[Solved] Search links were redirected to random sites

[Bobbye]

vostro, please delete the Combofix exe file on your desktop. Then run Combofix again. I'll check it and then, again, probably suggest you seek help on our hardware forum.

 

[vostro1310]

I have two observations,

1. A BSOD happened and it indicated an error in iaStor.sys. The blue screen showed
Driver_IRQL_NOT_LESS_OR_EQUAL
Stop 0x000000D1 (0x00000014, 0x000000FF, 0x00000000, 0xA3876034)
hiber_iaStor.sys Adress A3876034 base at A37b2000 ateStamp 4696b24a

2. Delete the ComboFix on desktop and download it again from the bleepingcomputer.com, and ran it again. It found a rootkit and shutdown the system twice and restart it. The log file is attached.

Thanks.

 

[Bobbye]

vostrol, after extensive searching, it appears that this is a "Dell Problem." I have copied the fix and edited it to make it easier for you to follow. It seems that many users were complaining of the problem and this fix was issued. Please note: I have not use this. the steps seem reasonable, but be careful:

Dell Dimension E510, iastor.sys, Windows XP blue screen error, stop code 0×000000D1
How to resolve a Stop 0×000000D1 Error Message in IASTOR.SYS in the Microsoft® Windows® XP Operating System? Here is the Dell provided Fix

Part 1: Change the SATA Operation setting from RAID Autodetect / AHCI to RAID Autodetect / ATA in System Setup.(BIOS)> Perform the following steps:

• 
  [1]Reboot the computer.
  [2]Press the key on the keyboard immediately after the keyboard LEDs flash to enter the BIOS (System Setup).
  The System Setup screen appears.
  [3]Press the or keys to highlight the Drives section, and then press the key.
  [4]Press the or keys to highlight the SATA Operation section, and then press the key.
  [5]Press the or keys to highlight RAID Autodetect / ATA, and then press the key.
  [6]Press the key to exit the System Setup.
  [7]Press the or keys to highlight Save/Exit, and then press the key.
  [8]The computer restarts.

Part 2: Download and install the Intel® Matrix Storage Driver:> Perform the following steps:

• 
  [1]Click [b]ftp://ftp.us.dell.com/SATA/R130119.EXE[/b] to download the R130119.exe file and save to the Desktop.
  [2]Double-click the R130119.EXE file on the desktop.
  [3]The Self-Extracting window appears and prompts you to extract to the C:\DELL\DRIVERS\R130119 directory.
  Write down this path so you can find the Setup.exe file later.
  The Self-Extractor window appears.
  [4]Click OK.
  [5]Click the Start button, and then click Run.
  [6]Type C:\DELL\DRIVERS\R130119 in the Open box and click OK.
  [7]Follow the on-screen installation instructions.

Part 3: Change the SATA Operation setting to RAID Autodetect / AHCI in System Setup:>> Perform the following steps:

• 
  [1]Reboot the system.
  [2]Press the key immediately after the keyboard LEDs flash to enter the System Setup (BIOS).
  [3]Press the and keys to highlight the Drives section and press the key.
  [4]Press the and keys to highlight the SATA Operation section and press the key.
  [5]Press the and keys to highlight RAID Autodetect / AHCI and press the key.
  [6]Press to exit the System Setup (BIOS).
  [7]Press the and keys to highlight Save/Exit and press the key.

The referenced site can be found HERE

The Edits are all mine. The contents are from the site.

 

[vostro1310]

First, the search result links is working fine now. No random Ad site is showing up. The iastor.sys reoved by ComboFix seemed to fix the problem. Thanks a lot for guide me through.

The second, I followed the instruction and ran the R130119.exe but failed. It said it did not meet the system requirement. After reading through the support forum on Dell web site, the R130119 is for a Dimension desktop, not for my laptop. I found R179638.exe for my model, but it did not have a setup.exe. There are only cat and inf files in the unzipped folder, including
iaahci.cat
iaachi.inf
iastor.cat
iastor.inf
iastor.sys
txtsetup.oem
license.txt
readme.txt
Version.txt

The installation instruction in the readme is confusing and I could not understand. Could I just to the device manager and click update driver from the IDE ATA/ATPI controllers? Thanks.

 

[Bobbye]

Go ahead and try going through the Device Manager. Let me know if it resolves the problem.

 

[vostro1310]

Try to update the driver directly from the Device Manager but it said the one downloaded from Dell is older than the current. However, after ComboFix removed the infected driver, system has not crashed since. I guess the crash might be caused by the infected driver. I appreciate all your help on fixing my problems. It is wonderful to ahve everything back to normal. Thanks.

 

[Bobbye]

vostro, since the redirect problem has been resolved, I'd like to have you remove the cleaning tools and old restore points, then close this thread. If the BSOD problem begins again, please start a thread in the BSOD Forum. I think there is a better change of blue screen help there:

Uninstall ComboFix and all Backups of the files it deleted

• Click START> then RUN
• Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  
  

Remove all of the tools we used and the files and folders they created

• DownloadOTCleanIt by OldTimer
• Save it to your Desktop.
• Double click OTCleanIt.exe.
• Click the CleanUp! button.
• If you are prompted to Reboot during the cleanup, select Yes.

The tool will delete itself once it finishes. If you are prompted to Reboot during the cleanup, select Yes.

Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.

• Go to Start > All Programs > Accessories > System Tools
• Click "System Restore".
• Choose "Create a Restore Point" on the first screen then click "Next".
• Give the Restore Point a name> click "Create".
  
• Go back and follow the path to > System Tools.
  [*]Click "OK" to select the partition or drive you want.
  [*]Click the "More Options" Tab.
  [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.

More details and screenshots for Disk Cleanup in Windows Vista can be found here.

If I can be of more help with malware, please let me know.

 

[vostro1310]

Done. CF and OTC were all removed and a Restore Point was created. Thanks again for all the help.

 

[Bobbye]

You're welcome. I'll close the thread now since the problem has been resolved.