Infected and cannot find a solution

I have something that is re-directing my search engines, blocking Windows updates, blocking Microsoft Security Essentials updates, blocking live protection in Symantec, and turning off firewalls.

I have tried:

Spybot
Avira
Microsoft Security Essentials
Trojan Remover
Symantec AV Corp
Trend Micro

Latest is Combofix

All come back clean and yet I still have the same issues listed above.

Is there any help I can try?

Thank you in advance.


Mike
12 answers Last reply
More about infected find solution
  1. Run through each step from the malware guide in my signature.

    I see that you've already used some of the tools mentioned in the guide, but the way they are ran makes a difference.
  2. First off, thank you!

    I ran through the guide you posted and only ran into connectivity issues with MSE after everything else was done (It would not "start now")

    After doing the list twice in safe mode I still get random windows opening, Google still does not go to the link it is pointing to (random) and MSE cannot update (error code 0x80080005 about not being connected to the internet). It does turn green now but still has old update of 12/21 on it. Also tried Windows Update with same connection issues.

    However, I did be able to open AV and update, and all of my PC functions are a lot faster now.

    Any other thoughts appreciated.

    Mike
  3. You forgot MalwareBytes AntiMalware, my friend ;)
  4. Did you use superantispyware as well? Did you make sure to update each scanner before scanning?

    Here is a nice boot disc, that will allow you to scan from outside windows.
    http://free.avg.com/us-en/226162

    Another option, is to slave the hard drive into another computer, and scan it from there.
  5. Quote:
    Download combofix from bleepingcomputer.com. It won't survive that


    That's one of the steps in the malware guide.
  6. Psychoteddy said:
    You forgot MalwareBytes AntiMalware, my friend ;)



    MalewareBytes is step one of the instructions. So I have done everything then except pull the HD.
  7. OH fail, I didn't see that you went through the guide. XD

    Try changing your DNS to Google's DNS and see if it still does it.

    Addresses:
    8.8.8.8
    8.8.4.4
  8. Done, same results.

    Thanks
  9. Can you run a tracert to 8.8.8.8 and www.google.com? Post results here :)
  10. Microsoft Windows XP [Version 5.1.2600]
    (C) Copyright 1985-2001 Microsoft Corp.

    C:\Documents and Settings\Home>tracert 8.8.8.8

    Tracing route to google-public-dns-a.google.com [8.8.8.8]
    over a maximum of 30 hops:

    1 7 ms 1 ms 1 ms 192.168.10.1
    2 3 ms 2 ms 1 ms 192.168.0.1
    3 40 ms 39 ms 39 ms mpls-dsl-gw41-233.mpls.qwest.net [207.225.140.23
    3]
    4 41 ms 40 ms 39 ms mpls-agw1.inet.qwest.net [75.168.229.65]
    5 50 ms 50 ms 50 ms chx-edge-03.inet.qwest.net [67.14.38.1]
    6 50 ms 50 ms 50 ms 72.14.214.78
    7 50 ms 55 ms 50 ms 72.14.236.178
    8 61 ms 61 ms 61 ms 72.14.232.141
    9 74 ms 60 ms 60 ms 209.85.241.35
    10 68 ms 71 ms 71 ms 72.14.239.189
    11 61 ms 61 ms 61 ms google-public-dns-a.google.com [8.8.8.8]

    Trace complete.

    C:\Documents and Settings\Home>tracert www.google.com

    Tracing route to www.l.google.com [209.85.225.104]
    over a maximum of 30 hops:

    1 1 ms 1 ms 1 ms 192.168.10.1
    2 2 ms 1 ms 1 ms 192.168.0.1
    3 40 ms 39 ms 40 ms mpls-dsl-gw41-233.mpls.qwest.net [207.225.140.23
    3]
    4 40 ms 43 ms 39 ms mpls-agw1.inet.qwest.net [75.168.229.65]
    5 50 ms 49 ms 49 ms chx-edge-03.inet.qwest.net [67.14.38.1]
    6 50 ms 49 ms 50 ms 72.14.214.78
    7 50 ms 49 ms 49 ms 72.14.236.178
    8 66 ms 61 ms 61 ms 72.14.232.141
    9 61 ms 61 ms 60 ms 209.85.241.35
    10 71 ms 61 ms 69 ms 72.14.239.18
    11 61 ms 61 ms 61 ms iy-in-f104.1e100.net [209.85.225.104]

    Trace complete.

    C:\Documents and Settings\Home>
  11. Interesting... It's not a DNS hi-jacker like I thought it was...

    Might be a root kit... :\
  12. If you're still getting hijacked, I think you should use superantispyware (if you haven't already) in safe mode with networking.

    If that doesn't get the infection, use the AVG boot disc to scan for infections.
Ask a new question

Read More

Security Symantec Microsoft Security Essentials Windows XP