• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2114
  • Last Modified:

Virus keeps redirecting my machine to other sites

The machine was infected by some viruses, I scanned it with AVG on another machine, but now when I try to get an update for AVG or go to the AVG web site I.E. gets redirected to other sites.  I ran a Hijack This and got the resulting output.  Can someone take a look at it and see what I need to delete.  I'm not sure what to keep and what to get rid of

Thanks
hijackthis.log
0
c7c4c7
Asked:
c7c4c7
  • 3
  • 2
  • 2
1 Solution
 
IndiGenusCommented:
Hi,
This line indicates a smitfraud infection:
O22 - SharedTaskScheduler: emptins - {588599f4-de26-4c28-ba14-f4eb17e33481} - (no file)
Download SmitfraudFix (by S!Ri) to your Desktop.

http://siri.urz.free.fr/Fix/SmitfraudFix.exe

Reboot your computer in Safe Mode.

If the computer is running, shut down Windows, and then turn off the power.
Wait 30 seconds, and then turn the computer on.
Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
Ensure that the Safe Mode option is selected.
Press Enter. The computer then begins to start in Safe mode.
Login on your usual account.

Double-click SmitfraudFix.exe
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually.

I would also advise you run a scan with MalwareBytes' Anti-Malware:
http://www.malwarebytes.org/mbam.php

0
 
rpggamergirlCommented:
These entries below is the obvious active nasties belonging to smitfraud infection, Smitfraudfix should be able to take care of it as IndiGenus already suggested, other option is MalwawreBytes and SDFix.

O4 - HKLM\..\Policies\Explorer\Run: [isamonitor.exe] C:\Program Files\My Pass Generator\isamonitor.exe
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.downloadcontrol.com/files/installers/cab/SystemDoctor2006FreeInstall.cab

C:\Program Files\My Pass Generator <-- and make sure this folder is gone.
0
 
c7c4c7Author Commented:
rpqqamergirl, Smitfraudfix took care of those entries, but I am still having a problem with updates to things like avg and malwarebytes.  

When I tried to bring the machine up in safe mode I got a blue screen and had to run it in Normal mode.  It got some but not all of whatever the problem is.

When I try to ping everything gets redirected to 127.0.0.1.  When I look for the hosts file and LMhost they are nowhere to be found.  Something is probably redirecting everything for security updates away from the site.

Any ideas

Thx
0
Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

 
rpggamergirlCommented:
Try and download HostsXpert and save it to your desktop:
http://www.funkytoad.com/download/HostsXpert.zip
Extract the zip file to your desktop
Open the folder and double-click on HostsXpert.
Click on "Restore Microsoft's Hosts File".

Also run Combofix.
Please download ComboFix by sUBs:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log and attach it in your next reply by pasting it in the "Code Snippet" or "Attach File" window.
Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.


CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
0
 
c7c4c7Author Commented:
The problem seems to have been corrected by using both SmitFraudFix and MalWareBytes.  The host files turned out to be where they were suppose to be, not sure why the search didn't turn them up.

I'm not having anymore problems with Browser redirection or failure to load the updates for AVG of MalwareBytes

Thanks for the help
0
 
c7c4c7Author Commented:
Thanks again for the help
0
 
IndiGenusCommented:
Great, glad it worked out.

Regards,
Dave
0

Featured Post

Take Control of Web Hosting For Your Clients

As a web developer or IT admin, successfully managing multiple client accounts can be challenging. In this webinar we will look at the tools provided by Media Temple and Plesk to make managing your clients’ hosting easier.

  • 3
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now