Hi,
Looks like we’ve been hit with this same Google redirect malware that so many other here have. Humbly requesting help. Attached is the OTS log.
Thanks
Hi,
Looks like we’ve been hit with this same Google redirect malware that so many other here have. Humbly requesting help. Attached is the OTS log.
Thanks
Start OTS. Copy/Paste the information in the quotebox below into the panel where it says “Paste fix here” and then click the Run Fix button.
[Unregister Dlls]
[Registry - Safe List]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {5C255C8A-E604-49b4-9D64-90988571CECB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
[Files/Folders - Modified Within 30 Days]
NY -> ~16375588 -> C:\Documents and Settings\All Users\Application Data\~16375588
NY -> ~16375588r -> C:\Documents and Settings\All Users\Application Data\~16375588r
NY -> 16375588 -> C:\Documents and Settings\All Users\Application Data\16375588
[Files - No Company Name]
NY -> Microsoft Security Essentials.lnk -> C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
NY -> ~16375588 -> C:\Documents and Settings\All Users\Application Data\~16375588
NY -> ~16375588r -> C:\Documents and Settings\All Users\Application Data\~16375588r
NY -> 16375588 -> C:\Documents and Settings\All Users\Application Data\16375588
[Empty Temp Folders]
[EmptyFlash]
[Reboot]
The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here
I will review the information when it comes back in.
Thanks - here’s the information from the log file. (The “Avast blocked 64.211…” pop-up and re-direct is still happening though).
Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it
Click the “Scan” button to start scan
http://i1224.photobucket.com/albums/ee362/Essexboy3/aswMBR2-1.gif
On completion of the scan click save log, save it to your desktop and post in your next reply
Thanks again - here’s the results from the scan.
MBR:Sst [Rtk] - what is a beast? This is something new or what?
Please visit this webpage for download links, and instructions for running ComboFix tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please ensure you read this guide carefully and install the Recovery Console first.
The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
Once installed, you should see a blue screen prompt that says:
The Recovery Console was successfully installed.
Please continue as follows:
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
Remember to re-enable them afterwards.
Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
Please include the following reports for further review, and so we may continue cleansing the system:
C:\ComboFix.txt
A variant from the Alureon family.
Here is the Combofix log. Thanks again for all the help.
Now, when you reboot Windows, you’ll see it briefly displays the following:
Using the arrow keys on your keyboard to choose the first item: Microsoft Windows Recovery Console.
After entering the RC (Recovery Console) it is necessary to click 1 and you press Enter:
It is necessary to enter password the Administrator account
If the administrator password not, just press Enter
When the screen is written C: \ Windows> _ Type the following command:
fixmbr
If you are prompted: Are you sure you want to write a new MBR, click:
Y
Shortly after that the screen will show: The new master boot record has been successfully written.
Attachment Images