Followed 8 step to get rid of viruses, etc. still getting redirected to other sites
- Thread starter lisaw
- Start date
- Status
Welcome. Well, it looks from the logs that you've been cleaned. You will want to kill off the tracking cookies too. Go into your browser. Find Internet Options (I forget for IE8, but should be under tools). Unless you need to keep passwords, just tell it to clear out everything.
You may also want to update your hosts. file. Go here http://www.mvps.org/winhelp2002/
At the top you can read "how to block unwanted parasites..." But you will definitely want to read "how to download and extract the hosts. file". Basically this will help you from being redirected to bogus sites.
Thank you for following the 8 steps. Install the new hosts. file (there's a FAQ also). Just for grins, reboot. See what happens and let us know.
You may also want to update your hosts. file. Go here http://www.mvps.org/winhelp2002/
At the top you can read "how to block unwanted parasites..." But you will definitely want to read "how to download and extract the hosts. file". Basically this will help you from being redirected to bogus sites.
Thank you for following the 8 steps. Install the new hosts. file (there's a FAQ also). Just for grins, reboot. See what happens and let us know.
No luck
Well I wish I could say your recommendations cleared up the redirecting to other sites when searching google, yahoo, bing, etc but not luck. One thing I can mention is when it goes to get redirected, there's a logo right next to the http address that looks like a very large number 2 but with a rounder circle on the 2. That's always what is right next to the incorrect http address.
Very frustrating! Not of my blockers are picking this up!
Lisa
Well I wish I could say your recommendations cleared up the redirecting to other sites when searching google, yahoo, bing, etc but not luck. One thing I can mention is when it goes to get redirected, there's a logo right next to the http address that looks like a very large number 2 but with a rounder circle on the 2. That's always what is right next to the incorrect http address.
Very frustrating! Not of my blockers are picking this up!
Lisa
Bobbye
Posts: 16,313 +36
Welcome to TechSpot, Lisa. I apologize for the delay.
You have a Backdoor.Bot, among other other malware infections. Please change all of your passwords and monitor all online financial transactions.
If you would still like help, please rescan with HijackThis and paste the new log in new reply.
You have a Backdoor.Bot, among other other malware infections. Please change all of your passwords and monitor all online financial transactions.
If you would still like help, please rescan with HijackThis and paste the new log in new reply.
Bobbye
Posts: 16,313 +36
Lisa, please reopen HijackThis to 'do system scan only'. Check the following if present:
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = proto.local
O17 - HKLM\Software\..\Telephony: DomainName = proto.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = proto.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = proto.local
And unless you have specifically set this up to connect to Toshiba, I suggest you check for removal:
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
Close all Windows except for HijackThis. Click on "Fix Checked."
I suggest removing this from the Trusted Zone. This zone has less security that the internet zone. Rarely if ever does anyone NEED to have a domain in the Trusted Zone:
O15 - Trusted Zone: http://www.comcast.net<- remove
To do that: Control Panel> Internet Options> Security tab> Trusted Zone> highlight and remove Comcast. This will not affect any contact with Comcast. It just makes Comcast subject to the same security that other internet zone are.
A note about Toshiba: They preload an enormous number of entries on machines before they ship them out. Rarely do users use them and most don't even realize they are on strt and running in the background. I don't have time to go over them with you but suggest you look for entries in Add/Remove Programs in the Control Panel. IF there are Toshiba programs that aren't used/needed or wanted, uninstall the,.
Download SDFix HERE and save it to your Desktop.
When you have finished, rescan with Hijackthis:
PASTE HJT log in next reply.
Attach SDFix report.
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = proto.local
O17 - HKLM\Software\..\Telephony: DomainName = proto.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = proto.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = proto.local
And unless you have specifically set this up to connect to Toshiba, I suggest you check for removal:
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
Close all Windows except for HijackThis. Click on "Fix Checked."
I suggest removing this from the Trusted Zone. This zone has less security that the internet zone. Rarely if ever does anyone NEED to have a domain in the Trusted Zone:
O15 - Trusted Zone: http://www.comcast.net<- remove
To do that: Control Panel> Internet Options> Security tab> Trusted Zone> highlight and remove Comcast. This will not affect any contact with Comcast. It just makes Comcast subject to the same security that other internet zone are.
A note about Toshiba: They preload an enormous number of entries on machines before they ship them out. Rarely do users use them and most don't even realize they are on strt and running in the background. I don't have time to go over them with you but suggest you look for entries in Add/Remove Programs in the Control Panel. IF there are Toshiba programs that aren't used/needed or wanted, uninstall the,.
Download SDFix HERE and save it to your Desktop.
- Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
Boot into Safe Mode - Restart your computer and start pressing the F8 key on your keyboard.
- Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.
Run SDFix - Open the extracted SDFix folder and double click RunThis.bat to start the script.
- Type Y to begin the cleanup process.
- It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
- Press any Key and it will restart the PC.
- When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
- Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
- Attach Report.txt back here
When you have finished, rescan with Hijackthis:
PASTE HJT log in next reply.
Attach SDFix report.
Ok, tried the above. My computer will not start up in safe mode. At first it appears it's going to but it goes right back to the safe mode screen not allowing it to boot up in safe mode. Please advise. Thanks for all your help to date. Also getting a message every time I restart there is new hardware (mass storage) found. I can get past it by hitting cancel about looking for drivers but that's a new problem in all of this.
Bobbye
Posts: 16,313 +36
But you can get into Normal Mode? If so, do the following:
Please download ComboFix HERE:
Notes:
Attach report in next reply.
Please download ComboFix HERE:
- With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.
- Please disable all security programs, such as antiviruses, antispywares, and firewalls. Also disable your internet connection.
- Run Combo-Fix.exe and follow the prompts.
(Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.) - Wait for the scan to be completed.
- If it requires a reboot, please do it.
Notes:
1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Attach report in next reply.
Now I'm pretty nervous. I did what you said above and I was able to get on my computer in normal mode now it won't restart at all. I get stopped at the screen to start in Safe Mode, Normal, Previous mode, etc. nothing works. I finally got to a blue scr9DFeen that says a problem has been detected and windows has been shut down to prevent further damage to your computer. It says to check for viruses. Technical information:
***STOP: 0x0000007B (0xF79DF524, 0xC0000034, 0x00000000, 0x00000000)
***STOP: 0x0000007B (0xF79DF524, 0xC0000034, 0x00000000, 0x00000000)
Bobbye,
I was at least able to get on until I ran the Combofix. I was just getting redirected, now I have nothing and this is a computer I need for my work. My son has tried to reinstall XP but it ends up giving him an error message saying that no hard drive is installed. He has double checked all connections and they are ok. He said it may be something about loosing a 'partition' but knows nothing more about that. What could this Combofix have done during it's install to cause this? Please help us out here since we have no idea what to do next.
I was at least able to get on until I ran the Combofix. I was just getting redirected, now I have nothing and this is a computer I need for my work. My son has tried to reinstall XP but it ends up giving him an error message saying that no hard drive is installed. He has double checked all connections and they are ok. He said it may be something about loosing a 'partition' but knows nothing more about that. What could this Combofix have done during it's install to cause this? Please help us out here since we have no idea what to do next.
Bobbye
Posts: 16,313 +36
Lisa, did you actually run Combofix? I have not seen a report/ Combofix usually set a Recovery Console, but without the report, I have no idea what was done. It should not have been anything that would leave the system inaccessible though. But you might have to boot from the setup on the CD to get back in.
Please see this Microsoft site for causes of the Stop error: http://support.microsoft.com/kb/324103
Please see this Microsoft site for causes of the Stop error: http://support.microsoft.com/kb/324103
- Status
Similar threads
Latest posts
-
Tesla is laying off 10% of global workforce amid declining sales and production cuts- captaincranky replied
-
Samsung's 2024 TV lineup receives a new 98-inch model for $3,999- Squid Surprise replied
-
How to play PS1 Doom on PC (and why you might want to)- Daniel Sims replied
-
Boston Dynamics unveils impressive all-electric Atlas robot- RudyBob replied
