TechSpot

Redirecting problem 8-steps completed

Solved
By scheng07
Jun 13, 2010
  1. Broni

    Broni Malware Annihilator Posts: 47,975   +271

  2. scheng07

    scheng07 TS Rookie Topic Starter Posts: 44

    Its started redirecting again on google chrome and firefox -.-;;
     
  3. Broni

    Broni Malware Annihilator Posts: 47,975   +271

    Delete your remover.exe file. Get new one...

    Download Bootkit Remover to your Desktop.

    • You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/
    • After extracing remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator.
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.

    =================================================================

    Also...

    Please download SystemScan and save it to your desktop.

    • Be aware that the file name will be randomly generated (i.e. sys95769.exe) to deceive malware which may attempt to disabled it.
    • If any installed security tools (anti-virus) detects the file as malware or suspicious while downloading or attempting to run, ignore the alert and allow the download.
    • Double-click on sys*****.exe to start the tool.
    • A read before proceeding disclaimer will appear.
    • Uncheck <- Unflag the checkbox to disable updates! next to the version number at the top.
    • After reading, check the box I have read and agree. Please let me...proceed!, then click the Proceed button.
    • When SystemScan opens, click the "Unselect all" button.
    • Important: Under "Make your choice and than click...", check the boxes next to:
      • PC accounts
    • Everything else should be unchecked.
    • Click "Scan Now".
    • Another warning box will appear. Please follow the instructions and click OK.
    • Please be patient while the scan is in progress.
    • Systemscan will scan your computer and create a folder named Suspectfile on the Desktop to save its report.
    • When the scan is complete, Notepad will automatically open a log file named report.txt with the results.
    • Copy and paste the contents of report.txt in your next reply.
     
  4. scheng07

    scheng07 TS Rookie Topic Starter Posts: 44

    here is the report log

    SystemScan - www.suspectfile.com - ver. 3.6.7 (code: holifay & bReAkdOWn)

    Running on: Windows VISTA , Service Pack 2 (6002.6.0)
    System directory: C:\Windows
    SystemScan file: C:\Users\Sylvia\Desktop\sys43457.exe
    Running in: User mode
    Date: 7/19/2010
    Time: 6:40:50 PM

    Output limited to:
    -PC accounts

    ===================== ACCOUNTS ON THIS PC =====================


    Users on this computer:
    Is Admin? | Username
    ------------------
    Yes | Administrator (Disabled)
    | Guest (Disabled)
    Yes | Sylvia
    | __vmware_user__

    ### users folders


    ### startup files in users folders


    ==========================================
    Scan completed in 0 minutes
    End of report


    ~~~~~~~~~~~~~~~~~~~~~-----CREDITS-----~~~~~~~~~~~~~~~~~~~~~
    SystemScan uses some freeware tools that remain property of their authors:

    * SteelWerX Registry Console Tool, Who Am I (Bobby Flekman: www.xs4all.nl/~fstaal01) --> "Registry scan", "PC accounts "
    * dumphive (Markus Stephany)--> "Registry scan"
    * Listdlls (M.Russinovich, B.Cogswell: www.sysinternals.com) --> "Loaded modules"
    * Catchme & MBR Rootkit detector (gmer: www.gmer.net) --> "Hidden objects", "Alternate Data Streams" & "Master Boot Record"
    ---> NOTE: SystemScan integrates "The Avenger" from Swandog46 (http://swandog46.geekstogo.com) to allow you to remove malwares found in this log

    Thanks to all of them for their hard work
     
  5. Broni

    Broni Malware Annihilator Posts: 47,975   +271

    ...and Bootkit Remover log?
     
  6. scheng07

    scheng07 TS Rookie Topic Starter Posts: 44

    sorry forgot to attach it.

    Here it is:

    Bootkit Remover version 1.0.0.1
    (c) 2009 eSage Lab
    www.esagelab.com

    \\.\C: -> \\.\PhysicalDrive0
    MD5: 0ec6b2481fc707d1e901dc2a875f2826
    \\.\D: -> \\.\PhysicalDrive0

    Size Device Name MBR Status
    --------------------------------------------
    232 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


    Press any key to quit...
     
  7. Broni

    Broni Malware Annihilator Posts: 47,975   +271

    Your router may be infected.
    We need to hard reset it.
    Turn the computer off.

    On your router, you'll find a pinhole marked "Reset".
    Keep pushing the hole, using a pencil, or a paperclip until all lights briefly come off and on.
    Restart computer and check for redirections
     
  8. scheng07

    scheng07 TS Rookie Topic Starter Posts: 44

    seems to be working :D
     
  9. Broni

    Broni Malware Annihilator Posts: 47,975   +271

    Great :)

    Please, redo...

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point.

    Turn off System Restore:

    - Windows XP:
    1. Click Start.
    2. Right-click the My Computer icon, and then click Properties.
    3. Click the System Restore tab.
    4. Check "Turn off System Restore".
    5. Click Apply.
    6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
    7. Click OK.
    - Windows Vista and 7:
    1. Click Start.
    2. Right-click the Computer icon, and then click Properties.
    3. Click on System Protection under the Tasks column on the left side
    4. Click on Continue on the "User Account Control" window that pops up
    5. Under the System Protection tab, find Available Disks
    6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C:")
    7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
    8. Click OK

    2. Restart computer.

    3. Turn System Restore on.
     
  10. scheng07

    scheng07 TS Rookie Topic Starter Posts: 44

    done! hopefully everything is solved! :D
    THANK YOU!
     
  11. Broni

    Broni Malware Annihilator Posts: 47,975   +271

    Cool [​IMG]
    Good luck and stay safe :)
     
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.