1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

Followed 8 step to get rid of viruses, etc. still getting redirected to other sites

By lisaw · 14 replies
Oct 26, 2009
  1. I followed the 8 steps and I am attaching the logs for review. Please help!

    Thanks you for any advice you can offer.


    Attached Files:

  2. Ruthe

    Ruthe TS Booster Posts: 70

    Welcome. Well, it looks from the logs that you've been cleaned. You will want to kill off the tracking cookies too. Go into your browser. Find Internet Options (I forget for IE8, but should be under tools). Unless you need to keep passwords, just tell it to clear out everything.

    You may also want to update your hosts. file. Go here http://www.mvps.org/winhelp2002/
    At the top you can read "how to block unwanted parasites..." But you will definitely want to read "how to download and extract the hosts. file". Basically this will help you from being redirected to bogus sites.

    Thank you for following the 8 steps. Install the new hosts. file (there's a FAQ also). Just for grins, reboot. See what happens and let us know.
  3. lisaw

    lisaw TS Rookie Topic Starter

    No luck

    Well I wish I could say your recommendations cleared up the redirecting to other sites when searching google, yahoo, bing, etc but not luck. One thing I can mention is when it goes to get redirected, there's a logo right next to the http address that looks like a very large number 2 but with a rounder circle on the 2. That's always what is right next to the incorrect http address.

    Very frustrating! Not of my blockers are picking this up!

  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Welcome to TechSpot, Lisa. I apologize for the delay.

    You have a Backdoor.Bot, among other other malware infections. Please change all of your passwords and monitor all online financial transactions.

    If you would still like help, please rescan with HijackThis and paste the new log in new reply.
  5. lisaw

    lisaw TS Rookie Topic Starter

    Hijackthis reply

    Attached please find the log. Please advise.

    Thank you so much for your help so far!

  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Lisa, please reopen HijackThis to 'do system scan only'. Check the following if present:

    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = proto.local
    O17 - HKLM\Software\..\Telephony: DomainName = proto.local
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = proto.local
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = proto.local

    And unless you have specifically set this up to connect to Toshiba, I suggest you check for removal:
    O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart

    Close all Windows except for HijackThis. Click on "Fix Checked."

    I suggest removing this from the Trusted Zone. This zone has less security that the internet zone. Rarely if ever does anyone NEED to have a domain in the Trusted Zone:

    O15 - Trusted Zone: http://www.comcast.net<- remove
    To do that: Control Panel> Internet Options> Security tab> Trusted Zone> highlight and remove Comcast. This will not affect any contact with Comcast. It just makes Comcast subject to the same security that other internet zone are.

    A note about Toshiba: They preload an enormous number of entries on machines before they ship them out. Rarely do users use them and most don't even realize they are on strt and running in the background. I don't have time to go over them with you but suggest you look for entries in Add/Remove Programs in the Control Panel. IF there are Toshiba programs that aren't used/needed or wanted, uninstall the,.

    Download SDFix HERE and save it to your Desktop.
    • Double click SDFix.exe and it will extract the files to %systemdrive%
      (Drive that contains the Windows Directory, typically C:\SDFix)

      Boot into Safe Mode
    • Restart your computer and start pressing the F8 key on your keyboard.
    • Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.

      Run SDFix
    • Open the extracted SDFix folder and double click RunThis.bat to start the script.
    • Type Y to begin the cleanup process.
    • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
    • Press any Key and it will restart the PC.
    • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
    • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    • Attach Report.txt back here

    When you have finished, rescan with Hijackthis:
    PASTE HJT log in next reply.

    Attach SDFix report.
  7. lisaw

    lisaw TS Rookie Topic Starter

    Ok, tried the above. My computer will not start up in safe mode. At first it appears it's going to but it goes right back to the safe mode screen not allowing it to boot up in safe mode. Please advise. Thanks for all your help to date. Also getting a message every time I restart there is new hardware (mass storage) found. I can get past it by hitting cancel about looking for drivers but that's a new problem in all of this.
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    But you can get into Normal Mode? If so, do the following:

    Please download ComboFix HERE:
    • With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.
    • Please disable all security programs, such as antiviruses, antispywares, and firewalls. Also disable your internet connection.
    • Run Combo-Fix.exe and follow the prompts.
      (Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.)
    • Wait for the scan to be completed.
    • If it requires a reboot, please do it.
    • After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt)


    • 1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
      2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
      3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
      4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

    Attach report in next reply.
  9. lisaw

    lisaw TS Rookie Topic Starter

    Now I'm pretty nervous. I did what you said above and I was able to get on my computer in normal mode now it won't restart at all. I get stopped at the screen to start in Safe Mode, Normal, Previous mode, etc. nothing works. I finally got to a blue scr9DFeen that says a problem has been detected and windows has been shut down to prevent further damage to your computer. It says to check for viruses. Technical information:
    ***STOP: 0x0000007B (0xF79DF524, 0xC0000034, 0x00000000, 0x00000000)
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Lisa, did you get the message to check for viruses when you tried to download or run Combofix? It's really important to know that.

    STOP: 0x0000007B has several different causes- can you get into the computer at all- any mode?
  11. lisaw

    lisaw TS Rookie Topic Starter

    I don't remember receiving that message however all the messages I got, were the messages that were on the thread about combo fix so all seeed to go fine. I cannot get in through any mode whatsoever at this point. I am using my husbands computer to respond to you.
  12. lisaw

    lisaw TS Rookie Topic Starter

    Actually I did get that blue screen that was the autoscreen for viruses. The point that I was unable to get back on was when it went into the restart and that's when it stopped.
  13. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Lisa, if you can't get in, we can't try to fix anything! Do you have the disc for the operating system? You're going to need to reformat/reinstall.
  14. lisaw

    lisaw TS Rookie Topic Starter


    I was at least able to get on until I ran the Combofix. I was just getting redirected, now I have nothing and this is a computer I need for my work. My son has tried to reinstall XP but it ends up giving him an error message saying that no hard drive is installed. He has double checked all connections and they are ok. He said it may be something about loosing a 'partition' but knows nothing more about that. What could this Combofix have done during it's install to cause this? Please help us out here since we have no idea what to do next.
  15. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Lisa, did you actually run Combofix? I have not seen a report/ Combofix usually set a Recovery Console, but without the report, I have no idea what was done. It should not have been anything that would leave the system inaccessible though. But you might have to boot from the setup on the CD to get back in.

    Please see this Microsoft site for causes of the Stop error: http://support.microsoft.com/kb/324103
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...