Help - Redirect bug

By bmongold · 11 replies
Apr 14, 2009
  1. Symptoms:
    - redirects links that I click on at google, yahoo, or any random site (IE6, IE7, and foxfire)
    - redirects to other search engines, ads for insurance, antispyware, etc.
    - blocks websites, and mcafee does not seem to be able to update itself
    - no icons appear in notification area during bootup (including mcafee)
    - I can open mcafee through the start menu - antivirus and firewall says it is on.

    My system:
    dell dimension 4600, Win XP Pro SP2, probably 5 yrs old, no issues before this

    I installed a Startup Delayer to try to get my icons to show up - everything came back except mcafee.
    I turned off several unnecessary startup items but the symptoms are still there.
    I ran Spybot before the 8 steps - a few internet cookies were found and deleted.

    8 Steps:
    1) Antivirus - ran mcafee full scan for what's worth, nothing found
    2) CCleaner - done
    3) I disabled internet connection and turned off mcafee for steps 4 & 5. I uninstalled Azureus which I used occassionally to download tv shows.
    4) Malwarebyte's - found a couple of items and cleaned. (Perfect optimizer was installed after the bug started.)
    5) SuperAntiSpyware - nothing found
    6) Java - I uninstalled old version and installed latest. But the java verify site isn't recognizing the new installation (?).
    7) HiJackThis - done
    8) Logs for Malwarebytes, SuperAntiSpyware, and HiJackThis are attached.

    After completing these steps the symptoms are still there.

    I really hope someone can help me. I'm trying to get more mileage out of this computer, maybe I can afford an upgrade next year.

    Thank you!

    Attached Files:

  2. touch

    touch TS Rookie Posts: 978

    Hi bmongold :)

    You have viewpoint on your computer ->

    Viewpoint is considered foistware and is not needed on your computer.

    Download and unzip to own folder on Desktop -

    Run ViewpointKiller.exe


    Then please download Combofix:

    And save to the desktop.

    Close all other browser windows.

    Please connect all your external hard drive/flash drive before running Combofix, if you have any

    Double-click on the combofix icon found on your desktop.

    Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.

    When finished, it will produce a logfile located at C:\combofix.txt.

    Attach that log in your next reply
  3. LookinAround

    LookinAround Ex Tech Spotter Posts: 6,491   +184

    Am curious.... Could you check and see if you can open a command prompt window? and/or registry editor? Or do these fail to open?

    Start->Run, enter:
    cmd for command prompt, or
    regedit for registry editor
  4. bmongold

    bmongold TS Rookie Topic Starter

    Touch - I'll try this tonight when I get back home. thanks!

    LookinAround - to answer your question, no I cannot open a command prompt or regedit. I forgot to mention this on my original post. When I try to, the Taskbar disappears for a moment and then reappears. No windows open.
  5. LookinAround

    LookinAround Ex Tech Spotter Posts: 6,491   +184

    Yea. This is definitely an infection. I just saw it on a friend's computer a few days ago! anyone reading.. also looks like it might be a "boot sector" virus from what i've seen

    to make it worse, they report their computer no longer boots (i.e. it never completes the BIOS POST. Never even gets to Windows Startup). (they live aways from me so haven't seen it since this occured. Not certain if:
    -=> Either they have h/w problems as well
    => Or this virus can also infect the BIOS (which would make it very nasty!)

    /* EDIT */
    Strongly advise you be cautious. Also immediately prepare for the worst (just in case)
    => Run a FULL backup of your computer on seperate drive (and understand that drive may pickup the virus itself in the process. But means you still have a copy of your stuff but must be careful if/when reattaching that device to a computer again)
    => A "ghost image" sector-by-sector backup image is recommended vs. a simple file/directory backup

    /* EDIT2 */
    As another wise precaution, i'd advise you also turn off Autorun on every drive. (You can install and use TweakUI to do that). And do that BEFORE you connect any external device for the backup
  6. bmongold

    bmongold TS Rookie Topic Starter

    1) I turned off autorun per Lookinaround suggestion (I had already backed up files)
    2) Ran viewpointkiller. Log attached. Rebooted. It did not delete viewmgr.exe, but hijackthis says viewmgr.exe is no longer running.
    3) 1st attempt at Combofix - it ran a few seconds and then mcafee popped up an unwanted program error, I didn't have time to read it before I got the blue screen of death = BAD_POOL_CALLER ?
    4) Powered off/on
    5) On reboot, my mcafee icon showed up in notification area! I got a serious system error message to report to microsoft.
    6) There was no combofix.txt created. But there was a bug.txt and sti.log file. sti.log file is attached. Mcafee did not log whatever had caused the crash.
    7) 2nd attempt at Combofix - I disabled my internet connection and mcafee. Combofix seemed to run ok but I forgot to turn on my external drives. Should I run again with drives connected?? log is attached. The bug.txt file had disappeared after running combofix the 2nd time.

    cmd prompt and regedit now open. Let me know if I should try IE again.
    Thanks for your help.
  7. touch

    touch TS Rookie Posts: 978

    P2P software/programs are a major contributor to infections. I see you have Azureus. Not passing judgment on file-sharing, However will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation.

    c:\program files\Azureus
    c:\documents and settings\Brian\Application Data\Azureus

    Reboot, attach new combofix log
  8. bmongold

    bmongold TS Rookie Topic Starter

    I agree with you on P2P - not worth it. That's why I uninstalled Azureus as part of Step 3! (see original post)

    It is no longer in the add/remove program list. But the empty Azureus folders are still there.
    Is this ok, or do I need to delete the folders and rerun Combofix?
  9. bmongold

    bmongold TS Rookie Topic Starter

    I went ahead and deleted the folders and reran combofix (with external drives on this time).
    Log attached.

    Attached Files:

  10. touch

    touch TS Rookie Posts: 978

    it also looks clean. Please tell, how things are running now ?
  11. bmongold

    bmongold TS Rookie Topic Starter

    So far so good!
    Mcafee was able to access and download updates.
    My regedit and cmd prompt are working.
    I've tried about 10-15 websites in IE6 and no redirects so far. I'll let you know if any issues come back. I really appreciate the help.

    Was it the viewpoint causing the trouble, or did combofix clean some other malware?
  12. touch

    touch TS Rookie Posts: 978

    That´s good news :)

    I think it was combofix there did the job. Yes, please let Me know how things goes.
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...