid. I remember that fixing it although from reading on here for the past four hours it seems there is more that can be done beyond combo fix. log is added. It didn't work. I'm still getting redirected and am now more worried. I have a acronis image from one month ago. A lot has changed since then but I may use it before the night is out. I don't want to leave for this trip with the PC infected.

    Attached Files:

  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +34

    Got a chuckle out of this! We're [b[]always[/b] backed up here! A lot of people keep doing the same (.....) things like clicking on pop-ups, pirating programs, using file sharing! The 'fix' is only as painful as the infection!

    Resetting the Cookies and adding those 2 extensions will help prevent Tracking Cookies. I'm always glad when someone makes use of my suggestions.

    Backing up to Mozy:
    Yes, if any of the files that are backed up have gotten malware.
    ----------------------------------
    Uninstall ComboFix.exe And all Backups of the files it deleted
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
      [​IMG]

    Now reinstall Combofix and run: If you already have the recovery Console installed, it will skip that query and start the scan:
    Please download ComboFix HERE:
    • With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.

      Important! Save the renamed download to your desktop.
    • Please disable all security programs, such as antiviruses, antispywares, and firewalls. Also disable your internet connection.
    • Double click on the setup file on the desktop to run
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
    • When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
      (Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.)
    • Query- Recovery Console image
      [​IMG]
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • Click on Yes, to continue scanning for malware.
    • When finished, it will produce a log.Please include the C:\ComboFix.txt in your next reply.
    Notes:

    • 1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
      2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
      3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
      4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

    Please follow with an online scan from Eset:
    Run Eset NOD32 Online AntiVirus Scanner HERE

    Note: You will need to use Internet Explorer for this scan.
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the Active X control to install
    • Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    • Click Start
    • Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    • Click Scan
    • Wait for the scan to finish
    • Re-enable your Antivirus software.
    • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

    Attach Combofix report and Eset log in your next reply.
  3. Speedy72

    Speedy72 Newcomer, in training Topic Starter

    Too Late! I panicked and Acronised (is that a word). Had to go back one full month and then get my docs and stuff back up to date. Staying up until 3:00 am, getting a few crappy hours sleep and then jumping on a plane is not what I had in mind but I just couldn't risk any more potential private data theft or having the laptop crash on the job site.

    Sucks but all seems to be back to normal now. Now I just have to go back and implement some of the settings I read about over the past two days on the new/old system.

    For Mozy I removed the client completely for now. I'll run a couple week to make sure I didn't lose anything critical and then just delete the entire Mozy file and start from scratch.

    PC seems clean although there is some shared databases and groove folders between them.

    I do currently use eset for antivirus. Should I get their all inclusive program for maleware/spyware as well? I have never run anything consistent for those. Just done the occasional search and destroy but after this I need to take it up a step and get my Acronis incremental backups on a schedule.
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +34

    Sorry we couldn't rescue the system in time!

    About security: my preference is stand alone programs rather than a security 'suite. There are pluses for either. No matter which way you go, you need the basic layers as mentioned.

    I also use Nod32 as my antivirus program. But in addition, I have both a software firewall (Windows) and a hardware firewall (router). I also have Spywareblaster which I recommend for everyone and Spybot Search & Destroy. Frequent maintenance is a must and the only processes I have on startup are the AV, touchpad for laptop and network process for Network Magic Nothing else!

    Here are some recommendations for you. There are all free: (I recommend the ones in red no matter what else you have)

    Use a good, bi-directional firewall
    ( use only one software firewall, add router for hardware firewall:)
    Use reliable and trusted anti-spyware/malware programs
    Each of the links below will help you set up the program and each has a download link:Use two or more:
    Consider these programs for Extra Security
    • IE/Spyad
    • This places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
    • MVPS Hosts files This replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
    • Google Toolbar Get the free google toolbar to help stop pop up windows.

    If there is any doubt about malware concern in the folders you removed, do a right click on them and have the AV program scan.

    Let me know if you need further help.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.