redirecting

hi ive been redirecting i have trying lost of different methods to try to remove it. check the host file, downloading anti-spyware/malware programs but nothing fixed the problem so i attached MBRCheck logs which did find somthing but i dont know what and im going to also attach HiJack This and one more thing when i tryed to run HiJack This an error poped up saying "For some reason your system denied write access to the Hosts file" and then instuctions on how to fix it. so it done the logs anyways.

 

sorry for the misspelling of some of the words...i dont proof read : )

 

Hi and welcome to Major Geeks, jkb002!

YOU HAVE AN INFECTED MASTER BOOT RECORD (MBR)!​

_________________________________________________________________​

WARNING​

MBR infections are only worsening and sometimes (rarely) make the computer unbootable after attempting to correct it. We recommend that you back up your data before hand. Then continue with the below if you wish to attempt to remove this infection:
_________________________________________________________________​

If you do not have your Vista DVD, you can create one with the Recovery Console (which is really all we need), here: Download Windows Vista 32-Bit (x86) Recovery Disc

1. Insert the DVD
2. Reboot your computer
3. At the Acer splash screen, press F12
4. This takes you to the Boot Menu
5. Select CD/DVD Rom from the selection by using the Down / up arrows
6. Press ENTER after you have selected the CD/DVD Rom drive.
7. You'll hear the DVD spinning up, be ready to press ANY key when you see the following message:

http://www.bleepstatic.com/tutorials/vista-repair-options/boot-from-cd-prompt.jpg

• This takes a while to load (30-45 seconds)
• When the below screen appears:

http://www.bleepstatic.com/tutorials/vista-repair-options/setup-option.jpg

• Choose Repair your computer
• Now you be presented with this screen:

http://www.bleepstatic.com/tutorials/vista-repair-options/system-recovery-options.jpg

• Press Next
• You will now see this screen below:

http://www.bleepstatic.com/tutorials/vista-repair-options/advanced-recovery-options.jpg

• Choose Command Prompt which is at the bottom of the list.
• A black box appears on top of the previous screen. This is the command prompt.
• Now type in: bootrec /fixmbr and press ENTER afterwards.
• Note: There is only a SPACE after bootrec
• Now you will see:
• http://img19.imageshack.us/img19/4114/operationcompletedsucce.png
• Type exit and press ENTER.
• Now restart your computer WITHOUT booting off the DVD again (don't press a key when it says... "press any key to boot from cd/dvd...")

Once back in Windows.. Re-run MBRCheck and attach its latest log.

Then I need you to go through the following: Fixing Google Redirection/hijacking and other redirection problems
Attach ALL the logs requested!

 

one quick question. i dont have the cd with me, so do i put the recovery download on a cd or can i use a flash drive

 

Yes, burn it as an image.

You can use ImgBurn
See the download links under this icon: http://forums.majorgeeks.com/chaslang/images/MGDownloadLoc.gif

Install ImgBurn by double-clicking SetupImgBurn_2.5.5.0.exe
Don't install the Ask toolbar that tries to install itself by default. (uncheck all of their boxes)
Then click the .iso file I linked you (after you have downloaded it)
Follow the rest of the prompts

 

so for some reason i cant get to the boot menu nor the recovery console any suggestions? i rebooted the computer and press f8 and click repair and it sent me back into the main computer screen like i went to normal startup and then i tryed going to the boot menu and same thing happened but ive not got the recovery disc burned yet waiting on a cd to get here, but ill try it with it in when i get it here later on in a few hours

 

Thanks for the heads up.

Also, F8 repair is not what I want you to do, it most likely will not work. In the majority of cases, the Master Boot Record needs to be fixed from a CD, while the hard drive is not active.

If you have some time, before your CDs arrive. Can you try the following? I would like to see if this program can detect your MBR infection as well.

Please download aswMBR by Avast! to your desktop.

• Double-click aswMBR.exe to run it (Vista and Win7 right-click and select Run as Administrator)
• Select No when asked Would you like to download latest Avast! virus definitions?
• Click the [Scan] button.
  Note: This scan should only take a few seconds to complete.
• On completion of the scan click [Save log], save it to your desktop and attach this log to your next message. (How to attach items to your post)

 

heres the file but it took awhile dont know if that makes i difference or not

 

If your CDs have not come in yet, reopen aswMBR and click [FixMBR].
Note: You may have to [Scan] first in order for this button to appear.
You will probably see something like the below picture:
http://img51.imageshack.us/img51/6964/rebootasapaswmbr.png
Do as aswMBR requests and reboot your PC

Once you've rebooted, rerun MBRCheck and attach its new log.

This will let us know if aswMBR was able to successfully restore a clean MBR WITHOUT having to use a boot CD.

 

k i pressed fix and this is what came up

"WARNING!!!

Writing a new master boot record to your system partition could damage your partition tables and cause your partitions to become inaccessible.

This application writes standard Windows MBR code.

Are you sure you want ot fix MRB?

yes or no"

so ill just wait to see what you think i should do before i continue

 

This is normal. Press Yes.

 

k aswMBR said Disk 0 windows 600 MBR fixed successfully so do i need to go ahead and reboot or just run another scan on MBRcheck, sorry i ask alot of questions just making sure i get everything right so we dont have to go thought all this work again or so i dont mess anything up more then it is already

 

No need to apologize. I prefer that you ask questions if you are uncertain about something.

Yes, please reboot and then rerun MBRCheck once the machine has been rebooted.

 

new MBRCHECK LOG

 

this may or may not be off subject but i keep get a popup tab and the addressed window says hxxp://results.googlesyndication.com it has been coming up more and more today didnt know if it had something to do with it.

 

It appears as though aswMBR failed to restore a clean MBR.
At this point I would wait for your CDs to arrive and try the method I mentioned in my very first post.

Remember, you still need to complete as much of this as possible: Fixing Google Redirection/hijacking and other redirection problems

Also, I am unsure about googlesyndication.

 

ok i burned the disc and reboot, hit f12 and nothing happened so i rebooted a second time to make sure i didnt hit the wrong button and still nothing, and im sure i done it right that time and it just sent me on through to the normal screen so once more i hit f2 instead and that menu came up and i noticed it had i boot menu in it can that work the same way for is f12 the only way?

 

The F12 button may not be enabled by default when it comes to Acer.
It sounds like you will have to go into the BIOS (F2) and change the boot order to where the PC will boot from CD/DVD Rom First, Hard Drive Second.

As long as you do this, you should be able to boot from the DVD.

 

k going thru f2 had no problems and i the did MBRCHECK again and here the new log

 

im going ahead to work on Fixing Google Redirection/hijacking and other redirection problems and i have step 1 done but step 2 i have a little router knowledge but im not sure if i can get it reset up so if u know any easy way to do that id really like your help if you have some input on router set up or if you know what info i need for it to be reset up i can write it down and try it out... this router is connected thru a modem into a belkin router so not sure what to do about it

 

K good, this log is clean. MBR infection is gone.

 

http://www.techsupportforum.com/2763-reset-for-linksys-netgear-d-link-and-belkin-routers/

Scroll down to How to Reset the Belkin Router to factory default?

 

ok after several hours of trying to reset my router i finally got back on the internet but apperently step 2 worked like a charm, so one more problem i have is i think i got the redirect virus from the desktop in the other room, so im guessing it traveled thru the router and infected my computer (a laptop) so question is was it in the router or the other computer. the reason i havent checked for it myself is because the desktop (which is what i think had the original virus on it) is not connected to the new router set up so i dont want to reinfect my computer. what do you think the next step should me

 

k nevermind, someone loaded up the desktop and it is also clean so reseting the router fix all the other problems that ive been having. THANK U SOOO MUCH

 

Good to hear. If any additional problems arise you know where to come

If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /uninstall
     • Notes: The space between the combofix" and the /uninstall, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
3. Go back to step 6 oof the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
7. Go to add/remove programs and uninstall HijackThis if it present
8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
   related to MGtools and some other items from our cleaning procedures.
9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning procedures pointed to by step 7 of the READ ME
     for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!