After R&RMF (whew!) we're better, but still get a page redirect...

Discussion in 'Malware Help (A Specialist Will Reply)' started by RogerN, Apr 2, 2010.

  1. RogerN

    RogerN Private E-2

    Greetings, and thanks for your help.

    After going thought the Run & Read Me First steps, I (ok, we; thank you again) seem to have cleaned up a lot of Bad Behavior on my PC. It took almost 24 hours, but it helped. I had tried just about everything.

    Now, I still have a constant page redirect going in Firefox, when i click on a link to another URL. I have redirect turned off in FF, so it never gets there. I have to cut and paste the link URL in the address box to go there.

    This misbehavior started about three weeks ago or so, after visiting that ring of time-wasting sites that include 'Facebook fails' and 'There I fixed it' dot coms... whatever.

    I ran a lot of antivirus apps before coming here, and played cat and mouse with it for weeks.

    So.....:

    1. During the R&RMF process, I ran SuperAntiSpyware - no problems found.

    2. Then, a system error message pops up:

    Generic Host Process for Win32 Services

    Generic Host Process for Win32 Services has encountered a problem and needs to close....

    Details....

    Generic Host Process for Win32 Services
    Error Signature
    szAppName : svchost.exe szAppVer : 5.1.2600.2180 szModName : mshtml.dll
    szModVer : 6.0.2900.2180 offset : 001f57fa

    To view technical information about the report, click here;

    The following files will be included in this error report:
    C:\DOCUME~1\Owner\LOCALS~1\Temp\WER459d.dir00\svchost.exe.mdmp
    C:\DOCUME~1\Owner\LOCALS~1\Temp\WER459d.dir00\appcompat.txt

    3. The rest of the steps went well...

    4. I didn't have the Windows XP Recovery console. Combofix couldn't download it while running due to a lost connection. So, after running ComboFix, I downloaded and dropped the WinXP SP2 file on it. ComboFix restarted the scan. That wasn't documented, but it seemed harmless enough.

    5. The R&RMF process requests I provide you with all 5 logs; it seems vBulletin configuration only allows 4, so I have zipped them as one.

    - Thanks again for your help -

    RogerN
     

    Attached Files:

    RogerN, Apr 2, 2010
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    You have left overs from McAfee that need to be cleaned up. Please run the below:

    McAfee Consumer Product Removal Tool


    Now go to TDSSKiller and Download TDSSKiller.zip to your Desktop
    • Extract its contents to your Desktop so that you have TDSSKiller.exe directly on your Desktop and not in any subfolder of the Desktop.
    • Click Start > Run and copy/paste the following bold command into Run box and hit Enter.
    "%userprofile%\Desktop\TDSSKiller.exe" -v
    • Follow the instructions to type in "delete" when it asks you what to do when if finds something.
    • When done, a log file should be created on your C: drive named something like TDSSKiller.2.1.1_27.12.2009_14.17.04_log.txt which is based on the program version # and date and time run. Please attach this log to your next reply. (See: HOW TO: Attach Items To Your Post )


    Are you still having problems?
     
    chaslang, Apr 2, 2010
    #2
  3. RogerN

    RogerN Private E-2

    Thank you, Chas....

    I ran both. rebooted between... nothing to delete, yet.

    I've attached the TDSSKiller log file... - r
     

    Attached Files:

    RogerN, Apr 2, 2010
    #3
  4. RogerN

    RogerN Private E-2

    Wow, my time to edit my previous post has expired quickly.

    I have just realized that the R&RMF process may have been successful; I have been limiting my testing to MSN and my work email, both of which legitimately use redirecting. a lot.

    So, my FF check box to warn of redirects may be giving me false positives; I got brave, and so far, they have all been legitimate.

    If it continues to behave, I guess I need to move on to the cleanup process, eh?

    After doing my happy dance, of course, and thanking you profusely.

    thanks again, - r



    Thank you, Chas....

    I ran both. rebooted between... nothing to delete, yet.

    I've attached the TDSSKiller log file... - r
     
    RogerN, Apr 2, 2010
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome.

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    3. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /uninstall
        • Notes: The space between the combofix" and the /uninstall, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
    4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    7. Go to add/remove programs and uninstall HijackThis.
    8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures pointed to by step 6 of the READ ME for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    10. After doing the above, you should work thru the below link:
     
    chaslang, Apr 2, 2010
    #5

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds