Jump to content

Recommended Posts

When i run a search through my browser, the results come up with what i search for, when i click on the succesfull result (showing the correct website) to surf to the desired webpage, for some reason the browser then redirects me to another website, these sites do vary but they are never the site i actually wanted

My Default browser is google chrome, however I have also tried this in Internet explorer only to find the same problem.

My Default search engine is google, but i have also tried bing & yahoo only to find the same problem

I have run a spybot check and it did find some malware, which i removed and reapplied the immunization, i then ran a malwarebytes scan which found nothing. The problem is still happening

Please help

I have attached DDS file notes

DDS.txt

dds1.txt

Link to post
Share on other sites

:welcome:

Please don't attach logs if your not specifically asked to do so.

Let's do two more scans.

Step 1.

aswMBR:

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

aswMBR1.png

Click the "Scan" button to start scan

aswMBR2.png

On completion of the scan click save log, save it to your desktop and post in your next reply

Step 2.

GMER:

Download GMER Rootkit Scanner from here or here.

  • Extract the contents of the zipped file to desktop.
  • Disable your onboard Anti Virus and any other Active protection programs you have installed. If you are unsure how to do this, see this link.
  • Double click GMER.exe.
  • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
    gmer_th.gif
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)

    [*] Then click the Scan button & wait for it to finish.

    [*] Once done click on the [save..] button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.

    [*] Save it where you can easily find it, such as your desktop

**Caution**

Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Please note:

If (and only if) there are problems using gmer as indicated above, run the scan with ONLY the Sections and C drive boxes ticked.

gmer_sections_only_th.png

Click the image to enlarge it

  • Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
  • Double click the gmer.exe file.
  • The program will begin to run, and perform an initial scan. If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click No, then select ONLY the Sections and C drive boxes. Click on Scan and wait for it to finish.
  • Click on the Save button, and save the log file somewhere you can easily find it, such as your desktop, and attach it in reply

Step 3.

Things I would like to see in your reply:

  1. The content of the log from aswMBR in step 1.
  2. The content of the log from GMER in step 2.

Link to post
Share on other sites

Please don't attach logs if your not specifically asked to do so.

Why did you attach all logs?

I asked you not to.

Looks as you've had AVG installed. The tool we are going to use might complain about leftovers from when you uninstalled it.

Please use avgremover from AVG to completely remove AVG products.

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Link to post
Share on other sites

Hi there

Apologies if I have uploaded too many links, I did the extra one as there was a problem, so I apologise if I have misread your instructions

I will run the remover after 5pm BST (approx 1hr), as this pc is currently being used a work server (which would mean data loss for the rest of the network if I shut down, every other computer goes off then so i will be able to run without distraction!!!!

I will post the answers as soon as I have finished

Link to post
Share on other sites

lol I am the IT department

we are only a small business and this is part of a five computer network!!!

This PC is only a temporary server as my usual server PC is in the shop being resuscitated/replaced (due to a motherboard fault)

This problem was on the pc prior to it being the server, also the other office computers will be switched off in 50 minutes anyway so its not really too big a problem to run the scan

Link to post
Share on other sites

This pc is infected with a RootKit infection.

I suggest you get it OFF your network and shut it down.

You have possibly infected the others connected to it.

You need to get someone to come to your business and check all the computers

This topic will be closed.

aswMBR version 0.9.5.247 Copyright© 2011 AVAST Software

Run date: 2011-05-03 14:38:52

-----------------------------

14:38:52.218 OS Version: Windows 5.1.2600 Service Pack 3

14:38:52.218 Number of processors: 2 586 0xE08

14:38:52.218 ComputerName: FILESERVER UserName: NC6400

14:38:53.187 Initialize success

14:39:08.546 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdePort0

14:39:08.562 Disk 0 Vendor: HTS541040G9SA00 MB2IC60R Size: 38154MB BusType: 3

14:39:08.578 Device \Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskHTS541040G9SA00_________________________MB2IC60R#5&69bfa34&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} not found

14:39:08.578 Device \Driver\atapi -> DriverStartIo 84ad1af1

14:39:10.609 Disk 0 MBR read successfully

14:39:10.625 Disk 0 MBR scan

14:39:10.625 Disk 0 Windows XP default MBR code

14:39:12.640 Disk 0 scanning sectors +78125040

14:39:12.671 Disk 0 scanning C:\WINDOWS\system32\drivers

14:39:20.859 File C:\WINDOWS\system32\drivers\rdpcdd.sys TDL3 **ROOTKIT**

14:39:20.875 Disk 0 trace - called modules:

14:39:20.906 ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll ACPI.sys >>UNKNOWN [0x84ad1ecc]<<

14:39:20.921 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x864d1ab8]

14:39:20.937 3 CLASSPNP.SYS[f75d7fd7] -> nt!IofCallDriver -> [0x864bdd58]

14:39:20.968 5 hpdskflt.sys[f78184e6] -> nt!IofCallDriver -> \Device\00000087[0x864c0030]

14:39:20.984 7 ACPI.sys[f745e620] -> nt!IofCallDriver -> [0x8656c3a0]

14:39:21.000 [0x860e8b10] -> IRP_MJ_CREATE -> 0x84ad1ecc

14:39:21.031 Scan finished successfully

14:41:06.734 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\NC6400\Desktop\MBR.dat"

14:41:06.765 The log file has been saved successfully to "C:\Documents and Settings\NC6400\Desktop\aswMBR.txt"

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.