Trojans, Google redirect & rootkit?

Status
Not open for further replies.
E

eiffeltower

Posts: 8   +0
Hello all, I seem to have the same symptoms as many of you. Initially, I had the popups with "Warning - You have a Virus", wanting you to click on additional downloads. Most of these seemed to go away after Malware was run. However, Malware could never delete one if the "rootkit.agent" issues - in the system32\drivers file (even on reboot) and I cannot delete myself, even in cmd mode. (I could not boot in safe mode either, as I tried). I then went through the 8 step process and looks like I deleted many more viruses, but I still have the one in the drivers file, and I still redirect with Yahoo or Google. I also ran the Sophos Anti-root software, but it did not find anything. I am attaching my log files (multiple ones for Malware as I tried to keep running to get it to fix all files). I would really appreciate any help you can provide - thanks so much!
 
Try using this Temp File Cleaner:
TFC

Performing the 8-Step removal instructions had you run CCleaner, but lets see if this other cleaner finds more
 
Thanks so much for the help!! As I have read more of your reponses, I tried a few other things since I wrote last. I have done the following:
1) I ran TFC (it did find a few other things),
2) I blocked 3rd party cookies
3) I upgraded AVG
4) I eliminated Viewpoint Manager

However, at this point, I still cannot boot in safe mode, I still get redirected with Google/Yahoo (and get popups for some registry cleaner). Also, I still have a .sys file in the drivers directory which Malwarebytes wants to delete, but it cannot delete it and neither can I. My next thought after reading your responses is to run Eset - what do you recommend? Thanks again - you guys are the best!
 
"However, at this point, I still cannot boot in safe mode"...

What happens when you try getting into the Safe Mode? Stalls? Errors?
 
Hi, when my system reboots, I hit F8 and it brings up the Safe Mode selection screen. I select Safe Mode (or Safe Mode with Networking) and select Windows XP OS. Then, it looks like it is going through the process, and very quickly I can see the drivers going by....then, the blue Averatec screen that usually comes up on start appears. But then, I am bumped back to the black and white Windows screen and it says " We apologize for the inconvenience, but Windows did not start successfully. A recent hardware or software change might have caused this." I can try to select safe mode again, but the same thing happens. If I do not select, it reverts back to normal mode to begin.
 
Hi, I have my windows product keys, but unfortunately, I do not have the installation CD as XP was pre-loaded on my computer. Is there a way to repair without the installation CD?
 
Try the system file checker - go to start > run and type in sfc /scannow. Note the space between the c and the /. Most computers have a recovery section on your hard drive and hopefully the file checker will be directed to it...
 
Hi again,
I ran the scannow as you suggested, and it appeared to go through all the Windows files and then after it finished and the window was gone, I tried to reboot in safe mode and had the same issue/same message as previously. Bummer...
 
Hi again,
I ran the scannow as you suggested, and it appeared to go through all the Windows files and then after it finished and the window was gone, I tried to reboot in safe mode and had the same issue/same message as previously. Bummer...


Hi again - As I have updated a couple of programs (AVG, Adobe), eliminated Viewpoint manager, updated with scannow and run TFC since the last HJT, I am including the most recent log from there. Thanks for your help!
 

Attachments

  • hijackthis 010210.txt
    8.6 KB · Views: 2
Most definitely - YES! And still cannot boot in safe mode either (not sure if they are connected?). What is my next step?? Combofix? Eset? Thanks for the help!
 
I think the best course of action is to do the XP repair. See if you can borrow a XP install disc... Malware & the Safe Mode problem are not related. You may have some things left in the Hijackthis log that could be fixed
 
Hi - I found a friend with an XP disk, so will run the repair. After I do that, what can I do to fix the virus/redirect issues? Thanks!
 
Install all the Windows Updates and use a good free antivirus and malware program like Avast and Advanced SystemCare
 
Status
Not open for further replies.

Similar threads

midian182
Google to delete billions of Incognito mode browsing records as part of lawsuit settlement
Replies
6
Views
145
ZedRM
ZedRM
uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
793
uber_beetle
uber_beetle
Daniel Sims
Thousands of websites infected to redirect users in Google Ads view-pumping scam
Replies
5
Views
634
Feng Lengshun
F

Latest posts

Back