Help Please: I.E. keeps redirecting to secruityuptodate.com

I downloaded a virus a few days ago and have been trying to get rid of it ever since. I have Norton 2006, but that says there is no virus.

Everytime a start IE it goes to the homepage first, but then immediatly redirects to www.securityuptodate.com and tells me my computer is infected and the only way to get rid of it is to download one of 5 spyware programs: Pest Trap, Malware Wipe, Spy Guard, Brave Sentry, and AD protect. Sometimes there is also a warning popup which says i am infected with W32.Myzor.FK@yf and sometimes my system tray tells me i am infected with W32.hs.m2. I have looked for these viruses, but came up with nothing credible since i doubt a virus would tell me how to get rid of it.

Also if i go to any sites that requires me to sign up with a password like for this site. The first time i submit the information it just reopens the same page and i have to type in some of the info again. Then the second time i submit it goes through. It makes me think the virus is creating dummy pages and then send off my login and password info. I have not logged into anything important because of this.

I have done everything it says on the "Read this first" sticky:

0: cleaned everything i saw and emptied Quarantine

1: System restore is still enabled

2: Enabled hidden files so i could see them

3: I just have Norton and Ewido antivirus myself

4: Downloaded CCleaner, Adware, Window defender, windows malicious, spybot, and hijack this and updated all of them.

5: in basic safe mode (no internet) i ran CCleaner, windows malicious, Adware, Spybot, and microsoft defender in that order.

6: Ran Bitdefender and Panda and attached both of the files to this post.

7: I have downloaded hijackthis, ran it, and attached the file to this post.

8: I have also ran ewido which everytime i bootup it finds and blocks C:\WINNT\system32\atmclk.exe. It says it is a small trojan.

I have been at this for three days so any help or suggestions you can provide would be greatly appreciated.

My system spec are:

System: Microsoft XP professional
version 2002 Service Pack 2

Harware: Mobile Intel Pentium 4-M CPU 2.4GHZ
512 MB of RAM

Thank You

 

I looked at the IE more and found that it sometimes creates a blank page before the site loads. I tried to blank page solution on this forum and i think it solved teh problem. I wish i had tried this before. Thank you for the site it was a great help to me. Thank you again and keep up the great work.

 

Go ahead and post your logs if you have completed all the steps in the READ ME FIRST.

 

i thought i did. i posted the bdscan, panda scan as an attachment. Was there something else to post? I think i fixed it with the spyfalcon/quake fix though. Its not redirecting anymore at least.

 

Download
- Pocket Killbox

Since it appears that TRend Micro Housecall isn't installed, complete delete it's folder, and this one C:\Documents and Settings\Administrator\.housecall.

Rerun the SpywareQuake & SpyFalcon Removal Procedure.

Scan with HijackTHis and fix the following:

Now run Pocket Killbox:

Choose Tools -> Delete Temp Files and click the RED X.

Run Killbox.exe. Paste the below filenames into KILL BOX one at a time. Check mark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot. Note many of the file list below may not exist but we need to check for them anyway.

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

Now boot into SAFE MODE

Open ExplorerXP navigate to and DELETE the following: (Some of these may have already been deleted by Pocket Killbox)C:\WINNT\system32\wwexec.exe <<=== Delete the File. Only if you removed it in HJT.

Now run CCleaner. If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.

Then, as an added precaution, Go to Start -> Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

REBOOT to Normal Mode.

Post smitfiles.txt from the SpywareQuake procedure and a fresh HijackThis log.

 

I did everything you said. Reran the quake patch but i did not find any of the files to delete. THen i deleted those files with HJT and the rest of your post. I have attached the smit and HJT logs to this post. Thanks for this help.

 

Uninstall WeatherBug, unless it is the paid version.

Using Add or Remove Programs, uninstall everything from Viewpoint.

You HijackThis log is clean.

 

Thank you very much. You and this site were incredibly helpful. Thanks Again.

 

You're wlecome.

Lets flush all your restore points and create a new clean one for your system.

Disable And Enable System Restore
How to Protect yourself from malware!

Safe surfing.