url/dns redirect malware

Discussion in 'Malware Help (A Specialist Will Reply)' started by kakashi85, Nov 23, 2008.

  1. kakashi85

    kakashi85 Private E-2

    Hello,

    I am new to this forum, any help would be greatly appreciated! I have been experiencing issues with my browsers, every link i try to access randomly succeeds or is redirected to some spamming sites. Also Sites such as windows update either give 404 or redirects to msn.com; the files i had to download to carry out the TUTORIAL from this forum also resulted in similar issues (i couldnt dwl most of them from this laptop actually since they urls all gave 404 or were redirected)

    I started having this issue a couple of days ago, and Norton Internet Security or MBAM both gave me 0 threat issues. Since using these software failed to resolve my problem, i went back to my classic way of dealing with malware which is reverting to a previous safe image of my 'VISTA' partition. But the latter failed also, and now i am clueless how to get rid of this infection. FYI, i think i also spread this malware to my backup computer via a USB drive!!!! This issue is really being a pain for me now cause if it is also spreading via usb devices, i might have to clean up all the external hdd i had connected too :(

    Any help is welcome, hope my description wasnot too lengthy but resourceful!
    Btw, i also verified my DNS Server everytime using ipconfig/all, it was always 192.168.0.1. And finally, i use 90% of the time Chrome as browser but also firefox3 and rarely ie7

    Attached are the requested logs as mentioned in the FAQ. As you have guessed, the steps from the FAQ, failed to resolve my issue.



    Thanks in advance,
     

    Attached Files:

    kakashi85, Nov 23, 2008
    #1
  2. kakashi85

    kakashi85 Private E-2

    following up on my initial post, attached is the 4th log file.

    i attached another text file, im not sure if i did something wrong during the MGLog step since i got an app that crashed so windows told me. The info is in the other text file i attached.

    Once again, thanks a lot for any help. I would really appreciate if you guys can help me completely wipe this malware from my computers.




    Cheers,
     

    Attached Files:

    kakashi85, Nov 23, 2008
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    Well some malware was already found and removed and we have some more to remove but I'm not sure if it is the cause of your redirects.
    • Have you tried multiple browsers and do they all redirect?
    • Do you have router? If yes, try bypassing it temporarily and directly connect your PC to the Cable or DSL modem...etc and see if it still happens.
    • Does it happen in safe boot mode.
    One of the infections you had infects ALL drives including removable drives like USB flash drives. So any that you have may be infected. And if you plugged the removable media into any other PCs, those PCs may now be infected. Look for files with names exactly like below on all drives and delete them if found

    Autorun.inf
    resycled <--- this is a folder
    resycled\boot.com

    Uninstall the below old versions of software:
    Java(TM) 6 Update 4
    Java(TM) 6 Update 7
    Java(TM) SE Development Kit 6 Update 7

    Now we need to use ComboFix to remove a bunch of malware files.
    • Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
      • If it is not on your Desktop, the below will not work.
    • Open Notepad and copy/paste the text in the below quote box into it:
    • Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    • You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    • Now use your mouse to drag CFscript.txt on top of ComboFix.exe
    • Follow the prompts.
    • When it finishes, a log will be produced named c:\combofix.txt
    • I will ask for this log below
    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.

    Now run Ccleaner!

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:
    • C:\ComboFix.txt
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
    chaslang, Nov 26, 2008
    #3
  4. kakashi85

    kakashi85 Private E-2

    letme thank you first for helping me out !!! greatly appreciated!!! :)


    Have you tried multiple browsers and do they all redirect?
    >> yes, tested with chrome,firefox3 and ie7. all shows similar symptoms

    Do you have router? If yes, try bypassing it temporarily and directly connect your PC to the Cable or DSL modem...etc and see if it still happens.
    >> wooow, i had no clue why doing this would achieve anything but i'm surprised. I tried reproducing the url redirects, no issue so far. I can access windows update website, and i can dwl all the malware help programs without any problems. I';m guessing the url redirect is redirecting via my router? I would appreciate any info how this is possible :S
    Btw, i hardwired connection directly from modem to laptop now instead of using wireless feed from router as suggested(no router connected on this test run)

    Does it happen in safe boot mode.
    >> same behaviour, still url redirected, i.e with the wireless connection from router

    Uninstall the below old versions of software:
    Java(TM) 6 Update 4
    Java(TM) 6 Update 7
    Java(TM) SE Development Kit 6 Update 7
    >> Done


    One of the infections you had infects ALL drives including removable drives like USB flash drives. So any that you have may be infected. And if you plugged the removable media into any other PCs, those PCs may now be infected. Look for files with names exactly like below on all drives and delete them if found
    Autorun.inf
    resycled <--- this is a folder
    resycled\boot.com
    >> Would you have any suggestions for me as how i could clean up my external hdds? I have two ext hdds to clean up, any special software or ways to clean them without both the pc and ext device reinfecting each other?

    Make sure you tell me how things are working now!
    >> ATtached are the requested logs.



    If i may add some more, I really don't care about my windows partition i.e Drive C:
    But as we both confirmed, i had a malware that has probably spread on my
    3 other partitions on this laptop + on my two extarnal harddrives.

    What i need most now is a complete cleanup of my secondary partitions and external drives!! I can delete the c: partition anytime without worries. I welcome any suggestion you can give me later on after this first cleaning up phase. Maybe i can boot windows live from cd and clean up from this OS since the malware won;t be able to infect anything anymore???



    Once again, thanks for the help!
     

    Attached Files:

    kakashi85, Nov 27, 2008
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome.

    The infection you have is known to infect router hardware. Sinc you have a router hooked up then you need to follow the instructions for your hardware and reset it to factory default settings. Normally there is a recessed push button type switch that needs to be held down for some number of seconds to do this. After resetting to factory defaults on your router, you will need to reconfigure the router for your network if you have made any changes to the default network setup.

    Afterwards put your router back inline and make sure everything is working ok.

    You need to plug them in and manually look for any of those files/folders and delete them if found. And then leave them plugged in and run full scans on your system ( on all drives ) just to be sure nothing else is found.

    Your C drive appears to be okay now. You do not need to delete the C partition.


    Your logs are clean. Just tell me how things are working now.
     
    chaslang, Nov 28, 2008
    #5

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds