1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Internet Redirecting itself possible host?

Discussion in 'Virus & Other Malware Removal' started by SJDyer, Apr 1, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. SJDyer

    SJDyer Thread Starter

    Joined:
    Apr 1, 2010
    Messages:
    10
    Hello i am having some trouble with my internet browser. When i am browsing the internet ad pages will automatically load up. as well when i do a search the links take me to advertisement sites redirecting me away from he original URL.
    '
    greatly appreciate any feedback on my issue at hand.
    '
    Thankyou​
     

    Attached Files:

  2. SJDyer

    SJDyer Thread Starter

    Joined:
    Apr 1, 2010
    Messages:
    10
    After looking at some of the other post i am still having this issue.
    '
    I would greatly appreciate if someone would look over my log attached my computer is at risk.
    Currently using the office pc.
    '
    I currently discovered i have a tdss rootkit in c/windows/system32/drivers/viamraid.sys
    '
    Any knowledge on this?
     
  3. Kenny94

    Kenny94 Banned

    Joined:
    Dec 16, 2004
    Messages:
    2,026
    Hi And Welcome to TSG!



    Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

    Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

    Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.

    Please download ComboFix from
    Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**
    1. If you are using Firefox, make sure that your download settings are as follows:
      • Tools->Options->Main tab
      • Set to Always ask me where to Save the files.
    2. During the download, rename Combofix to Combo-Fix as follows:

      [​IMG]

      [​IMG]

    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      -----------------------------------------------------------​
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause unpredictable results.
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
        -----------------------------------------------------------​
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      -----------------------------------------------------------​
    7. Double click on combo-Fix.exe & follow the prompts.
    8. When finished, it will produce a report for you.
    9. Please post the C:\Combo-Fix.txt for further review.
    **Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**
     
  4. SJDyer

    SJDyer Thread Starter

    Joined:
    Apr 1, 2010
    Messages:
    10
    Thank you Kenny94 I am running ComboFix Right now.
    '
    I will follow up with my log on a edit post here shortly.
     
  5. Kenny94

    Kenny94 Banned

    Joined:
    Dec 16, 2004
    Messages:
    2,026
    Tdss rootkit might prevent ComboFix to run all the way. Lets see.
     
  6. SJDyer

    SJDyer Thread Starter

    Joined:
    Apr 1, 2010
    Messages:
    10
    ComboFix was able to complete all the stages and prepare me a log.
    '
    Here is my ComboFix Log
    '
    Attached.
     

    Attached Files:

  7. Kenny94

    Kenny94 Banned

    Joined:
    Dec 16, 2004
    Messages:
    2,026
    Before we remove anything with a script.

    Please read the following through carefully so that you understand what to do.
    • Download TDSSKiller and save it to your Desktop.
    • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
    • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK. (If Vista, click on the Vista Orb and copy and paste the following into the Search field. (make sure you include the quotation marks) Then press Ctrl+Shift+Enter.)


      "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

    • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
    • It may ask you to reboot the computer to complete the process. Allow it to do so.
    • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.
     
  8. SJDyer

    SJDyer Thread Starter

    Joined:
    Apr 1, 2010
    Messages:
    10
    TDSS-Killer Was Ran And the results are listed in the attachement.
    '
     

    Attached Files:

  9. SJDyer

    SJDyer Thread Starter

    Joined:
    Apr 1, 2010
    Messages:
    10
    Doing a Follow up Post to see if everything is in working order now?.
    '
    If you need any more logs Kenny94 i'd be happy to have them viewed.
    '
    Thanks for all your time.
    SJD
     
  10. Kenny94

    Kenny94 Banned

    Joined:
    Dec 16, 2004
    Messages:
    2,026
    Open Hijackthis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:


    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O1 - Hosts: 207.7.142.44 iwalton.com
    O1 - Hosts: 207.7.142.44 www.iwalton.com
    O1 - Hosts: 207.7.142.44 iwalton.com
    O1 - Hosts: 207.7.142.44 www.iwalton.com
    O1 - Hosts: 207.7.142.44 iwalton.com
    O1 - Hosts: 207.7.142.44 www.iwalton.com
    O1 - Hosts: 207.7.142.44 iwalton.com
    O1 - Hosts: 207.7.142.44 www.iwalton.com
    O1 - Hosts: 207.7.142.44 iwalton.com
    O1 - Hosts: 207.7.142.44 www.iwalton.com
    O1 - Hosts: 207.7.142.44 iwalton.com
    O1 - Hosts: 207.7.142.44 www.iwalton.com
    O1 - Hosts: 207.7.142.44 iwalton.com
    O1 - Hosts: 207.7.142.44 www.iwalton.com
    O1 - Hosts: 207.7.142.44 iwalton.com
    O1 - Hosts: 207.7.142.44 www.iwalton.com
    O3 - Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)

    Again, make sure ALL browser windows are closed when you click FIX.

    Next

    Update Run Malwarebytes


    • Launch Malwarebytes' Anti-Malware
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
     
  11. SJDyer

    SJDyer Thread Starter

    Joined:
    Apr 1, 2010
    Messages:
    10
    Did all of the following steps you have included in the reply'
    '
    Here is the HijackThis and the MBAM logs.
    '
    Thankyou 4 going through this process with me Kenny94.
     

    Attached Files:

  12. Kenny94

    Kenny94 Banned

    Joined:
    Dec 16, 2004
    Messages:
    2,026
    Looking good SJDyer. Were almost done here....:)


    ESET Online Scanner

    Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however may need to disable your current installed Anti-Virus, how to do so can be read here.

    • Please go here then click on: [​IMG]
    • Select the option YES, I accept the Terms of Use then click on: [​IMG]
    • When prompted allow the Add-On/Active X to install.
    • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
    • Now click on Advanced Settings and select the following:
      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
    • Now click on: [​IMG]
    • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
    • When completed the Online Scan will begin automatically.
    • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
    • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
    • Now click on: [​IMG]
    • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    • Copy and paste that log as a reply to this topic.
    Note: Do not forget to re-enable your Anti-Virus application after running the above scan!


    Next



    Download Security Check from here or here.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


    In your next reply, please include these log(s):

    EsetOnlineScanner\log.txt
    checkup.txt


    Also, please let me know how things are running now and if you encountered any problems while you were following the instructions I posted.
     
  13. SJDyer

    SJDyer Thread Starter

    Joined:
    Apr 1, 2010
    Messages:
    10
    ESET LOG Posted. 5 infections found
    '
    Security Check log posted.
    '
    Frustrating to see that ESET log came up with 5 infections.
    .
    Greatly Appreciate any further instructions.
    .
    Things seem to be running smooth. :\ But looks like my PC needs further guidance.
     

    Attached Files:

  14. Kenny94

    Kenny94 Banned

    Joined:
    Dec 16, 2004
    Messages:
    2,026
    Please remove these

    C:\Documents and Settings\Administrator\Local Settings\Application Data\3771543548.dll

    C:\Documents and Settings\Isolyst\Local Settings\Application Data\3771543548.dll

    C:\Program Files\Image-Line\FL Studio 8

    And let me know?
     
  15. SJDyer

    SJDyer Thread Starter

    Joined:
    Apr 1, 2010
    Messages:
    10
    Removed the files you said and am going to run acouple more scans. ' Another instance of ESET, MBAM, AVIRA, SpybotS&D, SuperAntispyware and then post a log of them. ' Everything seems to be running smooth now. My internet does not redirect itself anymore and the host files and trojans are gone as of now. i hope none of them restore themselves. ' Thanks a million Kenny. . SJD
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/913956

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice