Sign in with
Sign up | Sign in
Your question

Infected and cannot find a solution

Last response: in Windows XP
Share
December 28, 2010 3:08:22 PM

I have something that is re-directing my search engines, blocking Windows updates, blocking Microsoft Security Essentials updates, blocking live protection in Symantec, and turning off firewalls.

I have tried:

Spybot
Avira
Microsoft Security Essentials
Trojan Remover
Symantec AV Corp
Trend Micro

Latest is Combofix

All come back clean and yet I still have the same issues listed above.

Is there any help I can try?

Thank you in advance.


Mike

More about : infected find solution

a b 8 Security
December 28, 2010 3:19:44 PM

Run through each step from the malware guide in my signature.

I see that you've already used some of the tools mentioned in the guide, but the way they are ran makes a difference.
m
0
l
December 28, 2010 5:45:20 PM

First off, thank you!

I ran through the guide you posted and only ran into connectivity issues with MSE after everything else was done (It would not "start now")

After doing the list twice in safe mode I still get random windows opening, Google still does not go to the link it is pointing to (random) and MSE cannot update (error code 0x80080005 about not being connected to the internet). It does turn green now but still has old update of 12/21 on it. Also tried Windows Update with same connection issues.

However, I did be able to open AV and update, and all of my PC functions are a lot faster now.

Any other thoughts appreciated.

Mike
m
0
l
Related resources
December 28, 2010 6:19:21 PM

You forgot MalwareBytes AntiMalware, my friend ;) 
m
0
l
a b 8 Security
December 28, 2010 6:19:52 PM

Did you use superantispyware as well? Did you make sure to update each scanner before scanning?

Here is a nice boot disc, that will allow you to scan from outside windows.
http://free.avg.com/us-en/226162

Another option, is to slave the hard drive into another computer, and scan it from there.
m
0
l
a b 8 Security
December 29, 2010 12:30:20 AM

Quote:
Download combofix from bleepingcomputer.com. It won't survive that


That's one of the steps in the malware guide.
m
0
l
December 29, 2010 11:50:50 AM

Psychoteddy said:
You forgot MalwareBytes AntiMalware, my friend ;) 



MalewareBytes is step one of the instructions. So I have done everything then except pull the HD.
m
0
l
December 29, 2010 11:53:04 AM

OH fail, I didn't see that you went through the guide. XD

Try changing your DNS to Google's DNS and see if it still does it.

Addresses:
8.8.8.8
8.8.4.4
m
0
l
December 29, 2010 12:34:51 PM

Done, same results.

Thanks
m
0
l
December 29, 2010 1:28:22 PM

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Home>tracert 8.8.8.8

Tracing route to google-public-dns-a.google.com [8.8.8.8]
over a maximum of 30 hops:

1 7 ms 1 ms 1 ms 192.168.10.1
2 3 ms 2 ms 1 ms 192.168.0.1
3 40 ms 39 ms 39 ms mpls-dsl-gw41-233.mpls.qwest.net [207.225.140.23
3]
4 41 ms 40 ms 39 ms mpls-agw1.inet.qwest.net [75.168.229.65]
5 50 ms 50 ms 50 ms chx-edge-03.inet.qwest.net [67.14.38.1]
6 50 ms 50 ms 50 ms 72.14.214.78
7 50 ms 55 ms 50 ms 72.14.236.178
8 61 ms 61 ms 61 ms 72.14.232.141
9 74 ms 60 ms 60 ms 209.85.241.35
10 68 ms 71 ms 71 ms 72.14.239.189
11 61 ms 61 ms 61 ms google-public-dns-a.google.com [8.8.8.8]

Trace complete.

C:\Documents and Settings\Home>tracert www.google.com

Tracing route to www.l.google.com [209.85.225.104]
over a maximum of 30 hops:

1 1 ms 1 ms 1 ms 192.168.10.1
2 2 ms 1 ms 1 ms 192.168.0.1
3 40 ms 39 ms 40 ms mpls-dsl-gw41-233.mpls.qwest.net [207.225.140.23
3]
4 40 ms 43 ms 39 ms mpls-agw1.inet.qwest.net [75.168.229.65]
5 50 ms 49 ms 49 ms chx-edge-03.inet.qwest.net [67.14.38.1]
6 50 ms 49 ms 50 ms 72.14.214.78
7 50 ms 49 ms 49 ms 72.14.236.178
8 66 ms 61 ms 61 ms 72.14.232.141
9 61 ms 61 ms 60 ms 209.85.241.35
10 71 ms 61 ms 69 ms 72.14.239.18
11 61 ms 61 ms 61 ms iy-in-f104.1e100.net [209.85.225.104]

Trace complete.

C:\Documents and Settings\Home>
m
0
l
December 29, 2010 1:55:53 PM

Interesting... It's not a DNS hi-jacker like I thought it was...

Might be a root kit... :\
m
0
l
a b 8 Security
December 29, 2010 2:29:43 PM

If you're still getting hijacked, I think you should use superantispyware (if you haven't already) in safe mode with networking.

If that doesn't get the infection, use the AVG boot disc to scan for infections.
m
0
l
!