[mond]

Hi maliprog,
still combo fix does not want to work - even in safe mode. I just get a litle rectagular box with a green bar in it, this is displayed for a few secs then the deskttop icons flicker and that's the lot! nothing else happens. In safe mode it asked for an administer prompt - inside a black box - did not know what i was supposed to type in this box! anyway - i will attach the other report now.

Attached Files

•  MBRCheck_11.16.10_19.52.14.txt   8.55KB   194 downloads

[Advertisements]

Hi mond,

MBRCheck log file is not complete. Please run it again and wait until program finish his work then post log again here for me.

[maliprog]

Hi mond,

MBRCheck log file is not complete. Please run it again and wait until program finish his work then post log again here for me.

[mond]

OK - here goes

Attached Files

•  MBRCheck_11.16.10_21.34.15.txt   13.21KB   181 downloads

[maliprog]

Hi mond,

Good job! Now we will try one more thing to run Combofix.

Step 1

Please remove your AVG antivirus. Unistall it. After that delete Combofix you have now and download new version from Here or Here.

Before running Combofix rename it to svchost.exe (Right click on Combofix.exe and chose Rename). Tray to run it now.

Step 2

Do this step even if Step 1 fail.

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

• Doubleclick the drweb-cureit.exe file and click Scan to run express scan. Click OK in pop-up window to allow scan.
• This will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it. This is only a short scan.
• Once the short scan has finished, select Complete scan.
• Click the green arrow at the right, and the scan will start.
• Click Yes to all if it asks if you want to cure/move the file.
• When the scan has finished, in the menu, click File and choose Save report list
• Save the report to your desktop. The report will be called DrWeb.csv
• Close Dr.Web Cureit.
• Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
• Copy and paste that log in the next reply. You can use Notepad to open the DrWeb.cvs report.

NOTE. During the scan, pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.

Step 3

Please make sure you include the following items:

• Combofix log
• Dr.Web log

It would be helpful if you could post each log in separate post

[mond]

OK Great - will try that. Will not be at my pc til thurs eve so once again there will be a slight delay. thanks again for your help so far.

[mond]

hi maliprog,
sorry about delay - mangaged to run the 2 progs you suggested and it has taken a few hours for them to complete.
here is the combofix log (i chanaged name as per instruction to get it to run :-))

Attached Files

•  log.txt   14.41KB   139 downloads

[mond]

and the drweb found a trojan - here is the results log.(had to zip due to size)

Attached Files

•  CureIt.zip   239.64KB   142 downloads

[maliprog]

Hi mond,

How is your system now? What problems do you experience?

[mond]

Hi maliprog,
problem the same - all searches default to googleadservices fake sites or directed to askjeeves etc. nothing fixed yet! although now I get more error messeges on start up - telling me programmes cannot run including itunes!spyhunter keeps telling me my DNS settings have been modified. any more ideas?

[maliprog]

Hi mond,

We always have ideas but we need to take it slowly .

Step 1

Let's try another thing. We will change your DNS to openDNS. To do that please follow this steps:

• Start -> Control Panel -> Network and Internet -> Network and Sharing Center -> Manage network connections.
• Right click on it and choose Properties
• Select Networking tab and click double click on Internet Protocol TCP/IPv4.
• Click the radio button for DNS servers and enter the following
• Preferred DNS server: 208.67.222.222
• Alternate DNS server: 208.67.220.220
• Hit OK. Click OK again to close Properties box

Please try your connection and redirection now.

Step 2

Can you tell me more about errors on startup? Is there any specific file or service missing?

[mond]

hi maliprog,
well I am impressed - have tried your last suggestion.......and so far so good. I have surfed arround the net for 10mins and have not been re-directed once. I realise that it is early days as i think this menace has been on my machine for some time now and that it could spring back into life again - but as I said - sor far it has been fine. I will carry on surfing today and get back to you if any issues return. should i keep note of these new numbers to change it back again if it happens again? so thanks a lot for your help and let me know if you need me to do anything else.

[maliprog]

Hi mond,

Good job ! Please test your system and let me know. There is one or two steps we need to do. It depend or your results. I will prepare fix and post it after you test your system.

[mond]

Hi maliprog.
I am happy to report that everything still seems fine - no redirects and close to 60 updates have now installed!! including vista service pack 2. Thanks for all the help with getting this sorted and hopefully it will not be back. I have now reinstalled a new version of avg and also zonealarm. thanks again, mond.

[maliprog]

Hi mond,

You system is clean now. I'm glad we fix up your computer. We need to clean up your PC from programs we used.

Step 1

Please start OTL one more time and click CleanUp button. OTL will restart your system at the end.

Step 2

Here are some recomendations you should follow to minimize infection risk in the future:

1. Your system need one antivirus software. Chose one that suits your needs best. Here are some FREEWARE recomendations:

Avira AntiVir Personal - Free
AVG Free

2. Your system need one firewall software. Chose one that suits your needs best. Here are some FREEWARE recomendations.

ZoneAlarm Pro
Ashampoo Firewall

3. Intall AntiSpyware. You need to have only one realtime antispyware solution running on your system.

• Super AntiSpyware - an amazing tool that can often clean up a system very efficiently.
  
• MalwareBytes Anti-Malware - another great program for keeping your system free of malware and running smooth.
  
• SpywareBlaster - helps prevent spyware from being installed on your system.

4. Enable Windows Update

• Click Start, click Run, type sysdm.cpl, and then press ENTER.
• Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them option.
• Click OK button

5. Delete Temp files

Download TFC to your desktop

• Open the file and close any other windows.
• It will close all programs itself when run, make sure to let it run uninterrupted.
• Click the Start button to begin the process. The program should not take long to finish its job
• Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

6. Make Backups of Important Files

Please read this article Home Computer Data Backup.


7. Regularly update your software

To eliminate design flaws and security vulnerabilities, all software needs to be updated to the latest version or the vendor’s patch installed.

You should download Update Checker from here. The program will automaticly check for newer version of software installed on your system.

[maliprog]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.