system
1
Hi,
Looks like we’ve been hit with this same Google redirect malware that so many other here have. Humbly requesting help. Attached is the OTS log.
Thanks
system
2
Start OTS. Copy/Paste the information in the quotebox below into the panel where it says “Paste fix here” and then click the Run Fix button.
[Unregister Dlls]
[Registry - Safe List]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {5C255C8A-E604-49b4-9D64-90988571CECB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
[Files/Folders - Modified Within 30 Days]
NY -> ~16375588 -> C:\Documents and Settings\All Users\Application Data\~16375588
NY -> ~16375588r -> C:\Documents and Settings\All Users\Application Data\~16375588r
NY -> 16375588 -> C:\Documents and Settings\All Users\Application Data\16375588
[Files - No Company Name]
NY -> Microsoft Security Essentials.lnk -> C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
NY -> ~16375588 -> C:\Documents and Settings\All Users\Application Data\~16375588
NY -> ~16375588r -> C:\Documents and Settings\All Users\Application Data\~16375588r
NY -> 16375588 -> C:\Documents and Settings\All Users\Application Data\16375588
[Empty Temp Folders]
[EmptyFlash]
[Reboot]
The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here
I will review the information when it comes back in.
system
3
Thanks - here’s the information from the log file. (The “Avast blocked 64.211…” pop-up and re-direct is still happening though).
system
4
Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it
Click the “Scan” button to start scan
http://i1224.photobucket.com/albums/ee362/Essexboy3/aswMBR2-1.gif
On completion of the scan click save log, save it to your desktop and post in your next reply
http://public.avast.com/~gmerek/aswMBR2.png
system
5
Thanks again - here’s the results from the scan.
system
6
MBR:Sst [Rtk] - what is a beast? This is something new or what?
system
7
Please visit this webpage for download links, and instructions for running ComboFix tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please ensure you read this guide carefully and install the Recovery Console first.
The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
Once installed, you should see a blue screen prompt that says:
The Recovery Console was successfully installed.
Please continue as follows:
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
Remember to re-enable them afterwards.
Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
Please include the following reports for further review, and so we may continue cleansing the system:
C:\ComboFix.txt
A variant from the Alureon family.
system
9
Here is the Combofix log. Thanks again for all the help.
system
10
Now, when you reboot Windows, you’ll see it briefly displays the following:
Using the arrow keys on your keyboard to choose the first item: Microsoft Windows Recovery Console.
After entering the RC (Recovery Console) it is necessary to click 1 and you press Enter:
It is necessary to enter password the Administrator account
If the administrator password not, just press Enter
When the screen is written C: \ Windows> _ Type the following command:
fixmbr
If you are prompted: Are you sure you want to write a new MBR, click:
Y
Shortly after that the screen will show: The new master boot record has been successfully written.
Attachment Images