I’ve read a lot of info about removing the redirect virus to no avail so have tried to follow essexboy’s instructions on how to post the info here so I could get help. I’m not a computer whiz like most who have posted but I thought it was worth a try before I had to call in the paid experts. Be gentle and thanks in advance for any help.
I’ve posted MBAM scan report, OTL.Txt and Extras.Txt
I wasn’t able to get Gmer report
kept getting the blue screen even in Safe mode
Wondering why I haven’t gotten any feedback on my post. Have I posted correctly? I had to post my log files as attachments because post was over 10000 characters, if that makes a difference. If I was a computer whiz I guess I would have fixed it on my own after reading everyone else’s posts. Thanks again
You’ve posted correctly.
Hope that some of the users could help you.
Sorry, I’m not an expert on cleaning. Hope Essexboy come here
Essexboy was sendt a PM this morning, but the man have to sleep…
he usually enters the forum late UK time, so in about 3 - 4 - 5 hours…depends how much work he has in the other forum
Thank you Tech and Pondus for the reply, appreciate it.
Hi there - whatever you have it is nicely hidden so I will get a big hammer to have a look - what are your current symptoms ?
Download ComboFix from one of these locations:
* IMPORTANT !!! Save ComboFix.exe to your Desktop
[*]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
[*]Double click on ComboFix.exe & follow the prompts.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Current symptoms:
-Searches (google,AOL,Yahoo,etc) get redirected to different sites
-Computer unstable and freezes(unresponsive) requiring ON/OFF reset
-Couldn’t update Avast, MBAM, CCleaner, etc Had to run updated programs thru memory stick downloaded from laptop not infected
-Weird popups- Host process for Windows Services stopped working and was closed. A problem caused the application to stop working correctly. Windows will notify you if a solution is available.
Official Visitor Winner-Windows Internet Explorer Message from Webpage Congratulations 2mdn.net Visitor You are the winner…
Attached is Combofix log
Infected copy of c:\windows\system32\drivers\netbt.sys was found and disinfected Restored copy from - Kitty had a snack :p .That was the culprit - do you still get redirection ?
Thank you essexboy, everythings seems to be working like it should. I appreciate your help.
Let me add that I spent 2 years in England at RAF Lakenheath, lived near the village of Feltwell. This was 1977 to 1979. It was quite the experience for a 20 yr old lad from Indiana who had never been away from home! Very fond memories of my time there and the places I got to visit and the people I met. Enough of my remeninsicing.
Thanks again
I will remove my tools now and give some recommendations, but I would like you to run for 24 hours or so and come back if you have any problems
Now the best part of the day ----- Your log now appears clean
A good workman always cleans up after himself so…The following will implement some cleanup procedures as well as reset System Restore points:
Click Start > Run and copy/paste the following bolded text into the Run box and click OK:
ComboFix /Uninstall
Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself. MBAM can be uninstalled via control panel add/remove along with ERUNT. But they may be useful tools to keep
We will now confirm that your hidden files are set to that, as some of the tools I use will change that
[*]Click Start.
[*]Open My Computer.
[*]Select the Tools menu and click Folder Options.
[*]Select the View Tab.
[*]Under the Hidden files and folders heading select Do not show hidden files and folders.
[]Click Yes to confirm.
[]Click OK.
SPRING CLEAN
Download TFC to your desktop
[*]Open the file and close any other windows.
[*]It will close all programs itself when run, make sure to let it run uninterrupted.
[*]Click the Start button to begin the process. The program should not take long to finish its job
[*]Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean
THEN
Download Flush Flash from Here and follow the easy to use instructions on the same page
NEXT
Download and run Puran Disc Defragmenter
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
[*]SpywareBlaster to help prevent spyware from installing in the first place.
http://img233.imageshack.us/img233/7729/mbamicontw5.gif
Malwarebytes. Run weekly to keep your system clean
It is critical to have both a firewall and anti virus to protect your system and to keep them updated.
To keep your operating system up to date visit
[*]Microsoft Windows Update
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe