TechSpot

[Solved] Search links were redirected to random sites

By vostro1310
Feb 4, 2010
Topic Status:
Not open for further replies.
  1. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    vostro, please delete the Combofix exe file on your desktop. Then run Combofix again. I'll check it and then, again, probably suggest you seek help on our hardware forum.
  2. vostro1310

    vostro1310 Newcomer, in training Topic Starter Posts: 19

    I have two observations,

    1. A BSOD happened and it indicated an error in iaStor.sys. The blue screen showed
    Driver_IRQL_NOT_LESS_OR_EQUAL
    Stop 0x000000D1 (0x00000014, 0x000000FF, 0x00000000, 0xA3876034)
    hiber_iaStor.sys Adress A3876034 base at A37b2000 ateStamp 4696b24a

    2. Delete the ComboFix on desktop and download it again from the bleepingcomputer.com, and ran it again. It found a rootkit and shutdown the system twice and restart it. The log file is attached.

    Thanks.

    Attached Files:

  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    vostrol, after extensive searching, it appears that this is a "Dell Problem." I have copied the fix and edited it to make it easier for you to follow. It seems that many users were complaining of the problem and this fix was issued. Please note: I have not use this. the steps seem reasonable, but be careful:

    Dell Dimension E510, iastor.sys, Windows XP blue screen error, stop code 0×000000D1
    How to resolve a Stop 0×000000D1 Error Message in IASTOR.SYS in the Microsoft® Windows® XP Operating System? Here is the Dell provided Fix

    The referenced site can be found HERE

    The Edits are all mine. The contents are from the site.
  4. vostro1310

    vostro1310 Newcomer, in training Topic Starter Posts: 19

    First, the search result links is working fine now. No random Ad site is showing up. The iastor.sys reoved by ComboFix seemed to fix the problem. Thanks a lot for guide me through.

    The second, I followed the instruction and ran the R130119.exe but failed. It said it did not meet the system requirement. After reading through the support forum on Dell web site, the R130119 is for a Dimension desktop, not for my laptop. I found R179638.exe for my model, but it did not have a setup.exe. There are only cat and inf files in the unzipped folder, including
    iaahci.cat
    iaachi.inf
    iastor.cat
    iastor.inf
    iastor.sys
    txtsetup.oem
    license.txt
    readme.txt
    Version.txt

    The installation instruction in the readme is confusing and I could not understand. Could I just to the device manager and click update driver from the IDE ATA/ATPI controllers? Thanks.
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Go ahead and try going through the Device Manager. Let me know if it resolves the problem.
  6. vostro1310

    vostro1310 Newcomer, in training Topic Starter Posts: 19

    Try to update the driver directly from the Device Manager but it said the one downloaded from Dell is older than the current. However, after ComboFix removed the infected driver, system has not crashed since. I guess the crash might be caused by the infected driver. I appreciate all your help on fixing my problems. It is wonderful to ahve everything back to normal. Thanks.
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    vostro, since the redirect problem has been resolved, I'd like to have you remove the cleaning tools and old restore points, then close this thread. If the BSOD problem begins again, please start a thread in the BSOD Forum. I think there is a better change of blue screen help there:

    Uninstall ComboFix and all Backups of the files it deleted
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
      [​IMG]
    Remove all of the tools we used and the files and folders they created
    • DownloadOTCleanIt by OldTimer
    • Save it to your Desktop.
    • Double click OTCleanIt.exe.
    • Click the CleanUp! button.
    • If you are prompted to Reboot during the cleanup, select Yes.
    The tool will delete itself once it finishes. If you are prompted to Reboot during the cleanup, select Yes.

    Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

    You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
    • Go to Start > All Programs > Accessories > System Tools
    • Click "System Restore".
    • Choose "Create a Restore Point" on the first screen then click "Next".
    • Give the Restore Point a name> click "Create".
    • Go back and follow the path to > System Tools.
      [*]Click "OK" to select the partition or drive you want.
      [*]Click the "More Options" Tab.
      [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.


    More details and screenshots for Disk Cleanup in Windows Vista can be found here.

    If I can be of more help with malware, please let me know.
  8. vostro1310

    vostro1310 Newcomer, in training Topic Starter Posts: 19

    Done. CF and OTC were all removed and a Restore Point was created. Thanks again for all the help.
  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    You're welcome. I'll close the thread now since the problem has been resolved.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.