Search Engine Redirect Challenge

Approximately two weeks ago I encountered the search engine redirect virus or trojan. I have not been able to identify the particular malware at this point. Though I have attempted to follow the guides posted herein, such as the malware removal instructions, I've been stymied at every turn.

Initially, Windows Update, Malwarebytes update, McAfee Update, and Microsoft Security Essentials update would trigger the blue screen. I noted that each time the file involved was atapi.sys.

Windows Update is now working, as is McAfee Update. But Malwarebytes, Microsoft Security Essentials, Spybot-Search and Destroy, and TDSS Killer will not run. When I try those programs in Safe Mode, they never open. TDSS Killer, the latest version recommended here at Major Geeks, produces an error message at 80%.

Scans with McAfee report that I am 'clean', but the printable report lists 2 trojans found. However, the McAfee quarantine folder is empty each time.

I completed the "READ & RUN ME FIRST. Malware Removal Guide", including running the required utilities, showing hidden files, and the others without a problem. But beyond that, with most of the steps denied to me, I'm stuck up to my neck.

I was able to run Stinger and attached that log, as well as one small bit of the GMER results.

Thanks in advance for your aid, and patience with an old geezer that will have to work through this slowly.

 

What Windows operating system are you using, and do you have it's boot DVD? If not - do you have access to another pc to burn a disc in case we need it?

I am using XP Pro (32bit), Service Pack 3, on an older Dell Dimension 8200 with 1 gig of RAM at 2GHz. I have a 500gig external harddrive that backs up a lot of critical business documents and a lot of HD video of the grandkids and professional projects. I also have a 2gig USB thumb drive that I have used to run some of the utilities suggested elsewhere within this forum. The latter met with little success.

I have the Dell Operating System Reinstallation CD (dated 2001).

I do have access to my son's computers. He actually has a couple that are less than a year old. I think his OS is Windows 7. I just tend to plug in new components until I can't upgrade hardware to handle a newer OS when my OS is no longer supported. Did I mention that I'm older than dirt and reluctant to change?

For that reason, I'm going to be slower to enact your instructions because of a heavy schedule of work, grandkids, gardening, etc. I may be slow, but I'm dogged in doing things the right way. It is just that I have only a very limited time each day to work on this. However, I should be able to respond once each day, depending upon the depth of tasks you suggest.

I do have a fairly solid working knowledge of computers and code, though my coding was decades ago in Cobol, Fortran, and Basic. So I'm slow because I double and triple check every step before enacting it.

I have noticed that this malodorous script can be suspended temporarily. If I empty every possible cache and restore IE8's Advanced Settings, or perhaps Reset IE8 to the original default, the problem disappears for a short time.

Thank you for responding so quickly to my plea for assistance.

 

After placing the latest TDSSKiller into the C: drive root directory, I attempted booting via the Dell Windows disk, with no luck. It has been many months since I used the CD drive. It may have been bumped out of line when I installed a DVD player, which I never really use.

I did attempt to install the Recovery Console from within Windows, but it warns me that I would have to drop back to an earlier version of Windows. That concerns me.

Due to time constraints (business today and Saturday filled with the grandkids' soccer and baseball games), it may be Monday before I can crack the tower and pull that unused DVD player out and get my CD drive plugged in directly, thereby allowing me to boot directly from it. That's no big deal. I need to clean the dust and lint out of the interior anyway.

Thanks for your patience, and if there is an alternative process you consider worthy, I'll try that, also.

 

Having unexpected events call me away from the computer for several days, I returned to discover that McAfee seems to have updated its definitions. The security report indicated it had found one trojan and one rootkit. The drive letters for the CD, DVD, and 500gig backup drive were all neatly rearranged and assigned properly. Each also worked properly.

I checked the McAfee quarantine folders. There was neither a rootkit nor trojan listed therein in 'quarantined items', though there were several hundred 'potentially unwanted programs'. The latter, as you know, are often nothing more than tracking cookies. In my eagerness, I just deleted all those and went on to check other issues.

The search engine redirect issue has vanished. Malwarebytes will run now.
Microsoft Security Essentials, which would not function earlier, now runs smoothly. The formerly disabled TDSSKiller will now run from C:/ root directory. Reports by each indicate no issues.

So, pending your advice, I think I should now redirect my efforts towards improving basic operating functions and the security of my computer.

 

I reviewed the malware sticky you linked and it appears I'm about 95% compliant. So I haven't got that much work to do in order to get up to 'full shields'.

Thank you very much for your advice and patience.