1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

redirects, etc

Discussion in 'Virus & Other Malware Removal' started by garebo, Nov 15, 2011.

Thread Status:
Not open for further replies.
  1. garebo

    garebo Thread Starter

    Joined:
    Nov 12, 2001
    Messages:
    21
    Running 7 ultimate retail for about 2.5 yrs now. Lately i have been having many probs with internet explorer, re-directs when using google, audio coming on, all sorts of things, websites I didnt click on are coming up, ie simply locking up, was on Asus and i went to the mobo i wanted, clicked on "downloads" and i cant get to the next page where the downloads are. This sort of thing is happening all the time now.
    I dont know if this is related or not but I have quite a few usb drives and other usb items. Whenever i plug one in or turn one on my monitor goes blank (black), comes back on, goes blank again, and comes back on, all in a second or so.
    Should have done something about this earlier but i thought i had corrupt windows files since i have been running my pc every day and nite for 2.5 years and i do a lot of downloading of movies and such (demonoid)

    Help appreciated.

    thank you
     
  2. Blottedisk

    Blottedisk

    Joined:
    May 24, 2009
    Messages:
    94
    Hi garebo,

    Unfortunately your machine appears to have been infected by the TDSS rootkit/backdoor infection. These kind of malware is very dangerous. Backdoor Trojans provide a means of accessing a computer system that bypasses security mechanisms and steal sensitive information like passwords, personal and financial data which they send back to the hacker. Rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. Remote attackers use backdoor Trojans and rootkits as part of an exploit to to gain unauthorized access to a computer and take control of it without your knowledge.


    If you use your computer for sensitive purposes such as internet banking then I recommend you take the following steps immediately:

    • Use another, uninfected computer to change all your internet passwords, especially ones with financial implications such as banks,
      paypal, ebay, etc. You should also change the passwords for any other site you use.
    • Call your bank(s), credit card company or any other institution which may be affected and advise them that your login/password or
      credit card information may have been stolen and ask what steps to take with regard to your account.
    • Consider what other private information could possibly have been taken from your computer and take appropriate steps

    Please read the following for more information:

    How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
    What Should I Do If I've Become A Victim Of Identity Theft?
    Identity Theft Victims Guide - What to do


    Although the TDSS infection can be identified and removed, your PC has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume that if this type of malware has been removed the computer is now secure. In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired. The malware may leave so many remnants behind that security tools cannot find them. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:

    When should I re-format? How should I reinstall?
    Where to draw the line? When to recommend a format and reinstall?

    Note: Attempting to reinstall Windows (repair install) without first wiping the entire hard drive with a repartition/reformat will not remove the infection. The reinstall will only overwrite the Windows files. Any malware on the system causing problems will still be there afterwards and a Repair will NOT help.


    Should you have any questions, please feel free to ask. Please let me know what you have decided to do in your next post. If you decide you want to try and clean your PC then please continue with the following instructions:

    Step 1 | Download DDS from any of the links below:

    Link 1
    Link 2
    Link 2

    --------------------------------------------------------------------
    • Save it to your desktop.
    • Please disable any anti-malware program that will block scripts from running before running DDS.
    • Double-Click on dds and a command window will appear. This is normal.
    • Shortly after two logs will appear:
      • DDS.txt
      • Attach.txt
    • A window will open instructing you save & post the logs.
    • Save the logs to a convenient place such as your desktop.
    • Post the contents of the DDS.txt report in your next reply.
    • Attach the Attach.txt report to your post by scroling down to the Attachments area and then clicking Browse. Browse to where you saved the file, and click Open and then click UPLOAD.

    Step 2 | Please download GMER from one of the following locations and save it to your desktop:

    Main Mirror - This version will download a randomly named file (Recommended)
    Zipped Mirror - This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

    --------------------------------------------------------------------

    • Disconnect from the Internet and close all running programs.
    • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
    • Right-click on the randomly named GMER file (i.e. n7gmo46c.exe) and choose "Run as administrator" to run it. Allow the gmer.sys driver to load if asked.

    Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then right-click on gmer.exe and choose "Run as administrator".

    [​IMG]

    • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
    • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
    • Make sure these options are all checked:
      • Services
      • Registry
      • Files
      • Systemdrive drive/partition, which is typically C:\
      • ADS

    [​IMG]
    Click the image to enlarge it

    • Now click the Scan button. If you see a rootkit warning window, click OK.
    • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
    • Click the Copy button and paste the results into your next reply.
    • Exit GMER and re-enable all active protection when done.
    -- If you encounter any problems, try running GMER in Safe Mode.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1027009

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice