Anybody dealt with the redirect virus?

[harley]

Quote:

Originally Posted by travelover Thanks for the suggestions so far, but I have to admit, many of you are way over my head.

Seriously, downloading, installing and running TDSSKiller and then clicking on the "Fix It" button I listed previously is really easy. I'd say you'd have a 90% chance of getting rid of the rootkit that way. If it doesn't work, you can always shoot it.

Regarding the rollback option others referred to, I didn't have any luck with that. If you have a complete restore image to go back to, that would be good. But just doing a system restore to a month previous didn't get rid of the problem for me. I'm not sure exactly what gets overwritten in the restore, but it didn't clear the rootkit on my computers. But TDSSKiller and resetting the hosts file did. Good luck.

[travelover]

Well so far I've run MicrosoftFixit50267, rkill and tdsskiller and no joy. Now where is that durn .45?

[easysurfer]

Quote:

Originally Posted by travelover Well so far I've run MicrosoftFixit50267, rkill and tdsskiller and no joy. Now where is that durn .45?

The next questions (which you probably don't want to hear ):

1) Do you have your data backed up to an external drive?

2) Do you have a restore disc for you system or a clean image of your hard drive?

I've had situations before when totally stuck, it was faster to just make sure my data safe externally, then roll up my sleeves and spend a day or two redoing my system.

Before 1 and 2 above, can you reset your browser? I use Internet Explorer and sometimes when things get messed up there's a browser reset option.

[oldtrig]

Hello travelover. Here is what I suggest. Go to this website,
Virus, Spyware and Malware Removal - Smartest Computing

Create Account and let them fix it for you. They do not charge and I can tell you Broni is the best on the internet for things like you have on your PC. Just make sure you read the instructions before posting a logfile. Tell him in your first post exactly what the PC is doing. I will guarantee he will get it fixed. When he gets it going you might want to donate a small fee. I do anyway.



I have worked on computers for 15 years and repaired more than I can remember
I can do most of what Broni does but he has much more experience than I do on the latest bad things. Please let me know how you come out on this. oldtrig

[powerplay]

Here is some info at fbi.gov about DNS changes. It appears it may be related to the problem the OP is having.

http://www.fbi.gov/news/stories/2011...er-malware.pdf

[Buckeye]

Quote:

Originally Posted by BigNick Go to Bleepingcomputer.com, download ComboFix, run, follow instructions, enjoy.

I used this about a year ago to fix my computer. I ran the ComboFix and a couple of other things over and over again. I finally cleaned things up. Messy.

[travelover]

Quote:

Originally Posted by easysurfer The next questions (which you probably don't want to hear ): 1) Do you have your data backed up to an external drive? 2) Do you have a restore disc for you system or a clean image of your hard drive? I've had situations before when totally stuck, it was faster to just make sure my data safe externally, then roll up my sleeves and spend a day or two redoing my system. Before 1 and 2 above, can you reset your browser? I use Internet Explorer and sometimes when things get messed up there's a browser reset option.

I do have a restore disc.

If I reset Firefox, will I lose my add ons? I depend on my Reminder Fox

[travelover]

Quote:

Originally Posted by Buckeye I used this about a year ago to fix my computer. I ran the ComboFix and a couple of other things over and over again. I finally cleaned things up. Messy.

I looked at this, but the warnings were kind of like those for explosive drain cleaner - for use by knowledgeable professionals only. I backed away.

[travelover]

Quote:

Originally Posted by travelover I looked at this, but the warnings were kind of like those for explosive drain cleaner - for use by knowledgeable professionals only. I backed away.

I should have heeded my own caution. I reset the restore point back a couple of weeks then downloaded Combofix. After I ran it, every time I clicked on an icon, I got an error message. I restarted the computer and Windows did some updates and things magically started to work - except Thunderbird. So I saved the T'bird profile and redownloaded it. My emails are back but now I'm struggling with resetting my remote account settings.

I wonder if we could fund an assassination squad for virus creators.

[easysurfer]

Quote:

Originally Posted by travelover I do have a restore disc. If I reset Firefox, will I lose my add ons? I depend on my Reminder Fox

I think you would lose the add ons. I know for IE, a reset brings IE back to like the first use. Remember to export your Firefox favorites to a backup too if you do a system restore so you can import the favorites back.

[travelover]

I think we can close this out. I don't seem to be getting redirects anymore.

Thanks for helping a technophobe.

[Buckeye]

Quote:

Originally Posted by travelover I looked at this, but the warnings were kind of like those for explosive drain cleaner - for use by knowledgeable professionals only. I backed away.

Yes, the warnings made me back away initially but nothing else worked and I was determined to fix the problem myself.

I didn't lose any data/files but I have sinced signed up for Carbonite.

[easysurfer]

Quote:

Originally Posted by travelover I think we can close this out. I don't seem to be getting redirects anymore. Thanks for helping a technophobe.

How did you end up fixing the problem? Glad that you are no longer getting redirected.

[travelover]

Quote:

Originally Posted by easysurfer How did you end up fixing the problem? Glad that you are no longer getting redirected.

• I reset my restore point back a couple of weeks
• Ran Combofix
• Repaired damage caused by Combofix.
• Had a cold one

[easysurfer]

Quote:

Originally Posted by travelover I reset my restore point back a couple of weeks Ran Combofix Repaired damage caused by Combofix. Had a cold one

I see. Thx for the info. I like your last bullet about having a cold one to celebrate.

[travelover]

As an observation from a non techie, I find my computer's ability to self diagnose and repair somewhat disappointing. I type a garbled series of letters into Google and it cyphers what I really want and gives me great suggestions. I click on an icon and my computer can't figure out that I want to execute the command that that icon has executed a 1000 times in the past.

Rant over.

[oldtrig]

Travelover, I give you the fix and you never responded to me. I am talking from 15 years of working of computers but I guess you did not want my advice. It is totally free and this person will take lots of time and get your computer 100% clean. These bad things get embedded in the registry and unless you let an expert clean it I would never trust that computer especially if you use online banking or buy things using a credit card. There are other tools you have to run when combofix is run. I would never advise anyone to use combofix without the help from an expert. I have seem more than once combofix totally trash a PC. I will also guarantee you that when the experts get through cleaning it will run like a new PC. All this for free but I understand if you do not want help. oldtrig

[travelover]

Quote:

Originally Posted by oldtrig Travelover, I give you the fix and you never responded to me. I am talking from 15 years of working of computers but I guess you did not want my advice. It is totally free and this person will take lots of time and get your computer 100% clean. These bad things get embedded in the registry and unless you let an expert clean it I would never trust that computer especially if you use online banking or buy things using a credit card. There are other tools you have to run when combofix is run. I would never advise anyone to use combofix without the help from an expert. I have seem more than once combofix totally trash a PC. I will also guarantee you that when the experts get through cleaning it will run like a new PC. All this for free but I understand if you do not want help. oldtrig

Sorry if you felt ignored. To you, posting a log file seems like a simple task. To me - "What the hell is a log file and where would I get it?"

I wasn't ignoring you, I was / am overwhelmed by this techno stuff.

[oldtrig]

I suggested you go to the site run by a friend of mine.
Virus, Spyware and Malware Removal - Smartest Computing
follow these steps
Before you post, please read this! - Smartest Computing
when you run the programs he tells about on this page you will get a log file. You would then copy and paste those files in your post.
You will have to do these
Malwarebytes (MBAM)


GMER
it will take a while to run this one and you cannot use the computer when it is running.
MBRCheck
DDS (2 logs)
I have did it many times and they always clean my computer perfect. I only suggested this because it works and I wanted you to have a clean computer that you would not fear using to do online banking and things like that.
If you need help I can help you do the posts. Please let me know.
Oldtrig

[travelover]

Quote:

Originally Posted by oldtrig I suggested you go to the site run by a friend of mine. Virus, Spyware and Malware Removal - Smartest Computing follow these steps Before you post, please read this! - Smartest Computing when you run the programs he tells about on this page you will get a log file. You would then copy and paste those files in your post. You will have to do these Malwarebytes (MBAM) GMER it will take a while to run this one and you cannot use the computer when it is running. MBRCheck DDS (2 logs) I have did it many times and they always clean my computer perfect. I only suggested this because it works and I wanted you to have a clean computer that you would not fear using to do online banking and things like that. If you need help I can help you do the posts. Please let me know. Oldtrig

Thanks a lot for your patience and helpfulness.