Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Virus keeps redirecting my machine to other sites

Posted on 2008-10-22
7
Medium Priority
?
2,108 Views
Last Modified: 2013-12-08
The machine was infected by some viruses, I scanned it with AVG on another machine, but now when I try to get an update for AVG or go to the AVG web site I.E. gets redirected to other sites.  I ran a Hijack This and got the resulting output.  Can someone take a look at it and see what I need to delete.  I'm not sure what to keep and what to get rid of

Thanks
hijackthis.log
0
Comment
Question by:c7c4c7
  • 3
  • 2
  • 2
7 Comments
 
LVL 20

Accepted Solution

by:
IndiGenus earned 1000 total points
ID: 22782162
Hi,
This line indicates a smitfraud infection:
O22 - SharedTaskScheduler: emptins - {588599f4-de26-4c28-ba14-f4eb17e33481} - (no file)
Download SmitfraudFix (by S!Ri) to your Desktop.

http://siri.urz.free.fr/Fix/SmitfraudFix.exe

Reboot your computer in Safe Mode.

If the computer is running, shut down Windows, and then turn off the power.
Wait 30 seconds, and then turn the computer on.
Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
Ensure that the Safe Mode option is selected.
Press Enter. The computer then begins to start in Safe mode.
Login on your usual account.

Double-click SmitfraudFix.exe
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually.

I would also advise you run a scan with MalwareBytes' Anti-Malware:
http://www.malwarebytes.org/mbam.php

0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 22782204
These entries below is the obvious active nasties belonging to smitfraud infection, Smitfraudfix should be able to take care of it as IndiGenus already suggested, other option is MalwawreBytes and SDFix.

O4 - HKLM\..\Policies\Explorer\Run: [isamonitor.exe] C:\Program Files\My Pass Generator\isamonitor.exe
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.downloadcontrol.com/files/installers/cab/SystemDoctor2006FreeInstall.cab

C:\Program Files\My Pass Generator <-- and make sure this folder is gone.
0
 

Author Comment

by:c7c4c7
ID: 22782289
rpqqamergirl, Smitfraudfix took care of those entries, but I am still having a problem with updates to things like avg and malwarebytes.  

When I tried to bring the machine up in safe mode I got a blue screen and had to run it in Normal mode.  It got some but not all of whatever the problem is.

When I try to ping everything gets redirected to 127.0.0.1.  When I look for the hosts file and LMhost they are nowhere to be found.  Something is probably redirecting everything for security updates away from the site.

Any ideas

Thx
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 47

Expert Comment

by:rpggamergirl
ID: 22782337
Try and download HostsXpert and save it to your desktop:
http://www.funkytoad.com/download/HostsXpert.zip
Extract the zip file to your desktop
Open the folder and double-click on HostsXpert.
Click on "Restore Microsoft's Hosts File".

Also run Combofix.
Please download ComboFix by sUBs:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log and attach it in your next reply by pasting it in the "Code Snippet" or "Attach File" window.
Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.


CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
0
 

Author Comment

by:c7c4c7
ID: 22787444
The problem seems to have been corrected by using both SmitFraudFix and MalWareBytes.  The host files turned out to be where they were suppose to be, not sure why the search didn't turn them up.

I'm not having anymore problems with Browser redirection or failure to load the updates for AVG of MalwareBytes

Thanks for the help
0
 

Author Closing Comment

by:c7c4c7
ID: 31509008
Thanks again for the help
0
 
LVL 20

Expert Comment

by:IndiGenus
ID: 22789108
Great, glad it worked out.

Regards,
Dave
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

#Citrix #Internet Explorer #Enterprise Mode #IE 11 #IE 8
Curious about the latest ransomware attack? Check out our timeline of events surrounding the spread of this new virus along with tips on how to mitigate the damage.
Shows how to create a shortcut to site-search Experts Exchange using Google in the Chrome browser. This eliminates the need to type out site:experts-exchange.com whenever you want to search the site. Launch the Search Engine Menu: In chrome, via you…
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…

877 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question