My System:Windows Vista Home Premium Service Pack 2 (build 6002)
I have run
Avast! full scan
And Boot time scan
Malwarebytes full scan
Trendmicro (free) online scanner
Also another tool i had not heard of previously tdsskiller.
I deleted a suspicious file in the Temp folder pl.exe
I might add that when I log on as a alternate user the problem does not seem to occur
The aswMBR.exe is reporting an Unknown MBR code (e.g. not the default MBR code), this can indicate the presence of an MBR rootkit, but it can also mean nothing more than you have a customised system, like a Dell, HP, etc. These may have a custom MBR to allow for use of their recovery partition, to restore your system back to the factory settings. Is your system from a major computer manufacturer like Dell, HP ?
The tdsskiller is also looking for rootkits, specifically TDSS variants, I assume it didn’t find anything ?
####
The OTL logs will have to be analysed by a specialist, when he is on-line.
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
Problem appears solved Much thanks.
The question was posed about the OEM it is a Compaq Presario C769US.
I see from the OTL log that the host file was deleted/replaced fresh. Can i overwrite this with the Spybot default host file? I see that 2 files were deleted from a folder in created for this situation
C:\Users\James\Popup BS Fix\cmd.bat deleted successfully.
C:\Users\James\Popup BS Fix\cmd.txt deleted successfully.
I did not see these in that folder if you could explain to me what happened i’d enjoy the knowledge. Attached file per your request. Ps I’m glad i kept you out of the pubs
Cheers
Jamespb
Ok YoKenny I took your advice and substituted the host file with the one you suggested. Thanks.
Have you replied for essexboy because i had a few questions I had posed for him [note above] about my issue. Although it was solved i was just curious about a few things?
Cheers
Jamespb
OK the problem was in the Host.ics file which I deleted and then reset the main host file to default. The command files that were deleted were created by the malware and were set as hidden - but OTL could see them and delete them ;D
I had been through the etc folder and scrutinized then edited the host file to ignore the redirect site trying for a fix to no avail. I do know that the etc folder contains other host type files and left them alone. ICS is apparently an outlook related file i did not touch it or try to view it. I see the host.ics is again present in the etc folder I’m assuming it was replaced with a fresh/clean file. This is my sisters PC and i had not enabled to view hidden files and to view extensions as i normally would, hence my not seeing the cmd.bat and cmd.txt
So Cheers to you
The redirects are gone thank you for your time.
Excellent
