I have a clients computer with a particularly nasty problem.
It originated as a pro av scam program that was received.
My client is a franchise business and they are required to use I.E. so please do not simply tell me to switch to FF...
As on other threads,, you run a search in google yahoo etc.. and the links redirected to random sites that are irrelevant.
Installed HJT.. when it ran, it immediatly shut down and could no longer access the program unless installed into a different folder and it would start but immediatly crash..... not good... no log created
Installed and updated MBAM... started it tunning, It started to scan, It showed 5 keys were infected then shut down... no log created. Tried running again but was informed that it could not be accessed....re-intalled.. started to run then shut down.
Installed Superantispyware and updated... Ran the program in safemode and it shut down part way through scan,... no log created.
Are we getting the picture yet?
uninstalled and then re-installed the programs.
using msconfig... restarted in diagnostic mode.
Ran MBAM... it discovered and removed a bunch of stuff... don't have log here
superantispyware ran clean.
So I think GREAT... we got things back under control.
ran MBAM once again just to make certain after a restart in diagnostics mode, and it came clean. I was so happy.
Set it back to normal startup and went to IE... did a google search, and sure enough, it was redirected to some irrelevant random site.
BTW,,, when it does this, there is always this little green globe that appears in the address bar.
So I go to run MBAM and SuperAntispyware.. both shut down without completion and could not be accessed with out re-installation to a different folder.
Under loaded modules in the sysinfo, everything looks normal except this one entry... it has no information except the location of the module which is somehing I have never seen before...
\\globalroot\device\__max++>\df95db98.x86.dll
Ummmm... yeah like... where would this be?
Any help would be appreciated.
Brian
It originated as a pro av scam program that was received.
My client is a franchise business and they are required to use I.E. so please do not simply tell me to switch to FF...
As on other threads,, you run a search in google yahoo etc.. and the links redirected to random sites that are irrelevant.
Installed HJT.. when it ran, it immediatly shut down and could no longer access the program unless installed into a different folder and it would start but immediatly crash..... not good... no log created
Installed and updated MBAM... started it tunning, It started to scan, It showed 5 keys were infected then shut down... no log created. Tried running again but was informed that it could not be accessed....re-intalled.. started to run then shut down.
Installed Superantispyware and updated... Ran the program in safemode and it shut down part way through scan,... no log created.
Are we getting the picture yet?
uninstalled and then re-installed the programs.
using msconfig... restarted in diagnostic mode.
Ran MBAM... it discovered and removed a bunch of stuff... don't have log here
superantispyware ran clean.
So I think GREAT... we got things back under control.
ran MBAM once again just to make certain after a restart in diagnostics mode, and it came clean. I was so happy.
Set it back to normal startup and went to IE... did a google search, and sure enough, it was redirected to some irrelevant random site.
BTW,,, when it does this, there is always this little green globe that appears in the address bar.
So I go to run MBAM and SuperAntispyware.. both shut down without completion and could not be accessed with out re-installation to a different folder.
Under loaded modules in the sysinfo, everything looks normal except this one entry... it has no information except the location of the module which is somehing I have never seen before...
\\globalroot\device\__max++>\df95db98.x86.dll
Ummmm... yeah like... where would this be?
Any help would be appreciated.
Brian