Jump to content
kentuckycuz

Search Redirection - MB or AVG will not update

Recommended Posts

. If I access them from MY laptop (through shared folders), would I be subject to the virus too?

Shouldn't be, its not one of those that infects EVERYTHING on the computer ;)

We'll still try to fix it though :)

Share this post


Link to post
Share on other sites

Okay, I'm stuck again. When you said "at the boot option" what did you mean exactly? I burned the CD. Restarted my computer and nothing happened. All of the files are on the CD though. There's one labeled Autorun and one labeled Boot. Should I click on one of those? Or, when I restart, am I supposed to push 1 or F1 or something. Is that the boot option? Or, is the CD supposed to kick in automatically? I'm confuzzled :blink:

Share this post


Link to post
Share on other sites

Those are good instructions. I did okay up until the updating part and now I think it's frozen up on me. I'm going to give it a few more minutes but I'm pretty sure it's mad. Reading on, I didn't even have to update it b/c I had just downloaded it. If it stays frozen, any ideas? Should I do Ctrl+Alt+Del and try to restart that way?

Share this post


Link to post
Share on other sites

Or do a force reboot (hold the power button for 8 seconds). Be patient - sometimes it looks like its frozen when it really isn't. It can take a long while ;)

Share this post


Link to post
Share on other sites

It's running. One thing I changed was where it said "Action when Malware found" ... It was defaulted to "Log malware detections only" ... the instructions had to put it on "Repair infected files - Rename file is repair is not possible" ... the "Remove Suspicious Files" wasn't checkmarked so I didn't mark it but I wanted to! I set it to Repair infected files like it said.

Then, at the bottom, it says to run an antivirus to quarantine all the renamed files. I'll post the log when it finishes.

Share this post


Link to post
Share on other sites

It finished. Shows 2 records, 0 suspect files and 1 warning. BUT, there's no button that says SAVE on it, so I can save a log. My screen doesn't look like the one on the instruction page. It's got the same info, pretty much, but doesn't look the same. There's no SAVE button though, only a button to start scanner. I tried right clicking to select all, copy and paste. Can't do that. It'll let me highlight it, but not copy.

Share this post


Link to post
Share on other sites

Oh, who knows what I've done :o I started clicking on different tabs, like miscellaneous and others to see if there was a SAVE button somewhere else. I clicked on the update tab again and it froze AGAIN. Definitely something about that update tab. So, I rebooted, went into it again and I clicked on everything except the update tab. Nothing. I rebooted it again, just to see if maybe there was a log saved on the C drive or something. Forgot that I had set the BIOS to boot from the D drive, so it started going into the Avira boot again. I (stupidly) took the CD out!! It was a reflex I think, idk, temporary insanity maybe?? :blink: so then the computer came up that it couldn't start b/c of an error, or something like that. It asked me if I wanted it to run Startup Repair, and I thought, at this point, what could it hurt? So, it's doing that now ....

Share this post


Link to post
Share on other sites

Don't worry it happens to all of us ;)

Run the Avira CD once more and then let me know when its finished :)

Share this post


Link to post
Share on other sites

Don't worry about the log ;)

Now, reboot the computer, and please do the following (like before :)):

Please print out these instructions or copy them to a Notepad file for an easier reading and download MBRCheck by a_d_13 to your Desktop from one of these locations:

http://ad13.geekstogo.com/MBRCheck.exe

http://download.bleepingcomputer.com/rootrepeal/MBRCheck.exe

http://www.kernelmode.info/MBRCheck.exe

Close all opened programs/ windows and double-click on MBRCheck.exe.

It will produce a log file saved automatically on your Desktop as "MBRCheck_[Date]_[Time].txt".

Press the "Enter" key to close the MBRCheck window and post the contents of the log file.

Share this post


Link to post
Share on other sites

I will do that but I just wanted to let you know that it took me forever to get the computer back to normal last night. It wouldn't boot right; it kept going into the system repair and did that 4 or 5 times before it finally came up right. Now, it's doing something else weird. I can't click on internet explorer or the library folder from the toolbar (or taskbar, or whatever is on the bottom of the desktop). It comes up something about a deleted registry key.

The way I got everything back to kind of normal was I went back to the beginning and ran the tdsskiller, and combofix. They didn't find anything though. I also ran malwarebytes (which updated okay) and it didn't find anything.

I did find on the control panel where it's got "create a system repair disc" .... I'm wondering if I should do that.

Share this post


Link to post
Share on other sites
It comes up something about a deleted registry key.

reboot the computer ;)

I did find on the control panel where it's got "create a system repair disc" .... I'm wondering if I should do that.

Might as well ;)

Share this post


Link to post
Share on other sites

Okay, rebooting worked :) Here's the log:

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows 7 Home Premium Edition

Windows Information: (build 7600), 64-bit

Base Board Manufacturer: Dell Inc.

BIOS Manufacturer: Dell Inc.

System Manufacturer: Dell Inc.

System Product Name: Inspiron 1545

Logical Drives Mask: 0x0000000c

Kernel Drivers (total 197):

0x02A11000 \SystemRoot\system32\ntoskrnl.exe

0x02FED000 \SystemRoot\system32\hal.dll

0x00BA1000 \SystemRoot\system32\kdcom.dll

0x00C02000 \SystemRoot\system32\mcupdate_GenuineIntel.dll

0x00C46000 \SystemRoot\system32\PSHED.dll

0x00C5A000 \SystemRoot\system32\CLFS.SYS

0x00CB8000 \SystemRoot\system32\CI.dll

0x00EB0000 \SystemRoot\system32\drivers\Wdf01000.sys

0x00F54000 \SystemRoot\system32\drivers\WDFLDR.SYS

0x00F63000 \SystemRoot\system32\DRIVERS\ACPI.sys

0x00FBA000 \SystemRoot\system32\DRIVERS\WMILIB.SYS

0x00FC3000 \SystemRoot\system32\DRIVERS\msisadrv.sys

0x00FCD000 \SystemRoot\system32\DRIVERS\pci.sys

0x00E00000 \SystemRoot\system32\DRIVERS\vdrvroot.sys

0x00E0D000 \SystemRoot\System32\drivers\partmgr.sys

0x00E22000 \SystemRoot\system32\DRIVERS\compbatt.sys

0x00E2B000 \SystemRoot\system32\DRIVERS\BATTC.SYS

0x00E37000 \SystemRoot\system32\DRIVERS\volmgr.sys

0x00E4C000 \SystemRoot\System32\drivers\volmgrx.sys

0x00D78000 \SystemRoot\System32\drivers\mountmgr.sys

0x01029000 \SystemRoot\system32\DRIVERS\iaStor.sys

0x01145000 \SystemRoot\system32\drivers\amdxata.sys

0x01150000 \SystemRoot\system32\drivers\fltmgr.sys

0x0119C000 \SystemRoot\system32\drivers\fileinfo.sys

0x011B0000 \SystemRoot\System32\Drivers\PxHlpa64.sys

0x0125D000 \SystemRoot\System32\Drivers\Ntfs.sys

0x00D92000 \SystemRoot\System32\Drivers\msrpc.sys

0x01200000 \SystemRoot\System32\Drivers\ksecdd.sys

0x01402000 \SystemRoot\System32\Drivers\cng.sys

0x01475000 \SystemRoot\System32\drivers\pcw.sys

0x01486000 \SystemRoot\System32\Drivers\Fs_Rec.sys

0x01490000 \SystemRoot\system32\drivers\ndis.sys

0x01582000 \SystemRoot\system32\drivers\NETIO.SYS

0x0121A000 \SystemRoot\System32\Drivers\ksecpkg.sys

0x016FB000 \SystemRoot\system32\DRIVERS\volsnap.sys

0x01747000 \SystemRoot\System32\Drivers\spldr.sys

0x0174F000 \SystemRoot\System32\drivers\rdyboost.sys

0x01789000 \SystemRoot\System32\Drivers\mup.sys

0x0179B000 \SystemRoot\System32\drivers\hwpolicy.sys

0x017A4000 \SystemRoot\System32\DRIVERS\fvevol.sys

0x017DE000 \SystemRoot\system32\DRIVERS\disk.sys

0x01600000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS

0x02B3A000 \SystemRoot\system32\DRIVERS\cdrom.sys

0x02B64000 \SystemRoot\System32\Drivers\Null.SYS

0x02B6D000 \SystemRoot\System32\Drivers\Beep.SYS

0x02B74000 \SystemRoot\System32\drivers\vga.sys

0x02B82000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

0x02BA7000 \SystemRoot\System32\drivers\watchdog.sys

0x02BB7000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0x02BC0000 \SystemRoot\system32\drivers\rdpencdd.sys

0x02BC9000 \SystemRoot\system32\drivers\rdprefmp.sys

0x02BD2000 \SystemRoot\System32\Drivers\Msfs.SYS

0x02BDD000 \SystemRoot\System32\Drivers\Npfs.SYS

0x03801000 \SystemRoot\System32\drivers\tcpip.sys

0x0163E000 \SystemRoot\System32\drivers\fwpkclnt.sys

0x01688000 \SystemRoot\system32\DRIVERS\tdx.sys

0x02BEE000 \SystemRoot\system32\DRIVERS\TDI.SYS

0x016A6000 \SystemRoot\System32\DRIVERS\netbt.sys

0x03A59000 \SystemRoot\system32\drivers\afd.sys

0x03AE2000 \SystemRoot\system32\DRIVERS\wfplwf.sys

0x03AEB000 \SystemRoot\system32\DRIVERS\pacer.sys

0x03B11000 \SystemRoot\system32\DRIVERS\vwififlt.sys

0x03B27000 \SystemRoot\system32\DRIVERS\netbios.sys

0x03B36000 \SystemRoot\system32\DRIVERS\wanarp.sys

0x03B51000 \SystemRoot\system32\DRIVERS\termdd.sys

0x03B65000 \SystemRoot\system32\DRIVERS\rdbss.sys

0x03BB6000 \SystemRoot\system32\drivers\nsiproxy.sys

0x03BC2000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0x03BCD000 \SystemRoot\System32\drivers\discache.sys

0x03BDC000 \SystemRoot\System32\Drivers\dfsc.sys

0x03A00000 \SystemRoot\system32\DRIVERS\blbdrive.sys

0x03A11000 \SystemRoot\system32\DRIVERS\tunnel.sys

0x03CED000 \SystemRoot\system32\DRIVERS\igdkmd64.sys

0x04684000 \SystemRoot\System32\drivers\dxgkrnl.sys

0x04778000 \SystemRoot\System32\drivers\dxgmms1.sys

0x047BE000 \SystemRoot\system32\DRIVERS\usbuhci.sys

0x04600000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0x04656000 \SystemRoot\system32\DRIVERS\usbehci.sys

0x047CB000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

0x04842000 \SystemRoot\system32\DRIVERS\bcmwl664.sys

0x04AEA000 \SystemRoot\system32\DRIVERS\vwifibus.sys

0x04AF7000 \SystemRoot\system32\DRIVERS\yk62x64.sys

0x04B5B000 \SystemRoot\system32\DRIVERS\i8042prt.sys

0x04B79000 \SystemRoot\system32\DRIVERS\Apfiltr.sys

0x04BC4000 \SystemRoot\system32\DRIVERS\mouclass.sys

0x04BD3000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0x04BE2000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

0x04BEF000 \SystemRoot\system32\DRIVERS\CmBatt.sys

0x04BF4000 \SystemRoot\system32\DRIVERS\wmiacpi.sys

0x04800000 \SystemRoot\system32\DRIVERS\intelppm.sys

0x04816000 \SystemRoot\system32\DRIVERS\CompositeBus.sys

0x04826000 \SystemRoot\system32\DRIVERS\AgileVpn.sys

0x03C00000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0x047EF000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0x03C24000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0x04667000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0x03C53000 \SystemRoot\system32\DRIVERS\raspptp.sys

0x03C74000 \SystemRoot\system32\DRIVERS\rassstp.sys

0x0483C000 \SystemRoot\system32\DRIVERS\swenum.sys

0x03C8E000 \SystemRoot\system32\DRIVERS\ks.sys

0x03CD1000 \SystemRoot\system32\DRIVERS\umbus.sys

0x04EC5000 \SystemRoot\system32\DRIVERS\usbhub.sys

0x04F1F000 \SystemRoot\System32\Drivers\NDProxy.SYS

0x04F34000 \SystemRoot\system32\DRIVERS\stwrt64.sys

0x04FB3000 \SystemRoot\system32\DRIVERS\portcls.sys

0x04E00000 \SystemRoot\system32\DRIVERS\drmk.sys

0x04E22000 \SystemRoot\system32\drivers\ksthunk.sys

0x04E28000 \SystemRoot\System32\Drivers\crashdmp.sys

0x02A00000 \SystemRoot\System32\Drivers\dump_iaStor.sys

0x04E36000 \SystemRoot\System32\Drivers\dump_dumpfve.sys

0x00070000 \SystemRoot\System32\win32k.sys

0x04E49000 \SystemRoot\System32\drivers\Dxapi.sys

0x04E55000 \SystemRoot\System32\Drivers\RtsUStor.sys

0x04E8F000 \SystemRoot\System32\Drivers\USBD.SYS

0x04E91000 \SystemRoot\system32\DRIVERS\monitor.sys

0x04E9F000 \SystemRoot\system32\DRIVERS\hidusb.sys

0x03A37000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

0x04EAD000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0x02B1C000 \SystemRoot\system32\DRIVERS\usbccgp.sys

0x04EB6000 \SystemRoot\system32\DRIVERS\kbdhid.sys

0x04FF0000 \SystemRoot\system32\DRIVERS\mouhid.sys

0x011BC000 \SystemRoot\System32\Drivers\usbvideo.sys

0x01E1B000 \SystemRoot\system32\DRIVERS\CtClsFlt.sys

0x00550000 \SystemRoot\System32\TSDDD.dll

0x00600000 \SystemRoot\System32\cdd.dll

0x01E46000 \SystemRoot\system32\drivers\luafv.sys

0x01E69000 \SystemRoot\system32\drivers\WudfPf.sys

0x01E8A000 \SystemRoot\system32\DRIVERS\lltdio.sys

0x01E9F000 \SystemRoot\system32\DRIVERS\nwifi.sys

0x01EF2000 \SystemRoot\system32\DRIVERS\ndisuio.sys

0x01F05000 \SystemRoot\system32\DRIVERS\rspndr.sys

0x01F1D000 \SystemRoot\system32\drivers\HTTP.sys

0x01FE5000 \SystemRoot\system32\DRIVERS\vwifimp.sys

0x015E2000 \SystemRoot\system32\DRIVERS\bowser.sys

0x01E00000 \SystemRoot\System32\drivers\mpsdrv.sys

0x028E2000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0x0290F000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

0x0295D000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

0x02800000 \SystemRoot\system32\drivers\peauth.sys

0x028A6000 \SystemRoot\System32\Drivers\secdrv.SYS

0x028B1000 \SystemRoot\System32\DRIVERS\srvnet.sys

0x02980000 \SystemRoot\System32\drivers\tcpipreg.sys

0x02992000 \SystemRoot\System32\DRIVERS\srv2.sys

0x05641000 \SystemRoot\System32\DRIVERS\srv.sys

0x056D6000 \SystemRoot\System32\Drivers\BTHUSB.sys

0x056EE000 \SystemRoot\System32\Drivers\bthport.sys

0x0577A000 \SystemRoot\system32\DRIVERS\rfcomm.sys

0x057A6000 \SystemRoot\system32\DRIVERS\BthEnum.sys

0x057B6000 \SystemRoot\system32\DRIVERS\bthpan.sys

0x057D6000 \SystemRoot\system32\DRIVERS\bthmodem.sys

0x057ED000 \SystemRoot\system32\drivers\modem.sys

0x05A22000 \SystemRoot\system32\DRIVERS\btwavdt.sys

0x05A9D000 \SystemRoot\system32\DRIVERS\hidbth.sys

0x05ABB000 \SystemRoot\system32\drivers\btwaudio.sys

0x05B41000 \SystemRoot\system32\DRIVERS\btwl2cap.sys

0x05B4D000 \SystemRoot\system32\DRIVERS\btwrchid.sys

0x05B51000 \SystemRoot\system32\drivers\BCM42RLY.sys

0x05B5A000 \SystemRoot\System32\Drivers\fastfat.SYS

0x77530000 \Windows\System32\ntdll.dll

0x47D30000 \Windows\System32\smss.exe

0xFF850000 \Windows\System32\apisetschema.dll

0xFF9C0000 \Windows\System32\autochk.exe

0xFF760000 \Windows\System32\oleaut32.dll

0x77430000 \Windows\System32\user32.dll

0xFF740000 \Windows\System32\imagehlp.dll

0x77310000 \Windows\System32\kernel32.dll

0x77700000 \Windows\System32\psapi.dll

0xFF610000 \Windows\System32\rpcrt4.dll

0xFF600000 \Windows\System32\nsi.dll

0xFF4D0000 \Windows\System32\wininet.dll

0xFF4A0000 \Windows\System32\imm32.dll

0xFF2C0000 \Windows\System32\setupapi.dll

0xFF2A0000 \Windows\System32\sechost.dll

0xFF120000 \Windows\System32\urlmon.dll

0xFF010000 \Windows\System32\msctf.dll

0xFEF30000 \Windows\System32\advapi32.dll

0xFEE90000 \Windows\System32\comdlg32.dll

0xFEDC0000 \Windows\System32\usp10.dll

0xFED20000 \Windows\System32\msvcrt.dll

0xFECD0000 \Windows\System32\Wldap32.dll

0xFEA70000 \Windows\System32\iertutil.dll

0xFE9F0000 \Windows\System32\shlwapi.dll

0xFE980000 \Windows\System32\gdi32.dll

0x776F0000 \Windows\System32\normaliz.dll

0xFE770000 \Windows\System32\ole32.dll

0xFE6F0000 \Windows\System32\difxapi.dll

0xFE6A0000 \Windows\System32\ws2_32.dll

0xFE600000 \Windows\System32\clbcatq.dll

0xFE5F0000 \Windows\System32\lpk.dll

0xFD860000 \Windows\System32\shell32.dll

0xFD7F0000 \Windows\System32\KernelBase.dll

0xFD7B0000 \Windows\System32\cfgmgr32.dll

0xFD640000 \Windows\System32\crypt32.dll

0xFD600000 \Windows\System32\wintrust.dll

0xFD5E0000 \Windows\System32\devobj.dll

0xFD540000 \Windows\System32\comctl32.dll

0xFD530000 \Windows\System32\msasn1.dll

Processes (total 83):

0 System Idle Process

4 System

312 C:\Windows\System32\smss.exe

392 csrss.exe

468 C:\Windows\System32\wininit.exe

484 csrss.exe

536 C:\Windows\System32\winlogon.exe

572 C:\Windows\System32\services.exe

588 C:\Windows\System32\lsass.exe

596 C:\Windows\System32\lsm.exe

696 C:\Windows\System32\svchost.exe

776 C:\Windows\System32\svchost.exe

868 C:\Windows\System32\svchost.exe

912 C:\Windows\System32\svchost.exe

952 C:\Windows\System32\svchost.exe

988 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\stacsv64.exe

328 C:\Windows\System32\audiodg.exe

464 C:\Windows\System32\svchost.exe

280 C:\Program Files\Dell\DellDock\DockLogin.exe

1068 C:\Windows\System32\svchost.exe

1260 C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE

1268 C:\Windows\System32\wlanext.exe

1276 C:\Windows\System32\conhost.exe

1356 C:\Program Files\Dell\Dell Wireless WLAN Card\BCMWLTRY.EXE

1420 C:\Windows\System32\spoolsv.exe

1448 C:\Windows\System32\svchost.exe

1572 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe

1620 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

1724 C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe

1764 C:\Program Files (x86)\Bonjour\mDNSResponder.exe

1784 C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

1856 C:\Windows\System32\svchost.exe

1952 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

2024 C:\Windows\System32\svchost.exe

1092 C:\Windows\System32\svchost.exe

2056 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe

2508 C:\Windows\System32\dwm.exe

2552 C:\Windows\explorer.exe

2676 WmiPrvSE.exe

2764 C:\Windows\System32\taskhost.exe

2820 C:\Windows\System32\svchost.exe

2064 C:\Program Files\DellTPad\Apoint.exe

2404 C:\Program Files\IDT\WDM\sttray64.exe

2376 C:\Windows\System32\igfxtray.exe

2648 PrintIsolationHost.exe

2964 C:\Windows\System32\hkcmd.exe

3028 C:\Windows\System32\igfxpers.exe

3040 C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE

2844 C:\Windows\System32\igfxsrvc.exe

2884 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

2356 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

3076 C:\Program Files\Dell\DellDock\DellDock.exe

3220 C:\Program Files (x86)\LimeWire\LimeWire.exe

3256 C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe

3264 C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

3280 C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe

3524 C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe

3560 WmiPrvSE.exe

3640 C:\Program Files\DellTPad\ApMsgFwd.exe

3748 C:\Windows\System32\SearchIndexer.exe

3852 C:\Program Files\Windows Media Player\wmpnetwk.exe

3920 C:\Program Files\Internet Explorer\iexplore.exe

4000 C:\Program Files\DellTPad\hidfind.exe

4072 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

4080 C:\Program Files\DellTPad\ApntEx.exe

3164 C:\Windows\System32\conhost.exe

2988 C:\Program Files\Internet Explorer\iexplore.exe

3516 C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe

3716 C:\Program Files (x86)\Bradford Networks\Persistent Agent\bncsaui.exe

3888 C:\Windows\System32\svchost.exe

4160 C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe

4560 C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

4684 C:\Program Files (x86)\iTunes\iTunesHelper.exe

5012 C:\Windows\System32\wbem\WMIADAP.exe

5108 C:\Program Files (x86)\Dell Support Center\gs_agent\dsc.exe

3448 C:\Program Files\iPod\bin\iPodService.exe

4328 dllhost.exe

4960 dllhost.exe

4944 C:\Users\Derek\Desktop\MBRCheck.exe

3144 C:\Windows\System32\conhost.exe

1664 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe

4856 C:\Windows\System32\conhost.exe

632 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`2c100000 (NTFS)

PhysicalDrive0 Model Number: WDCWD3200BEVT-75A23T0, Rev: 01.01A01

Size Device Name MBR Status

--------------------------------------------

298 GB \\.\PhysicalDrive0 MBR Code Faked!

SHA1: 38BE7869FCCF026F920DA4A541B12E68993C36ED

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Share this post


Link to post
Share on other sites

Let's try another rescue CD ;) :

These are links to Anti-virus vendors that offer free LiveCD or Rescue CD files that are used to boot from for repair of unbootable and damaged systems, rescue data, scan the system for virus infections. Burn it as an image to a disk to get a bootable CD. All (except Avira) are in the ISO Image file format. Avira uses an EXE that has built-in CD burning capability.

If you are not sure how to burn an image, please read How to write a CD/DVD image or ISO. If you need a FREE utility to burn the ISO image, download and use ImgBurn.

Let me know how it goes.

Share this post


Link to post
Share on other sites

I've already tried the Kaspersky and the Avira Rescue CDS and they just made things worse. I only had one blank CD left and I used it to make the Windows 7 Repair Disc from my laptop. I can go out and get more CD's tomorrow but I don't think I'm going to have much luck with the CD's ;) They're starting to scare me. Is the computer that bad to need a rescue CD? That seems like a last step to me but idk. If so, would I just be better off to do a system recovery? The only symptom the computer has now is redirection.

Share this post


Link to post
Share on other sites

Well, in a way the CD's are our last resort, due to the fact that you have an infected MBR and none of the usual fixes are working (partly because its Windows 7, and we have fewer tools to use on this operating system since its newer).

The problem with doing a system recovery is that the virus you have will actually survive the recovery, and you'll notice that you'll be infected all over again. If you want to do a reformat the hard drive (and reinstall Windows), you'll have to clear the MBR as well

Let me know if you still want to pursue cleaning your system, and I will inquire with some experts (far far greater knowledge than I) for some possible solutions ;)

Share this post


Link to post
Share on other sites

If doing a recovery wouldn't fix it, I'll continue to try to fight this. I just thought that would be an easy fix since nothing seems to be helping. Should I follow the instructions on the link you gave to restore the MBR? It doesn't look hard. Or does that have to go along with a system recovery? Here I thought Windows 7 was harder to infect (or harder for it to spread) b/c it was 64 bit.

Share this post


Link to post
Share on other sites
Or does that have to go along with a system recovery?

It has to go along with a reinstallation (reformat) of the operating system. System Recovery just rolls it back to a previous date, it doesn't totally start it over.

Let me know what you plan to do ;)

Share this post


Link to post
Share on other sites

At least this computer still has another year's warranty on it!! ;) although I don't know if that covers viruses, malware, and stuff. Since it would survive a recovery and still be infected, let's try a few more things before I resort to recovery. Elise got me through a rootkit on my laptop a year or so ago but I don't remember her saying anything about an infected MBR.

What next? Should I keep trying the rescue CD's or is there something else? BTW, it's like you need a PhD for this crap, and I am silently cursing the idiots who create these infections!! LOL!!! :) Okay, enough ranting :)

Oh, another thing I thought of. Since I'm making these rescue CD's on an infected computer, could that have an affect? Should I make them on my computer or does that matter? Also, can I use DVD's to make them (b/c I'm currently out of CD's).

Share this post


Link to post
Share on other sites

oh, and yea, I guess I was talking about reinstalling instead of recovery when I mentioned it before.

Share this post


Link to post
Share on other sites
What next? Should I keep trying the rescue CD's or is there something else?

Yes, try another Rescue CD for now and I'll ask some of the experts around here for some suggestions. ;)

Oh, another thing I thought of. Since I'm making these rescue CD's on an infected computer, could that have an affect?

I'd say it shouldn't. As long as you remember to wipe the MBR (instructions are in that link I gave you earlier) you should be fine :)

Also, can I use DVD's to make them (b/c I'm currently out of CD's).

Depends. HP, for example, will require DVD's. Usually the program will tell you the requirements ;)

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.