Any help would be greatly appreciated
Browser Redirect Virus
Posted 14 March 2011 - 09:26 AM
Any help would be greatly appreciated
Posted 16 March 2011 - 09:46 PM
Welcome to Geekstogo. My name is Salagubang and I'll be helping you with this problem.
- Please read all of my response through at least once before attempting to follow the procedures described. I would recommend printing them out, if you can, as you can check off each step as you complete it. If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
- Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you
- English is not my first language, so please do not use slang or idioms, as this makes it difficult to understand for me.
ERUNT - Download here
Removing modern malware infections often requires making changes to the registry, and a corrupt registry can prevent a system from booting. Compatible with Windows NT, 2000, 2003, XP, Vista, 32 & 64-bit versions. To ensure that we have a valid registry backup. Install and run ERUNT (Emergency Recovery Utility NT) which will allows you to store a complete backup of your registry and restore if needed.
- Download ERUNT
- Double-click erunt_setup.exe to run.
- Follow the prompts and install using the default configuration (setup language, install location, shortcuts...).
- Say No to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later.
- Start ERUNT
- Choose a location for the backup
The default location C:\WINDOWS\ERDNT\[today's date] is preferred
- The first two check boxes are ticked by default (System registry and Current user registry).
- Press OK
- When prompted, click YES to create a new folder.
- Progress bars will show backup status.
- A confirmation window will popup when complete. Click OK to close.
Do you encounter redirects using other browsers? How about the other computers in the house?
Download OTL to your Desktop
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- Click on Standard Output at the top
- Under the Extra Registry sectionm ensure that Safelist is selected
- Select All Users
- Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select "Save"
- Double click inside the Custom Scan box at the bottom
- A window will appear saying "Click Ok to load a custom scan from a file or Cancel to cancel"
- Click the Ok button and navigate to the file scan.txt which we just saved to your desktop
- Select scan.txt and click Open. Writing will now appear under the Custom Scan box
- Click the
button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic
GMER Rootkit Scanner
- GMER Rootkit Scanner - Download - Homepage
- Download GMER
- Extract the contents of the zipped file to desktop.
- Double click GMER.exe.
- If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
- In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
- Drives/Partition other than Systemdrive (typically C:\)
- Show All (don't miss this one)
NOTE - Not all of the tick boxes will be available if you are running a 64bit Operating System. You may also get an error message display on the screen when using a 64bit Operating System, this is normal, just click on OK and let it carry on.
Click the image to enlarge it
- Then click the Scan button & wait for it to finish.
- Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
- Save the log where you can easily find it, such as your desktop.
**Caution**Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Please copy and paste the report into your Post.
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users