Google Redirects, Unable to Boot into Safe Mode, boot.ini problem

Status
Not open for further replies.
D

dangerwill

Posts: 8   +0
Hi,

Like so many others, I'm glad I found this site. You guys seem to really know how to handle this stuff.

My problems started when I acquired one of those "anti-virus" scam viruses. It hijacked my desktop background, putting an imaged that said "your computer is infected", etc... Popups kept jumping out....saying to buy a certain program to get rid of all this. I investigated it and found the malaware program...which got rid of all of that.

However, I still have a lot of critters in my computer that I CAN'T get rid of.

Like many other recent posts, my search engines have been hijacked. I can do a search and even see the results. When I click on one, though, I get redirected to random sites.

Or times when I am able to get to the site I want, additional windows open up with surveys and others sites on them.

I became really concerned when, one morning I woke up early and checked my email on my cell phone -- I had just received an email from MYSELF! Something had emailed random people from my Yahoo account with a link to some website! (my gmail address was in my yahoo address book...so it emailed me along with everyone else)

I immediately emailed everyone in my address book...telling them my computer had been jacked...and to not open the previous email. I then used my phone to get online and change all my passwords.

Originally, I had AVG free. Then I was using AVG Premium (on a trial run). I tried to get into Safe Mode so I cound run it, but I have a problem with my boot.ini file. I cannot get into Safe Mode by pressing F8 during startup.

I was able to get into diagnostic mode by going into "Run" -- "msconfig". However, AVG was not active in this mode, and I never figured out how to use it there.

I found your site and went through the 8-Step process for removing malware and viruses. Based on a recommendation from a post on this site, I replaced AVG with Avira Free.

I also tried to go back into diagnostic mode so I could run Avira, but now I cannot access msconfig! Something changed when I went from AVG to Avira.

So the main problems (that I know of) are the search engine redirects and the inability to get into safe mode.

I have attached the 3 log files you requested in your 8-step process, as well as the Avira log file.

I built this computer for music production and would really like to save it. If you guys help me fix this, I'll get another computer for my internet stuff...and keep this one offline!

Thanks,

-Will
 
You still have AVG7 installed

Please run the AVG Remover Tool: http://www.avg.com/filedir/util/support/avgremover_en.exe
Then Restart

Also your Malwarebytes definitions are a day old (possibly two)
Update it to the current version and run another quick scan

Did you run CCleaner? Because SUPERAntispyware reports many temp files
Also run TFC from here: http://oldtimer.geekstogo.com/TFC.exe

I'd also recommend IE Reset Tool:

Or manually from here https://www.techspot.com/vb/post682762-2.html
Then restart Internet Explorer
 
Thanks for the quick response

Hi,

Thank you for replying so quickly. I had run the AVG uninstall program previously, so it's odd it is still on there. Perhaps it's another, older version.

After posting, I used my Windows XP cd rom to try and rebuild my boot.ini file.

When I tried "bootcfg /rebuild"

It said "error: Failed to successfully scan disks for Windows installations. This error may be caused by a corrupt file system, which would prevent Bootcfg from successfully scanning. Use chkdsk to detect any disk errors. This operation must complete successfully in order for the /add or /rebuild commands to be utilized.


I then ran chkdsk:

It said "the volume appears to have one or more unrecoverable problems"

I'm guessing I have some registry issues?

Strangely enough, after this bad news I rebooted my computer and was able to access msconfig! I rebooted again in diagnostic
mode. *Now I am re-scanning my computer with Avira while in diagnostic mode.

When this finishes, I will go back and do all the things you asked me to do.

Thanks again!

-Will
 
kimsland said:
You still have AVG7 installed

Please run the AVG Remover Tool: http://www.avg.com/filedir/util/support/avgremover_en.exe
Then Restart

Also your Malwarebytes definitions are a day old (possibly two)
Update it to the current version and run another quick scan

Did you run CCleaner? Because SUPERAntispyware reports many temp files
Also run TFC from here: http://oldtimer.geekstogo.com/TFC.exe

I'd also recommend IE Reset Tool:

Or manually from here https://www.techspot.com/vb/post682762-2.html
Then restart Internet Explorer
Click to expand...

I could not find AVG7 installed anywhere on my machine. I searched for it, looked through all my installed programs, etc... However, I did run the AVG uninstall app again just in case.

Yes, I did run CCleaner twice previously (as directed in the 8 step plan). I ran it again just now.

I also updated Malaware as you suggested and ran it again. It found nothing this time.

I followed your links and ran both TFC and Microsoft Fix It.

I tried searching again and at first the problem went away. After a few searches, however, the problem returned.

I previously had Google Chrome and Mozilla Firefox on my machine. When this problem started I uninstalled both of those as a troubleshooting gesture.

Interestingly, I seem to have no problems searching with Bing, Microsoft's new venture. I searched several times. When I go to google, live or yahoo, though...I get redirects like crazy!

When I am getting a redirect...it's really weird...I see numerous web addresses loading...almost like it's a "webpage slot machine". Then it "lands" on a certain random address and the browser goes there.

Could this be the reason why you saw many temp files even after I ran CCleaner?

One good thing is I can once again access msconfig. I ran Avira in diagnostic mode...but it didn't find anything.

I have attached my new malaware log.

Thanks for any more input.

-Will
 
Kimsland,

I couldn't find AVG 7 anywhere on my computer, but I still ran the uninstall program again like you suggested.

I also updated malwarebytes and ran it again. It didn't find anything. I will post the new log.

I did run CCleaner previously (twice as directed in the 8 steps). I ran it again today.

I also ran TFC and Microsoft Fix It as you suggested.

When I first began to perform interenet searches, the problem seemed to be resolved. After a few searches, though, it returned.

I want to add that I used to have Google Chrome and Firefox on this machine as well. When this problem began, I removed them as a troubleshooting gesture.

Interestingly, I have no issues when I search with Bing. None! I get redirects with google, live, and yahoo, but not Bing. Weird, eh?

I appreciate any help anyone has to offer. Attached is my new Malwarebytes log.

Thanks,

-Will
 
Combofix:
  • Download Combofix to your desktop.
  • Disable your Antivirus (as Combofix will remove any found malwares)
  • Double click ComboFix & follow the prompts.
  • A window will open with a warning.
  • When the scan completes it will open a text window. Please attach that log back here
Also restart and provide a fresh HJT Scan log After you restart
 
Wow, Combofix is a powerful program!

It installed Windows System Restore for me (after detecting that I was missing it).

It found a rootkit and killed it for me.

After rebooting I was able to go into safe mode!

I did an Avira scan as well as an HJT scan while in safe mode.
The Avira scan did find one more threat.

My logs are attached.

I have now been able to search with Google with no redirect issues! Thank you!

Do you notice any other issues that need attention?
 
Looks like you caught the same internet bug I did. Be careful! I recommend restarting your computer as little as possible (I am not able to access mine anymore after a restart suggested by Avast).

Reading further, it seems you're in the clear actually... I only wish I could follow the same steps ^_^
 
Un-install Combofix
  • Click START then RUN
  • Now type Combofix /uninstall in the runbox and click OK
  • Any popup errors about Antivirus just ok or close
Note: 1 space after ComboFix in that uninstall command



Uninstall SUPERAntispyware
Start > Control Panel > Add/Remove Programs > SUPERAntispyware > Uninstall



Update Java and remove older Java versions
Run JavaRa
This will remove all your old Java stuff (that is not required)
It will also help you check for new Java updates Runtime updates
Or just go here and auto check: http://java.com/en/download/installed.jsp?detect=jre&try=1



Download and run TFC http://oldtimer.geekstogo.com/TFC.exe
Your computer may need to Restart



Clear & Reset System Restore's Cache
Go to Start >> Run - type or copy/paste control sysdm.cpl,,4 and then press Enter
  • Tick on the checkbox - Turn off System Restore on all drives
  • Click Apply
Turn it back 'On' by unticking the same checkbox & click Apply, and then OK


Restart, and let me know how its performing
 
Ok, I did all that you asked:

Uninstalled ComboFix
Uninstalled SUPERAntispyware
Updated Java and made sure there were no older versions
Ran TFC again
Cleared/Reset System Restore Cache
Restarted Computer

It's running GREAT! Better than it has in a long, LONG time! Thank you!

No redirect issues or random webpage popups.

Super, SUPER fast

My recording software is running great (before, I was getting pops and clicks while recording)

Now, until I get another computer to do all of my "web work", how do you recommend I keep this protected? I still have Avira. Should I have anything else? (I was surprised you wanted me to uninstall SUPERAntispyware, for instance).

Thanks again!

-Will
 
Velexia said:
Looks like you caught the same internet bug I did. Be careful! I recommend restarting your computer as little as possible (I am not able to access mine anymore after a restart suggested by Avast).

Reading further, it seems you're in the clear actually... I only wish I could follow the same steps ^_^
Click to expand...

Hi Velexia,

Sorry to hear about your computer. Perhaps someone can help you access it via an MS DOS prompt?

-Will
 
Hi Will,

I'm trying a new test that i found could lead to the redirecting. Go to

  • C:\WINDOWS\system32\drivers\etc and open hosts.
  • It will then prompt you to select what to open it with, click on notepad.
  • Copy and paste everything that is inside onto the forums or upload the log.
 
AnonymousSurfer,

Here is a txt file with the info you requested. There wasn't much in that host file.

Now there is another file in the etc folder called "lmhosts". I am unable to open that file. It is called a "SAM file". Any idea what that is?
 
dangerwill said:
Hi Velexia,

Sorry to hear about your computer. Perhaps someone can help you access it via an MS DOS prompt?

-Will
Click to expand...

I managed to make a partition in the Hard Drive and install a fresh windows xp onto it. I'm currently scanning it for viruses and such, no hits yet (I did some butt kicking in the recovery console) but I hope that one of these scans picks up something...

Something is causing this BSoD and I am bound and determined to find it ^_^

This is the most progress I have made all week though ^_^

Glad to hear your problem is solved =) !
 
Status
Not open for further replies.

Similar threads

E
I have been taken over by a software called Astanda using XML to Log everything and roaming to an SQL server.
Replies
0
Views
475
eriksnyman1
E
midian182
Google to delete billions of Incognito mode browsing records as part of lawsuit settlement
Replies
6
Views
145
ZedRM
ZedRM
learninmypc
S Mode Again??
Replies
1
Views
453
learninmypc
learninmypc

Latest posts

Back