Redirect, audio and bluescreen combo

Hello there,

I picked up the redirect virus a few days ago, but other than open a few extra FireFox tabs it didn't bother me much. Then it progressed to stopping tabs opening and I had to look at all sites in cache form. Then AVG began going mental and reporting a million threats, mostly zbot I think.

Then the audio was hijacked and began playing random adverts and film trailers without apparent cause, which was a pain. So I joined your forum and began going through the recommended software, I have a goored.fix log, an mbam and the other one. MBR? I will also have a super antialware log somewhere, but no idea where it saved to.

After the last scan the computer began bluescreening fast and hard, and only stays on for about three minutes at a time. Hence me writing this on my phone. The computer is an Acer Aspire laptop 8935 running win 7.

Thanks in advance for any help, things are quite dire.

 

Hi and welcome to Major Geeks!

Please attach the logs from gooredfix, mbam and MBRCheck to your next message. (How to attach items to your post)

By default, for Windows 7, it can be found here:
C:\Users\<YourUserNameHere>\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Logs
I understand your computer won't stay booted up for long, but you may be able to do the following to save the log from SAS in an easier to find location so you can attach it:

Which scan did you run last? and which BSOD STOP code are you getting? e.g. 0X000000F4

Also, if you have them, attach ComboFix.txt as well as MGlogs.zip (How to attach items to your post)

 

I think thats it

Crash number is 000008E I think
R

 

Hi,

Do you also have ComboFix.txt and MGlogs.zip
Please run those programs if you haven't already and attach the logs when you are finished.

Also, you did not answer my previous question: Which scan did you run last?

 

Hi, I do not have those logs as it bsod before I can download them. The mbad log was the last one I received, I believe, so that would be the last thing I did.

Sorry I didn't answer yr question, I was rushing to upload before the crash, and then I didn't want to bump the thread
Thanks
Rich

 

MBAM did not delete anything critical to the OS booting up

Please boot into Safe Mode with Networking (Starting your computer in Safe Mode with Networking)

Once in Safe Mode with Networking...

Please download RKill by Grinler to your desktop.
RKill is an easy to use tool that kills known processes that stop the use of our normal anti-malware applications. Simple as that. Nothing fancy. Just kill known malware processes so that anti-malware programs can do their job.

RKill can be downloaded from the following locations. Please note that the other filenames below are RKill as well, just renamed in order to allow it run by certain malware.
Note: You only need to get one of them to run, not all of them.

RKill.com Download Link
RKill.exe Download Link
RKill.scr Download Link
eXplorer.exe Download Link - This renamed copy may trigger an alert from MBAM. It can be ignored and is safe.
iExplore.exe Download Link
WiNlOgOn.exe Download Link
uSeRiNiT.exe Download Link

After you get one of these to work, try to download and run ComboFix.exe

Let me know if you were successful in doing this or not.

 

Hello there

I ran Rkill, the log is attached, I dont think it did anything.
Downloaded ComboFix, but it is having a sulk about AVG being on.

I disabled AVG Resident Shield, but it still refused to run, I went into msconfig and disabled AVG from starting up, but CF still gave the error message. Finally I uninstalled AVG completely and restarted, and yet ConboFix resolutely insists I am running it and issues dire warnings as to the status of my machine if I dare continue... so I havent run it yet

Please advise!

Thanks
R

 

Skip running ComboFix for now and provide MGlogs.zip by running MGtools.exe from the root of your C: drive.

 

Try the following from Normal Mode first, if you get a BSOD before you can finish these steps, attempt the same steps while in Safe Mode with Networking.

Please download The Avenger by Swandog46 to your desktop.
See the download links under this icon: http://forums.majorgeeks.com/chaslang/images/MGDownloadLoc.gif

• Open avenger.zip and extract avenger.exe to your desktop
• Run avenger.exe by double-clicking on it.
• Click OK at the warning to continue to use The Avenger.
  Note: Do not change any of the check box options!
• Shut down your protection software now to avoid possible conflicts.
• Copy everything in the Quote box below, and paste it into the Input script here: part of The Avenger.
  
• Now click the http://img651.imageshack.us/img651/7710/avengerexec.png button.
• Click Yes to the prompt to confirm you want to execute.
• Click Yes to the Reboot now? question that will appear when The Avenger finishes running.
• Your PC should reboot, if not, reboot it yourself.
• A log file from The Avenger will be produced at C:\avenger.txt and it will pop-up for you to view when you login after reboot.
• Attach this log to your next message. (How to attach items to your post)

You have an infected Master Boot Record (MBR), we recommend that you back up any important data before proceeding!
MBR infections are only worsening and sometimes (rarely) make the computer unbootable after attempting to correct it. So here is a fair warning. Continue with the below if you wish to attempt to remove this infection:
_________________________________________________________________

1. Boot your computer to the Windows 7 DVD (or to a "Repair CD"). At this screen choose to install now.
http://www.sevenforums.com/attachments/tutorials/25672d1251414873-mbr-restore-windows-7-master-boot-record-mbr_02.png

2. Select your language and click next.
http://www.sevenforums.com/attachments/tutorials/25673d1251414836-mbr-restore-windows-7-master-boot-record-mbr_03.png

3. Click the button for "Use recovery tools".
http://www.sevenforums.com/attachments/tutorials/25674d1251414836-mbr-restore-windows-7-master-boot-record-mbr_04.png

4. Then select "Command Prompt".
http://www.sevenforums.com/attachments/tutorials/25675d1251414836-mbr-restore-windows-7-master-boot-record-mbr_05.png

5. When open, the command prompt will look like this:
http://www.sevenforums.com/attachments/tutorials/53598d1251414836-mbr-restore-windows-7-master-boot-record-mbr_16.png

6. Type in bootrec /fixmbr and press ENTER

7. You should see:
http://img19.imageshack.us/img19/4114/operationcompletedsucce.png

8. Type exit and press ENTER

9. Reboot your PC

Now rerun MBRCheck and attach its latest log. (How to attach items to your post)

 

OK thanks for that.

I will have to hoick out the hard drive first and (try to) back it up somewhere else before I get into this, as I cant attach a external drive in safe mode. Well, I know it is possible if you reassign the drive letter in Disk Management but it is giving me an error message and not playing nicely.

It will take me a couple of days to do this, so please be assured I have not gone AWOL

Thanks
Rich