Redirects, now no DNS resolving

Hello:

A friend asked me to look at his computer. Started out with a lot of redirects with IE or Chrome. He tried a sytem restore (which failed) and now has no DNS resolution. Won't ping anything by URL but will by IP address. Machine has no useable internet access...

Ran: 'Fixing Google Redirection/hijacking and other redirection problems'

Then: 'Windows XP Malware Removal/Cleaning Procedure'

Some items were 'cleaned' by the various tools but machine's behavior is unchanged.

Thanks in advance for looking the logs over.

Neil

 

Hello NJD

http://img196.imageshack.us/img196/3557/tdsskiller.gif Re-scan with TDSSKiller with the parameters you used before.
This time if TDSS File System appears, delete it!
Then attach the latest TDSSKiller log. (How to attach)

http://img805.imageshack.us/img805/9659/rktigzy.gif Delete items using RogueKiller.

Double-click RogueKiller.exe to run. (Vista/7 right-click and select Run as Administrator)
When it opens, press the Scan button.
After scanning is complete, press the Delete button.
Attach the latest RogueKiller report when finished. (How to attach)

__

http://img853.imageshack.us/img853/6741/addremovexp.gif From Add/Remove Programs (via Control Panel), please uninstall the below:

• J2SE Runtime Environment 5.0 Update 6
• Java(TM) 6 Update 11
• Norton 360
• Norton Security Scan (Symantec Corporation)
• Norton Security Scan

__

Reboot

__

Now download and run: Norton Removal Tool

__

Reboot

__

http://img823.imageshack.us/img823/2039/msnmsg.gif Please download Disable/Remove Windows Messenger to your desktop.

• Double-click MessengerDisable.exe to run it.
• Place checkmarks in "Uninstall Windows Messenger" and "Hide Messenger from Outlook Express"
• Click Apply
• Click Exit

__

http://img254.imageshack.us/img254/945/baticonxp.gif Now run C:\MGtools\GetLogs.bat by double-clicking it.
This updates all of the logs inside MGlogs.zip.
When it is finished, attach C:\MGlogs.zip to your next message. (How to attach)

 

thisisu:

Thanks for your response, after following your instructions the logs are attached.

Still getting 'cannot display the webpage' errors with IE and cannot ping using a domain name (Google.com). Pinging Google at '74.125.225.71' gets normal responses.

Thanks again, here are the logs...

Neil

 

Open the Device Manager

• Press and hold the Windows key http://i1106.photobucket.com/albums/h363/debojyotidas/Windows_Logo_key.gif and then press the letter R on your keyboard.
• This opens the Run dialog box.
• Copy and paste the below text inside the text-field:
  • devmgmt.msc
• Now press ENTER
• Collapse the Network Adapters list.
• Right mouse click: Broadcom NetXtreme 57xx Gigabit Controller
• Choose "Uninstall".
• You be asked to confirm your actions, choose OK and let it uninstall.
• If it asks you if you want to delete the driver software / files too, say No.
• When you have done this and Broadcom NetXtreme 57xx Gigabit Controller is no longer in the Device Manager list -- Press the Scan for hardware changes button (http://img803.imageshack.us/img803/2868/scanhardware.png) or Action -> Scan for hardware changes
• Allow it to reinstall your network adapter.
• Reboot for changes to occur.
• Test internet once you have rebooted.

 

thisisu:

OUTSTANDING!!!

Thanks - posting from the 'bad' machine now.


Any other scans you suggest to verify / ensure this machines cleanliness?

Other than schooling my friend to run a better A/V...
(Is any A/V program 100%???)

Thanks again, Neil

 

You're welcome.
No anti-virus is 100%.

http://img254.imageshack.us/img254/945/baticonxp.gif Now run C:\MGtools\GetLogs.bat by double-clicking it.
This updates all of the logs inside MGlogs.zip.
When it is finished, attach C:\MGlogs.zip to your next message. (How to attach)

 

thisisu:

>No anti-virus is 100%.

I hear that. SandboxIE and care has kept me out of trouble for years now.

Here is the most recent log .zip

Best regards,

Neil

 

Hi Neil,

Your latest logs are clean.
However, next time, please wait until we are all finished before you install additional software. (This is also stated in the Read and Run Me first thread)

__

If you are not having any other malware related problems, it is time to do our final steps:

• Any programs we had you download and/or install can be removed at this time.
• If we had you download and run ComboFix, here is how to uninstall it:
  • Press and hold the Windows key http://i1106.photobucket.com/albums/h363/debojyotidas/Windows_Logo_key.gif and then press the letter R on your keyboard.
  • This opens the Run dialog box.
  • Copy and paste the below text inside the text-field:
    • "%userprofile%\desktop\ComboFix" /uninstall
  • Now press ENTER
  • ComboFix will extract its files one last time and you should receive a notification that ComboFix has been uninstalled shortly after.
• You can re-enable your Disk Emulation software at this time via DeFogger.
• If we had you create or download a registry patch or "fix" script, these can be deleted at this time.
• Go into the C:\MGtools folder and run the MGclean.bat file to remove additional traces of our tools.
• Now we will toggle System Restore to remove any infected system restore points.
  • Read this: How to Disable And Enable System Restore
• Lastly, here is a guide to protect you from future infections: How to Protect yourself from malware!
• Be safe

 

thisisu:

Thanks for your help - it is appreciated.

Neil