So I’ve picked up some nasty virus that redirects google links to random websites. It also seems to be causing a significant amount of network and processor instability. I’ve used AVG and Avast and neither are able to kill the issue.
The text I get from avast says its URL:Mal and in svchost.exe.
So the question is, what do I need to do?
I did find some other posts talking about similar issues. I have run OTS using the following commands as per an essexboy post (c/p’d below) and I’ve attached the ots.txt to this post
Download OTS to your Desktop and double-click on it to run it
* Make sure you close all other programs and don't use the PC while the scan runs.
* Select All Users
* Under additional scans select the following
* Now click the Run Scan button on the toolbar. Make sure not to use the PC while the program is running or it will freeze.
* When the scan is complete Notepad will open with the report file loaded in it.
* Please attach the log in your next post.
two things came up in red
ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8a48e4d0]<<
and
\Driver\atapi[0x8a61d0a0] → IRP_MJ_CREATE → 0x8a48e4d0
Well nothing conclusive there, the aswMBR is normally very clear if a an MBR rootkit is found. I don’t know what to make of the entries you mentioned were in red, so it will require further investigation by someone that can analyse this and the OTS log.
Svchost.exe is a container of sorts that contains and controls the running of various services/programs grouped logically together in a svchost.exe process. It contains only what the OS loads into it as services and programs are started.
What Web Browser are you using?
In the past I have had problems with redirects in Firefox though I am sure that people get them in IE, Chrome, Opera etc. As I recall I finally located the problem in one of the addons and was able to fix it. It was nasty and took quite a bit of time to find it and get rid of it. Avast and other virus scanners did not detect it. I only found it by sheer luck persistence and a little experience.
Thanks David. It’ll likely be a long drawn out process since I won’t have access to the offending computer till this evening. Just trying to make sure that some eyes get on it during what I suspect is the busiest time of the day.
The internet is a weird place as far as time goes, it never sleeps, but for stuff like this where you need a malware removal specialist, if they aren’t in your time zone it can be a bit of a pain.
Which antivirus are you keeping as both are currently running on your system ?
Please read carefully and follow these steps.
[*]Download TDSSKiller and save it to your Desktop.
[*]Extract its contents to your desktop.
[*]Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
[*]If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
[*]If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of “TDSSKiller.[Version][Date][Time]_log.txt”. Please copy and paste the contents of that file here.
It seems like it might have gotten it, I’ve not experienced any popups saying a malicious URL is trying to be accessed. Here are the logs though, just in case. (attached)