Shadow187 Posted January 28, 2011 ID:380805 Share Posted January 28, 2011 Hello, friends. I have two issues that may be related to each other, and I've no idea where to start with either of them.First is a redirect virus. It sends me to channel1reports.com (make money from home). MalwareBytes also repeatedly blocks outgoing signals.212.117.177.1391.193.194.13791.193.194.13891.193.194.891.212.226.17991.212.226.18291.212.226.5I have run Malwarebytes' scan and it found a .TDSS rootkit in my temp folder (under c:/users/me/appdata/roaming), and it was quarantined/deleted. Nevertheless, the problem still persists.Secondly, and more importantly, is my computer crashing on startup. I've no idea if this is virus-related, but it's very inconsistent and annoying. I say inconsistent because I am, in fact, posting from the infected computer. 90% of the time the computer will not boot in to Windows. The variables of when it starts seems to change each time. Before, it was dependent on whether or not my LAN cable was connected (when it was disconnected, computer booted fine. If I connected it, instant crash). But not too long ago the computer would not get past the first BIOS screen (the processor did complete POST), and the only way I got past it was to connect the LAN cable. Upon trying to load Windows it wanted to boot a diagnostic/repair service, which I allowed it to. It did a system restore (which I have done before) and the computer is now working as it should (for the time being). It boots 100% of the time in Safe Mode, but not with Safe Mode + Networking. Any help on either issue is appreciated; I can deal with a redirect here and there but this crashing on startup is painful. If it helps, the screen tears (horizontal broken lines) before restarting.Finally, the computer will crash guaranteed if I run many of the scanning programs used on MWB. These will most likely work in safe mode, but I'm not going to turn the computer off now when it's actually on; I'll get scans when requested. However, I did get a GMER test.GMER 1.0.15.15530 - http://www.gmer.netRootkit scan 2011-01-27 17:53:28Windows 6.1.7600 Running: gmer.exe---- Registry - GMER 1.0.15 ----Reg HKLMSYSTEMCurrentControlSetservicesBTHPORTParametersKeys\0011678778ea Reg HKLMSYSTEMCurrentControlSetservicessptdCfg@s1 771343423Reg HKLMSYSTEMCurrentControlSetservicessptdCfg@s2 285507792Reg HKLMSYSTEMCurrentControlSetservicessptdCfg@h0 1Reg HKLMSYSTEMCurrentControlSetservicessptdCfg14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLMSYSTEMCurrentControlSetservicessptdCfg14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:Program Files (x86)DAEMON Tools LiteReg HKLMSYSTEMCurrentControlSetservicessptdCfg14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...Reg HKLMSYSTEMCurrentControlSetservicessptdCfg14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0Reg HKLMSYSTEMCurrentControlSetservicessptdCfg14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD1 0x4E 0x7E 0x9D ...Reg HKLMSYSTEMCurrentControlSetservicessptdCfg14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLMSYSTEMCurrentControlSetservicessptdCfg14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...Reg HKLMSYSTEMCurrentControlSetservicessptdCfg14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x22 0x23 0x1E 0x3A ...Reg HKLMSYSTEMCurrentControlSetservicessptdCfg14919EA49A8F3B4AA3CF1058D9A64CEC\00000001gdq0 Reg HKLMSYSTEMCurrentControlSetservicessptdCfg14919EA49A8F3B4AA3CF1058D9A64CEC\00000001gdq0@hdf12 0x2E 0x5E 0x63 0x0D ...Reg HKLMSYSTEMControlSet002servicesBTHPORTParametersKeys\0011678778ea (not active ControlSet) Reg HKLMSYSTEMControlSet002servicessptdCfg14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLMSYSTEMControlSet002servicessptdCfg14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:Program Files (x86)DAEMON Tools LiteReg HKLMSYSTEMControlSet002servicessptdCfg14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...Reg HKLMSYSTEMControlSet002servicessptdCfg14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0Reg HKLMSYSTEMControlSet002servicessptdCfg14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD1 0x4E 0x7E 0x9D ...Reg HKLMSYSTEMControlSet002servicessptdCfg14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLMSYSTEMControlSet002servicessptdCfg14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...Reg HKLMSYSTEMControlSet002servicessptdCfg14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x22 0x23 0x1E 0x3A ...Reg HKLMSYSTEMControlSet002servicessptdCfg14919EA49A8F3B4AA3CF1058D9A64CEC\00000001gdq0 (not active ControlSet) Reg HKLMSYSTEMControlSet002servicessptdCfg14919EA49A8F3B4AA3CF1058D9A64CEC\00000001gdq0@hdf12 0x2E 0x5E 0x63 0x0D ...---- EOF - GMER 1.0.15 ---I have a laptop which I can use to download and transfer any file you need. Any and ALL help is vastly appreciated. Thanks!Steve.Bump..sorry if that isn't allowed. Link to post Share on other sites More sharing options...
LDTate Posted January 30, 2011 ID:381323 Share Posted January 30, 2011 Please don't attach the scans / logs from these scans, use "copy/paste".DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.Vista and Windows 7 users:1. These tools MUST be run from the executable. (.exe) every time you run them 2. With Admin Rights (Right click, choose "Run as Administrator")Stay with this topic until I give you the all clean post.You might want to print these instructions out.Note: Close all browsers before running ATF Cleaner: IE, FireFox, etc.Please download ATF Cleaner by Atribune.Download - ATF Cleaner Link to post Share on other sites More sharing options...
Shadow187 Posted January 30, 2011 Author ID:381630 Share Posted January 30, 2011 Sorry for wasting your time, I ended up reformatting. Computer runs fine now. Link to post Share on other sites More sharing options...
LDTate Posted January 30, 2011 ID:381632 Share Posted January 30, 2011 Thanks for posting back and letting us know Peace be with you Link to post Share on other sites More sharing options...
LDTate Posted January 30, 2011 ID:381633 Share Posted January 30, 2011 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts