Suspected Hijack by Malware

[redsincebirth]

I think my PC has been hijacked by malware as I am constantly being redirected to another site when I google. I tried to follow the 8-step malware removal procedures and downloaded all the required software from the list e.g. HJT, etc. However, when I tried to install these programmes, my pc just would not respond at all. When I tried to update my AVG and Norton Anti-virus, I got an error message telling me that I was not connected to the internet (no I don't have any firewall installed) which was bizarre because my broadband was working perfectly. Could anyone provide any advice as to how to get the malware removal procedures going, please?

If I do system restore, will it get rid of the malware?

My OS is Window XP

 

[kimsland]

No System Restore does not remove Virus or Malware

Please un-install AVG (and Norton too, if you really want it fixed)

Then proceed to: UPDATED 8-step Viruses/Spyware/Malware Preliminary Removal Instructions

 

[redsincebirth]

Dear Kimsland

Thanks for your advice. My problem with UPDATED 8-step Viruses/Spyware/Malware Preliminary Removal Instructions is that I didn't have them installed before my pc was hijacked by malware. consequently, I could not install all the necessary software mentioned in the instructions. I tried to double-click the application exe files that I downloaded from TechSpot (thanks by the way) - but they wouldn't respond at all. Hence I was lost as to what to do.

After I posted my query yesterday, I had a quick browse at other people's treads - I noticed a tread which might be relevant to my case - I think it was to do with TDSSserv.sys and how to disable the virus (see topic116603)

Do you think this is the right way to proceed?

I am anxious about uninstalling my AVG and Norton because I remember they had both quarantined some .dll files from my Windows programme (which were infected by virus) in the past (i had to let them quarantined them because there was no other choice). If I were to uninstall them, I am afraid I might lose all those .dll files foreover (and lose my pc as well). Is my worry unfounded.

Thanks

 

[kimsland]

Is my worry unfounded.

Yes

Please do all of the above
By the way here's that thread (by the way thread with an H) you spoke of:
Special case where after installing MBAM and SAS they will not update or run
Read here: https://www.techspot.com/vb/topic116603.html

Once Norton is un-installed
Please then Restart
Then run the Norton Removal Tool, from h e r e
Then Restart

Actually just to be thorough.
Here's the AVG Removal Tool, once AVG is first removed from add\remove Programs menu

By the way, Techspot's user choice for Antivirus is Avira

 

[redsincebirth]

Logs from 8-steps Virus/Malware removal instructions

Dear Kimsland

thanks for your reply. I ran Devmgmt.msc and managed to disable TDSSserv.sys. I then processed your 8-steps Virus/Malware removal instructions. Here are my logs (see attached).

by the way, do I need to re-run Devmgmt.msc and enable TDSSserv.sys again.?

 

[kimsland]

-> No action taken on MBAM scan, for found issues

Download and Run Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to:
  • Update Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware
• Then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform full scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected. <========= Not Done

Please re-run Malwarebytes
Confirm updated (third tab)
Then do the above quoted message, but this time "Remove all found issues"

By the way, you will need to then restart, and run (and attach) a new HJT log

 

[redsincebirth]

new logs posted as requested

Dear Kimsland

I have rerun Mbam, restarted my pc and rerun HJT. Here are the logs. Please advise. thanks a lot.

 

[kimsland]

AVG
mcafee
Avira

All running ?

Please uninstall
AVG (T H I S may help)
mcafee

 

[redsincebirth]

I have uninstalled everything except Avira. I posted my latest HJT log. please advise next step. thanks.

 

[kimsland]

Well you have 25 Startups plus 16 other services starting
So to read the log is very difficult (for me)

Scanning through it, I did not see any Malware as such, so that's good

You may want to look at this little program for disabling known startups, that you just don't want, if it helps any I have 1 (AntiVirus) and everything works perfectly.

 

[redsincebirth]

Thanks Kimsland

I think you have "healed" my pc. I can now google smoothly. I also tried the little software you sent me - it's a little gem. I used it to disable a few programmes at startup - but there are some programmes that I don't recognise/understand but I kept them on because they are part of the Windows programme - so I assume they must be essential.

By the way, I ran the Devmgmt.msc command on my way to implementing the 8-steps instructions. This involved disabling the TDSSserv.sys file. Do I now have to re-enable it again???

Once again, thanks for your help and kindness.

I wish you a very merry Christmas.

 

[kimsland]

No it was malware

Thanks for the update :grinthumb