Browser Runs Slow, Redirects

Discussion in 'Malware Help (A Specialist Will Reply)' started by Inkpat, Oct 7, 2012.

  1. Inkpat

    Inkpat Private E-2

    I read, in detail your malware removal tips, however I was unable to run either the Kapersky or Norton "Fix TDSS" utilities. (They downloaded, but would not "run").

    The only utility I was able to use was Rogue Killer. Attached is the report.

    I'd appreciate your help to eliminate whatever is sucking energy from the browser and causing redirects when links are hit from Google/Yahoo searches.

    RogueKiller V8.1.1 [10/03/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : - [Admin rights]
    Mode : Remove -- Date : 10/07/2012 11:26:14

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 3 ¤¤¤
    [TASK][SUSP PATH] {7EB917E2-0C33-467A-9ED0-AD7DA6434A33} : C:\Windows\system32\pcalua.exe -a "C:\Users\-\AppData\Local\Temp\Temporary Internet Files\Content.IE5\7990YWB4\sp46115[1].exe" -d C:\Users\-\Desktop -> DELETED
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NOT SELECTED
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NOT SELECTED

    ¤¤¤ Particular Files / Folders: ¤¤¤
    [ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-18\$b249f704fbf015e6569a3825c6ddcea2\@ --> REMOVED
    [ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-3041954770-2689275738-3687636849-1000\$b249f704fbf015e6569a3825c6ddcea2\@ --> REMOVED
    [ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$b249f704fbf015e6569a3825c6ddcea2\U --> REMOVED
    [ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-3041954770-2689275738-3687636849-1000\$b249f704fbf015e6569a3825c6ddcea2\U --> REMOVED
    [ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$b249f704fbf015e6569a3825c6ddcea2\L --> REMOVED
    [ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-3041954770-2689275738-3687636849-1000\$b249f704fbf015e6569a3825c6ddcea2\L --> REMOVED

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ Infection : ZeroAccess ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts



    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: WDC WD10 EADS-65M2B1 SCSI Disk Device +++++
    --- User ---
    [MBR] 5fa2535f69df37d700a9802471df133c
    [BSP] c937b9d67ca80805bb3858a47a09b879 : Windows Vista/7 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 942592 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1930635264 | Size: 11161 Mo
    3 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 1953495040 | Size: 10 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Finished : << RKreport[2].txt >>
    RKreport[1].txt ; RKreport[2].txt
     
    Inkpat, Oct 7, 2012
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Please attach your logs. Don't copy and paste them inline.

    You still need to try running MBAM as well as MGTools.
     
    TimW, Oct 7, 2012
    #2
  3. Inkpat

    Inkpat Private E-2

    As attached
     

    Attached Files:

    Inkpat, Oct 8, 2012
    #3
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    I am not seeing any malware in those logs. Let's just clean up this:

    Copy just the bold text below to notepad (Do not include any space above the word REGEDIT). Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    Make sure that you tell me if you receive a success message about adding the above
    to the registry. If you do not get a success message, it definitely did not work.

    Now tell me what issues remain, if any.
     
    TimW, Oct 8, 2012
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You need the log from Hitman that we ask for. Also note the below in sysinfo.txt
    Code:
    Partition Disk #0, Partition #3 
Partition Size 10.00 MB (10,485,760 bytes) 
Partition Starting Offset 1,000,189,460,480 bytes
    I would also see if TDSSKiller will run in safe boot mode.
     
    chaslang, Oct 8, 2012
    #5
  6. Inkpat

    Inkpat Private E-2

    I ran HitmanPro, expecting to produce a log ( it didn't), but accidentally deleted the only threat it found listed as "Master Boot Record 0, C$MBR" and described as Malware. The redirect and slow internet operation was cured immediately. Any other advice to wrap this up?
     
    Inkpat, Oct 9, 2012
    #6
  7. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Just to be sure, please run: Please also download MBRCheck to your desktop
    • Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
    • It will show a Black screen with some information that will contain either the below line if no problem is found:
      • Done! Press ENTER to exit...
    • Or you will see more information like below if a problem is found:
      • Found non-standard or infected MBR.
      • Enter 'Y' and hit ENTER for more options, or 'N' to exit:
    • Either way, just choose to exit the program at this point since we want to see only the scan results to begin with.
    • MBRCheck will create a log named similar to MBRCheck_07.16.10_00.32.33.txt which is random based on date and time.
    • Attach this log to your next message.
     
    TimW, Oct 10, 2012
    #7

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds