This just started yesterday. Google and Yahoo, from IE or FF, search results get redirected to something completely different. Searched Avast and else where, found some hits that are similar, but not quite the same.
I booted to Safe Mode, ran scan, it found something in SVCHOST. Virus Chest wasn’t working so I selectd Delete.
Booted to normal - Searches work fine (for now) But I still can’t open update . microsoft . com (www . microsoft . com works though?!?)
Ran scan again and it found something in Dc1.exe - this time the Virus Chest worked.
I tried that “quickie” of renaming/deleting …system32\wdmaud.sys, but didn’t do anything for me.
I WAS able to hit MS Update using the IP address, but with errors, saying something about ActiveX control are not present. I was NOT running “IE with Add-Ons Disabled”
One suggestion was to turn on Automatic Updates - I did, set for midnight - it should kick on any minute now…
I did download and run HijackThis. I didn’t see anything blatently wrong, and I did look for some of the entries listed on this board.
Any other suggestions?
Thanks
BTW - Until now Avast has worked great on a number of my home PCs for several years!
Sounds like you have a serious malware infection !? To detect “it”, I
recommend you start by posting a log of the FREE Malwarebytes’ Anti-
Malware, available at www.malwarebytes.org/mbam.php .
Well, I found a few more symptoms . . Can’t hit Malwarebytes or Avast from the infected.
So I emailed myself the MB setup, but that wouldn’t run after download. So I ran it from the attachment rather than downloading first (I know, bad practice).
It seemed to install, but it wouldn’t execute.
Sooo…
I’ve attached my Hijackthis log. Hopefully someone can find something.
Also, the browsing redirects are back.
I’m about two shakes from a reload. It’s a fairly recent install, so there isn’t that much on it yet.
If I haven’t seen these symptoms on other machines on my local network, does that mean I am safe or lucky? (“safe” being a relative term. . . .)
Now I suspect you have a TDSS-related “infection” !? With circumstances
like yours, I saw a certified, Volunteer “Malware Removal Specialist” on the
Geeks To Go Forums recommend starting with a FREE Program called “SDFix”
and there is a “Tutorial” on this program at www.bleepingcomputer.com/forums/topic131299.html . IF you feel confident
to follow the Info in this “Tutorial”, do so and then see IF you can then run
the Malwarebytes Anti-Malware program . Otherwise, you should seek help
on an advanced malware removal forum ( unless “essexboy”, who is a
“Moderator” on the geeks to go Forums, shows up here ) , such as the One
at www.geekstogo.com/forum/forums.html .
MalwareBytes AntiMalware has recently (in these forums) been quite good at the removal of the TDSS related infection, including the rootkit element as essexboy found when suggesting combofix, only to find it had already been removed by MBAM.
I feel confident to deal with the bleeping computer stuff - my career has been in IT for about 20yrs - but I feel more confident that my time would be better spent with the XP Home install disk instead. I’m a computer geek at work, but my home life has other priorities. I’ve also learned how to keep all my “valuables” in one easy-to-grab location.
Thank You! to you and the board for your help and suggestions. I have learned a few new things and found another good resource - especially that “Links” post I ran across in the General topic! I’ll definately be back to look for “best of breed” protection.
Avast! You can look for another registration request from mrmhead in the near future!
DavidR - No I didn’t run or install MBAM in safe mode. Should I?
Personally if it was my pc, I would fix the entry
O4 - HKCU..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe
Iwould run the SDFix program,I would install MBAM in safe mode, download the updates from a clean pc (see link) install the updates and run MBAM in safe mode ( all already suggested)
No STDs for that you will need to make a special call ;D
Well Running MBAM in safe mode doesn’t detect any more but it can help in the removal process as some things aren’t running in safe mode.
MBAM is one security application that can be installed in safe mode (I never went down that route) and pretty much for the same reason, some malware is lying in wait to ambush security applications as they are installed.
Some have even gone to renaming the installation file, but personally I don’t know how effective that might be in dodging the bullet.
Hi :