Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Nasty Redirect Virus

Started by raftini , Mar 27 2011 08:44 AM

  • This topic is locked This topic is locked

#1
raftini
Posted 27 March 2011 - 08:44 AM

raftini

    Member

  • Member
  • PipPip
  • 39 posts
Hi All,

It seems I have a virus that is redirecting searches and making my computer somewhat sluggish.

I'm a bit desperate at this point. I have scanned Malwarebytes, Spybot, with no luck.

Running in safe mode does not help.

OS Windows XP 2002

Please let me know what more info I can provide, to help you help me.

Thank you so much.
  • 0

Advertisements

#2
redcar92
Posted 27 March 2011 - 10:39 AM

redcar92

    Member

  • Member
  • PipPip
  • 69 posts
Hello and welcome to the G2G forum. :D
I'm RedCar92 and my name is Bill, I'll be glad to help you with your computer problems.

Please observe these rules while we work:
  • Read the entire procedure
  • It is important to perform ALL actions in sequence.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with me till you're given the all clear. Malware removal can be stressful but we will clean it.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.

Please be advised, as I am still in training, all my replies to you will be checked for accuracy by one of our experts to ensure that I am giving you the best possible advise, this will be a team effort.
This may cause a delay, but I will do my best to keep it as short as possible.

Please bear with me, I will post back to you as soon as I can.

IMPORTANT NOTE : Please do not delete anything unless instructed to.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperative and could require a full reinstall of your OS, losing all your programs and data.

Stay with this topic until I give you the all clean post.
I will post back soon with more instructions.

Thanks,
Bill
In Training at WTT Classroom
  • 0

#3
raftini
Posted 27 March 2011 - 10:49 AM

raftini

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Hi Bill, And thank you. I'm all ears!
  • 0

#4
redcar92
Posted 27 March 2011 - 11:00 AM

redcar92

    Member

  • Member
  • PipPip
  • 69 posts
Hello raftini,
Please do the following:

Please download DDS from LINK 1 or LINK 2
and save it to your desktop.

Double click dds.scr to run the tool.
When done, two DDS.txt's will open.
Save both reports to your desktop.
Please include the contents of the following in your reply using Copy / Paste:
DDS.txt & Attach.txt

Next
Download GMER Rootkit Scanner from here or here.
  • Extract the contents of the zipped file to desktop.

    Posted Image
  • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

    Posted Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and attach it in your reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Logs to post:
  • DDS.txt
  • Attach.txt
  • GMER.txt
Thanks
Bill
  • 0

#5
raftini
Posted 27 March 2011 - 11:52 AM

raftini

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Hi Bill, The DDS scan is running super slow -- this will take a while.


Thanks
  • 0

#6
redcar92
Posted 27 March 2011 - 12:05 PM

redcar92

    Member

  • Member
  • PipPip
  • 69 posts
No problem :D
Thanks,
Bill
In Training at WTT Classroom
  • 0

#7
raftini
Posted 27 March 2011 - 01:39 PM

raftini

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Bill, Is it possible the scan might take hours?

I think the virus is prohibiting the DDS scanning. It's been over an hour and I dont see much progress.

Maybe there's another program that might work better?

Thanks
  • 0

#8
redcar92
Posted 27 March 2011 - 01:53 PM

redcar92

    Member

  • Member
  • PipPip
  • 69 posts
The scan can take a while let's let it run for a couple of more hours please. The log is very important for virus removal.

Thanks,
Bill
In Training at WTT Classroom
  • 0

#9
raftini
Posted 27 March 2011 - 01:57 PM

raftini

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Will do.
  • 0

#10
raftini
Posted 27 March 2011 - 05:37 PM

raftini

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Well, several hours later it hasn't budged --not moving at all. I don't think it's working.
dds.gif see attached
  • 0

Advertisements

#11
redcar92
Posted 27 March 2011 - 06:28 PM

redcar92

    Member

  • Member
  • PipPip
  • 69 posts
Hello raftini, I'm sorry to cause you these problems :D
Can you run and post GMER then:
Try DDS in Safe Mode.

To start the computer in "Safe Mode", follow these steps:
As the computer is booting continuously tap the F8 Key which should bring up the Windows Advanced Options Menu.
Use the arrow keys to move to Safe Mode and press your Enter key.
Once you're done in Safe Mode and you want to get back into Normal Windows simply restart the computer like you normally would and let it boot normally.

Next
Double click dds.scr to run the tool.
When done, two DDS.txt's will open.
Save both reports to your desktop.
Please include the contents of the following in your reply using Copy / Paste:
DDS.txt & Attach.txt

If DDS stil does not run the try this:
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under Custom Scan paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
  • You may need two posts to fit them both in.

Logs to post:
  • GMER.txt
  • DDS.txt
  • Attach.txt
  • OTL.txt
  • Extras.txt
Thanks
Bill
In Training at WTT Classroom
  • 0

#12
raftini
Posted 27 March 2011 - 06:51 PM

raftini

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Hi Bill, I will try these options and post the results tomorrow.

Thank you so much for you time.
  • 0

#13
redcar92
Posted 27 March 2011 - 07:52 PM

redcar92

    Member

  • Member
  • PipPip
  • 69 posts
Great :D
Thanks,
Bill
In Training at WTT Classroom
  • 0

#14
raftini
Posted 27 March 2011 - 08:47 PM

raftini

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Unfortunately, The Gmer, OTM or DDS did not work. The Gmer wouldn't even start (even in safe mode). I'm about to give up and reinstall the OS to factory settings. I hate to do that. Are there any other options????

Edited by raftini, 27 March 2011 - 08:57 PM.

  • 0

#15
redcar92
Posted 27 March 2011 - 08:58 PM

redcar92

    Member

  • Member
  • PipPip
  • 69 posts
Raftini, I know virus removal can be very stressful and frustrating, (been there, done that), but there are several more options, but it will take time. Should you decide to revert to factory settings, try to backup your data to a flash drive or CD. While awaiting your decision I will research and find the next best step.
Thanks,
Bill
In Training at WTT Classroom
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP