Browser Redirecting. Suspect Malware

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by RobsanX, Jan 9, 2009.

  1. RobsanX

    RobsanX Private E-2

    Hello,

    The browser on my computer at home is having major redirecting problems. It won't even go to sites I want when I enter them into the address bar, including this site.

    I plan to follow all the instructions in the Malware Removal Guide when I get home from work. Last night I tried to install HJT, but it just stalled. My question is will I be able to use the Malware Removal Guide if I can't get HJT or other programs to install?

    I will be back in a few hours, so if you would rather wait to reply until I have specific issues, then I understand.

    Thanks for the help you provide!
     
    RobsanX, Jan 9, 2009
    #1
  2. RobsanX

    RobsanX Private E-2

    I'll try to be as detailed as possible. This all started when my on 1/8/09 when my browser (Firefox and IE) started redirecting on Google and Yahoo! searches. I also noticed that I can't type web addresses directly into the address bar.

    I was running AVG free edition, but it didn't pick up anything. I reinstalled Zonealarm, but it wouldn't update. I reinstalled Norton 360, but it wouldn't update. I think this malware is blocking certain internet access.

    I tried every step in the Malware Removal Guide, and here are the results. SAS installed, but won't run. SpyBot S&D won't install because it can't connect to the server. MBAM installed, but won't run. Combofix installed but won't run. MGTools ran, and I have posted the Log files.

    Thanks for your help!
     

    Attached Files:

    RobsanX, Jan 10, 2009
    #2
  3. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You are not giving me much to work with, but lets do this:

    Download and Install Registrar Lite.

    Run Registrar Lite navigate to the following keys and take ownership of them (explained further

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDSERVICE]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDSERVICE\0000]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDSERVICE]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDSERVICE\0000]


    To take ownership of the key do the following:

    * Copy & Paste one registry key from above into the address bar of Registrar Lite and hit the enter key. This will bring you to the regitry key.
    * Click-on Security in the Menu
    * Select Take Ownership
    * Now right click on the registry key and select delete
    * Repeat for all registry keys
    * Tell me the results. Any errors?

    Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    Now reboot and see if you can run the other scans.

    Also run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file.
     
    TimW, Jan 12, 2009
    #3
  4. RobsanX

    RobsanX Private E-2

    Thanks for your reply! I was able to get all the programs in the Malware Removal Guide working. Here are my most current logs. The earlier logs show a bunch of malware, and I will post them if you think it's necessary...
     

    Attached Files:

    RobsanX, Jan 13, 2009
    #4
  5. RobsanX

    RobsanX Private E-2

    Last log
     

    Attached Files:

    RobsanX, Jan 13, 2009
    #5
  6. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Your logs are clean......are you still having any issues?
     
    TimW, Jan 15, 2009
    #6
  7. RobsanX

    RobsanX Private E-2

    Everything seems fine.
     
    RobsanX, Jan 15, 2009
    #7
  8. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Sweet ....If you are not having any other malware issues, then:

     
    TimW, Jan 16, 2009
    #8
  9. RobsanX

    RobsanX Private E-2

    Thank you very much!
     
    RobsanX, Jan 16, 2009
    #9
  10. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You are most welcome...safe surfing. :)
     
    TimW, Jan 16, 2009
    #10

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds