Persistant redirection....help

jmacart · Oct 31, 2008

Greetings Team,

Alas our meeting comes about due to my having a browser(s) which is encountering persistant search redirects. I have some small technical ability but have run full process as stated here in forum; super antispyware, spybot, malwarebytes, combofix, and MGTools, and still there are issues. I have attached logs for malwarebytes, combofix, and mgtools - most recent version of superantispyware detected no entities. I see in the Hijackthis log file, entries that I had thought cleared earlier so I can't identify the source of the reinfestation.

Many Thanks.

jmacart · Oct 31, 2008

Re: Persistant redirection....help...further

Hi, I'm unsure if any of the viewers of my dilemma are trying to assist yet but in reading I've noticed that the most value in troubleshooting is in the first malwarebytes log file so I'm reposting the logs when first run prior to working through your xp fix files. Java has also been all updated. I've also included the SuperAntiSpyware log that indicated no issues just to be complete. Please let me know if someone is working on this please, I can be patient if so.

Thanks to all who are doing this good work for the community.

Jon

chaslang · Nov 2, 2008

Welcome to Major Geeks!

Are you still really having problems? If so, with what browser and where are you being redirected to and how often does it happen.

The only issues I see are the below:

you did not put your system into Normal Startup mode with MSconfig as requested in step 1 of the READ & RUN ME.

the below two files are questionable. Did you save them here? If not then I suggest you delete them.
Code:
2008-09-28 17:44 .2008-09-28 17:44 1,130,868 --a- C:\WINDOWS\system32\xa6999859.exe
2008-09-28 17:44 .2008-09-28 17:44 1,130,868 --a- C:\WINDOWS\system32\xa6999484.exe
And the below Browser Helper Object and Toolar are not recommended. Did you install these:

O2 - BHO: The Pirate Bay Toolbar - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Program Files\The_Pirate_Bay\tbThe0.dll
O3 - Toolbar: The Pirate Bay Toolbar - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Program Files\The_Pirate_Bay\tbThe0.dll

jmacart · Nov 2, 2008

Thanks for your reply -

Sheepish smile - I'm sorry I missed step 1!
I will repeat if problems manifest again, clear for this instant...

I've scrubbed ad cleaned and turned off system restore, used ccleaner, malwarebytes (found more perils, successfully removed, but having re-written themselves back in between my plea to you and now...), and SuperAntiSpyware.

IE7 now smooth with google searches etc. Search redirect had happened in IE7, Firefox and Safari all on this same box (is Safari a security hazard?). Performance of Safari and Firefox only mildly affected - progressing with use but IE 7 being primary was redirecting every search...it was infuriating.

Will remove the exe's you've indicated as I have no familiarity with them.

And yes, the BHO and toolbar were installed by me but are being removed if considered questionable as well.

Will respond if all is well in next couple days - thanks for all your help so far and fingers crossed. Should I set to normal startup and repeat exercises?

Very grateful

Jon

chaslang · Nov 3, 2008

jmacart said: ↑

(is Safari a security hazard?)
Click to expand...

No more than any other browser.

If you are not having any other malware problems, it is time to do our final steps:

We recommed you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.

If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)

Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required

"%userprofile%\Desktop\combofix" /u

Notes: The space between the combofix" and the /u, it must be there.

This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.

Delete the C:\combofix folder from combofix (if it exists)

Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.

If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.

If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.

Go to add/remove programs and uninstall HijackThis.

You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip

If you are running Vista, Windows XP or Windows ME, do the below:

Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.

Then reboot and Enable System Restore to create a new clean Restore Point.

After doing the above, you should work thru the below link:

How to Protect yourself from malware!

Log in or Sign up

Persistant redirection....help

jmacart Private E-2

Attached Files:

mbam-log-2008-10-31 (03-33-24).txt

combofixlog.txt

MGlogs.zip

jmacart Private E-2

Attached Files:

mbam-log-2008-10-29 (14-36-41).txt

SUPERAntiSpyware Scan Log - 10-31-2008 - 00-30-25.log

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

jmacart Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member