Solved Redirecting browser problem

Status
Not open for further replies.

jj0515

Posts: 15   +0
I always have a browser redirecting problem. Actually, I followed your UPDATED 8-step Viruses/Spyware/Malware Preliminary Removal Instructions
 
4 txt files attached
 

Attachments

  • DDS.txt
    21.1 KB · Views: 1
  • Attach.txt
    8.6 KB · Views: 0
  • GMER.log
    29.9 KB · Views: 3
  • mbam-log-2010-08-09 (17-32-50).txt
    3 KB · Views: 2
Please download and save SecurityCheck.exe to your Desktop from one of the links below.

Link 1
Link 2

Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt
Please post the contents of that document in your next reply.

============

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:


netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT


* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
I downloaded SecurityCheck.exe saved on the Desktop, double clicked but nothing happened. OTL executed ok.
 

Attachments

  • OTL.Txt
    153.4 KB · Views: 1
  • Extras.Txt
    33.3 KB · Views: 0
Norton might be blocking the security check executable. Can you disable it and try again please.

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code:
    :Files
    
    :OTL
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    :Commands
    [emptyflash]
    [emptytemp]
    [resethosts]
    [Reboot]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
  • Post log from this run.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

=======

Go to Kaspersky website and perform an online antivirus scan.

1. Disable your active antivirus program.
2. Read through the requirements and privacy statement and click on the Accept button.
3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
4. When the downloads have finished, click on Settings.
5. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

  • Spyware, Adware, Dialers, and other potentially dangerous programs
    [*] Archives
    [*] Mail databases
6. Click on My Computer under Scan.
7. Once the scan is complete, it will display the results. Click on View Scan Report.
8. You will see a list of infected items there. Click on Save Report As....
9. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.
 
3 logs

I tried SecurityCheck.exe again with my Antivirus disabled and it worked. Then, from OTL Run Fix, then OTL again Quick Scan. attached are the ff. logs
 

Attachments

  • checkup.txt
    1,001 bytes · Views: 1
  • OTL-08102010_145236.txt
    7.7 KB · Views: 1
  • OTL2.Txt
    130.3 KB · Views: 1
Please download JavaRa

If you get this message:
Problems with the download? Please use this direct link or try another mirror.

Select the Direct link download unzip it to your Desktop.

Double click JavaRa.exe then click Remove Older Versions.

Follow any prompts; a log will popup (JavaRa.log)-- please post the contents of this log.

Next, open JavaRa.exe again, and select Search For Updates.

Select Update Using Sun Java's Website --> Search, and continue the instructions for downloading and installing the latest Java version. Look for JDK 6 Update 21 (JDK or JRE). On the right select this one Download JRE..

In Vista and Windows 7 run the tool as Administrator.

==

Once you have done that, go ahead and run the Kaspersky scan please.
 
Hi, back again, no logs produced from OTL. Kapersky Scan log attached.
 

Attachments

  • Kapersky.txt
    1,000 bytes · Views: 2
Did you run JavaRa?

===========

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code:
    :Files
    C:\ProgramData\SysWoW32\wu1791871956v1
    C:\Users\All Users\SysWoW32\wu1791871956v1
    :OTL
    
    :Commands
    [emptytemp]
    [resethosts]
    [Reboot]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
  • Post log from this run.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

================

Let me know how the pc is please.
 
I don't get browser redirected anymore, but why is there OTL subfolder created with another subfolders under it?
 

Attachments

  • otl.jpg
    otl.jpg
    166.5 KB · Views: 1
AntiVirus

I have Norton Internet Security that expires in 25 days, do you recommend Kapersky instead? What software do you recommend in your opinion?
 
That is how OTL works. It creates a folder to move the 'fixed' files to. The folder will be renoved in the next part.

I would recommend using either one of these free offerings;
Comodo.
Avast.
Avira,
or, if you prefer to pay;

NOD32.
Kaspersky.

=========

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC by OldTimer:
Save it to your Desktop.
Double click OTC.exe.
Click the CleanUp! button.
If you are prompted to Reboot during the cleanup, select Yes. The tool will delete itself once it finishes.
 
Ok. Try this instead:

Launch OTL and click on the Cleanup button. Follow the prompts.

That should do almost the same thing.
 
You need to go back out of this thread and into the Virus forum. Close to the top there is a button that says + New Topic.
Thats it :).

====

Please read the directions given here and when done, post the requested logs.
 
Status
Not open for further replies.
Back