Solved

Virus keeps redirecting my machine to other sites

Posted on 2008-10-22
7
2,065 Views
Last Modified: 2013-12-08
The machine was infected by some viruses, I scanned it with AVG on another machine, but now when I try to get an update for AVG or go to the AVG web site I.E. gets redirected to other sites.  I ran a Hijack This and got the resulting output.  Can someone take a look at it and see what I need to delete.  I'm not sure what to keep and what to get rid of

Thanks
hijackthis.log
0
Comment
Question by:c7c4c7
  • 3
  • 2
  • 2
7 Comments
 
LVL 20

Accepted Solution

by:
IndiGenus earned 250 total points
ID: 22782162
Hi,
This line indicates a smitfraud infection:
O22 - SharedTaskScheduler: emptins - {588599f4-de26-4c28-ba14-f4eb17e33481} - (no file)
Download SmitfraudFix (by S!Ri) to your Desktop.

http://siri.urz.free.fr/Fix/SmitfraudFix.exe

Reboot your computer in Safe Mode.

If the computer is running, shut down Windows, and then turn off the power.
Wait 30 seconds, and then turn the computer on.
Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
Ensure that the Safe Mode option is selected.
Press Enter. The computer then begins to start in Safe mode.
Login on your usual account.

Double-click SmitfraudFix.exe
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually.

I would also advise you run a scan with MalwareBytes' Anti-Malware:
http://www.malwarebytes.org/mbam.php

0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 22782204
These entries below is the obvious active nasties belonging to smitfraud infection, Smitfraudfix should be able to take care of it as IndiGenus already suggested, other option is MalwawreBytes and SDFix.

O4 - HKLM\..\Policies\Explorer\Run: [isamonitor.exe] C:\Program Files\My Pass Generator\isamonitor.exe
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.downloadcontrol.com/files/installers/cab/SystemDoctor2006FreeInstall.cab

C:\Program Files\My Pass Generator <-- and make sure this folder is gone.
0
 

Author Comment

by:c7c4c7
ID: 22782289
rpqqamergirl, Smitfraudfix took care of those entries, but I am still having a problem with updates to things like avg and malwarebytes.  

When I tried to bring the machine up in safe mode I got a blue screen and had to run it in Normal mode.  It got some but not all of whatever the problem is.

When I try to ping everything gets redirected to 127.0.0.1.  When I look for the hosts file and LMhost they are nowhere to be found.  Something is probably redirecting everything for security updates away from the site.

Any ideas

Thx
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 
LVL 47

Expert Comment

by:rpggamergirl
ID: 22782337
Try and download HostsXpert and save it to your desktop:
http://www.funkytoad.com/download/HostsXpert.zip
Extract the zip file to your desktop
Open the folder and double-click on HostsXpert.
Click on "Restore Microsoft's Hosts File".

Also run Combofix.
Please download ComboFix by sUBs:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log and attach it in your next reply by pasting it in the "Code Snippet" or "Attach File" window.
Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.


CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
0
 

Author Comment

by:c7c4c7
ID: 22787444
The problem seems to have been corrected by using both SmitFraudFix and MalWareBytes.  The host files turned out to be where they were suppose to be, not sure why the search didn't turn them up.

I'm not having anymore problems with Browser redirection or failure to load the updates for AVG of MalwareBytes

Thanks for the help
0
 

Author Closing Comment

by:c7c4c7
ID: 31509008
Thanks again for the help
0
 
LVL 20

Expert Comment

by:IndiGenus
ID: 22789108
Great, glad it worked out.

Regards,
Dave
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Now-a-days, indirectly, postal services have been replaced by email services. Yes, whenever we hear the word "email" a lot of people only think of gmail. Some people still think that email and gmail are one and the same thing :-). Let's see some …
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
This Micro Tutorial will demonstrate how to add subdomains to your content reports. This can be very importing in having a site with multiple subdomains.
This Micro Tutorial will demonstrate how nuggets on the Web are formatted by using Chrome Developer Tools. These tools would not only view the site's CSS but it can also modify it and save the CSS to use on your own site.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now