Same issues as everyone else. Bing searched being redirected, avast catching the 64.111.211.158 IP address. No virus scans finding anything. Chrome, Firefox and system restore disabled… wheeee!! Running OST and will paste find in next post.
My log file
Possibly infected by Olmarik.
Please download aswMBR from here > http://public.avast.com/~gmerek/aswMBR.htm
1)Double click the aswMBR.exe to run it
2)Click the [Scan] button to start scan
3)On completion of the scan click [Save log], save it to your desktop and post in your next reply
I have to go now,i’ll be back in 5 hours.Stupid foreign languages ;D
Hi there are you missing some files and folders ?
Download Unhide.exe to your desktop and run
THEN
Download RogueKiller to your desktop
[*]Quit all running programs
[*]For Vista/Seven, right click → run as administrator, for XP simply run RogueKiller.exe
[*]When prompted, type 6 and validate
[]The RKreport.txt shall be generated next to the executable.
[]If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.
FINALLY
Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it
Click the “Scan” button to start scan
http://i1224.photobucket.com/albums/ee362/Essexboy3/aswMBR2-1.gif
On completion of the scan click save log, save it to your desktop and post in your next reply
Here are both logs.
And the other log
1.try downloading dr.web from here.
www.freedrweb.com/?lng=en
2.do a full scan and i am sure it will find it and u should choose to cure it.
3.once done post logs on next comment and tell me whether this worked or not.
Hi Chibi1015,
Go and read the proposed cleansing here: http://www.bleepingcomputer.com/forums/topic407933.html
and then I will ask essexboy to give you instructions how to proceed with this
so-called Vista repair virus or 64dot111dot211dot158 redirect virus,
polonus
Hi now you have your files and folders back -lets check out those suspicious files. Just one will do I feel
[]Make sure to use Internet Explorer for this
[]Please go to VirSCAN.org FREE on-line scan service
[*]Copy and paste the following file path into the “Suspicious files to scan” box on the top of the page:
[*]C:\Windows\System32\drivers\wimmount.sys
[*]Click on the Upload button
[*]If a pop-up appears saying the file has been scanned already, please select the ReScan button.
[*]Once the Scan is completed, click on the “Copy to Clipboard” button. This will copy the link of the report into the Clipboard.
[*]Paste the contents of the Clipboard in your next reply.
THEN
Could you run a fresh OTS log for me please and let me know what problems you currently have
Apparently these scans found nothing
VirSCAN.org Scanned Report :
Scanned time : 2011/07/10 23:30:47 (EDT)
Scanner results: Scanners did not find malware!
File Name : wimmount.sys
File Size : 19008 byte
File Type : PE32 executable for MS Windows (native) Intel 80386 32-bit
MD5 : 5cf95b35e59e2a38023836fff31be64c
SHA1 : a332e9956744c2e03a7afe150eecd90fc92f03d5
Online report : http://file.virscan.org/report/cba441367c62323289467ace313e4dd6.html
Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.1.0.3 20110711022251 2011-07-11 40.13 -
AhnLab V3 2011.07.11.00 2011.07.11 2011-07-11 40.16 -
AntiVir 8.2.6.6 7.11.11.47 2011-07-11 0.27 -
Antiy 2.0.18 20110205.7694535 2011-02-05 0.12 -
Arcavir 2011 201105080215 2011-05-08 0.03 -
Authentium 5.1.1 201107101511 2011-07-10 1.50 -
AVAST! 4.7.4 110710-1 2011-07-10 0.01 -
AVG 8.5.850 271.1.1/3757 2011-07-11 0.27 -
BitDefender 7.90123.8484597 7.38243 2011-07-11 4.34 -
ClamAV 0.96.5 13304 2011-07-10 0.01 -
Comodo 4.0 9344 2011-07-10 40.10 -
CP Secure 1.3.0.5 2011.07.09 2011-07-09 0.04 -
Dr.Web 5.0.2.3300 2011.07.11 2011-07-11 13.75 -
F-Prot 4.4.4.56 20110710 2011-07-10 1.48 -
F-Secure 7.02.73807 2011.07.11.01 2011-07-11 0.18 -
Fortinet 4.2.257 13.421 2011-07-10 40.09 -
GData 22.876/22.216 20110711 2011-07-11 40.09 -
ViRobot 20110709 2011.07.09 2011-07-09 40.09 -
Ikarus T3.1.32.20.0 2011.07.11.78799 2011-07-11 4.84 -
JiangMin 13.0.900 2011.07.10 2011-07-10 40.09 -
Kaspersky 5.5.10 2011.07.11 2011-07-11 0.14 -
KingSoft 2009.2.5.15 2011.7.10.9 2011-07-10 40.19 -
McAfee 5400.1158 6403 2011-07-10 9.37 -
Microsoft 1.7000 2011.07.11 2011-07-11 40.09 -
NOD32 3.0.21 6265 2011-07-04 0.00 -
Norman 6.07.10 6.07.00 2011-07-10 10.01 -
Panda 9.05.01 2011.07.10 2011-07-10 40.09 -
Trend Micro 9.200-1012 8.280.01 2011-07-10 0.05 -
Quick Heal 11.00 2011.07.09 2011-07-09 40.21 -
Rising 20.0 23.65.04.03 2011-07-08 40.15 -
Sophos 3.20.2 4.66 2011-07-11 3.96 -
Sunbelt 3.9.2497.2 9829 2011-07-10 40.20 -
Symantec 1.3.0.24 20110710.003 2011-07-10 0.65 -
nProtect 20110601.01 3460661 2011-06-01 40.10 -
The Hacker 6.7.0.1 v00252 2011-07-10 40.09 -
VBA32 3.12.16.4 20110708.1439 2011-07-08 4.61 -
VirusBuster 5.3.0.4 14.0.117.0/56023182011-07-10 0.00 -
That is a false positive as I have one as well now ;D
Are you still getting redirects ?
If so I would like to try something
Please read carefully and follow these steps.
[*]Download TDSSKiller and save it to your Desktop.
[*]Extract its contents to your desktop.
[*]Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillermain.png
[*]If an infected file is detected, the default action will be Cure, click on Continue.
http://i1224.photobucket.com/albums/ee362/Essexboy3/TDSSKillerMal-1.png
[*]If a suspicious file is detected, the default action will be Skip, click on Continue.
http://i1224.photobucket.com/albums/ee362/Essexboy3/TDSSKillerSuspicious.png
[*]It may ask you to reboot the computer to complete the process. Click on Reboot Now.
http://i1224.photobucket.com/albums/ee362/Essexboy3/TDSSKillerCompleted.png
[*]If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
[*]If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of “TDSSKiller.[Version][Date][Time]_log.txt”. Please copy and paste the contents of that file here.
It found nothing… nothing in thereport either. I’m still getting redirects, along with blocked malicious websites trying to popup, Malwarebytes, Firefox and system restore are all being blocked still.
You can try advise from
http://forum.avast.com/index.php?topic=81439.msg665856#msg665856
rerun aswMBR, use FixMBR button and reboot.
After reboot rerun aswMBR, select AV engine: (none), make Scan - it will be fast, save the log and post it.
Before you run Dr Web
Re-Run aswMBR
Click Scan
On completion of the scan
Click the FIXMBR Button
http://public.avast.com/~gmerek/aswMBR4.png
Reboot and run a fresh aswMBR scan
Save the log as before and post in your next reply
Hey, I’m a friend of Chibi’s and tried to get rid of this myself. I wasn’t sure what exactly was happening to her computer, so I installed AVG, uninstalling Avast to do so. After trying that, I was pointed to this forum and this thread.
I ran the scan and clicked FixMBR, then rebooted it. But I can’t get the 2nd scan done, because it keeps crashing and Blue Screening on me. Should I put Avast back on, or continue trying to get this log to share?
Keep trying to scan, keep crashing before it’s finished. Gah!
Could you download the latest version. Also what are the current problems ?
Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it
Click the “Scan” button to start scan
http://i1224.photobucket.com/albums/ee362/Essexboy3/aswMBR2-1.gif
On completion of the scan click save log, save it to your desktop and post in your next reply
Here’s the log, I’m sorry it took so long. It kept crashing on me.
Hi you did not download a new copy - you are still running the old version. The new version is 0.9.7.747
My apologies, I thought you meant the new version of Avast. Scanning now. And the problems are that it’s redirecting to other sites, as well as it continually crashes. It’s the same problems as before unfortunately.