BenderBender
asked on
IE Hijacked, Registry shuts down after 15 seconds
Hello,
I have a user who was experiencing a Google Redirect due to a Lando trojan (according to McAfee). McAfee would find the virus each time she went to Google's homepage, but then it would close and IE would close as well.
I ran scans with MalwareBytes and Spybot-S&D, as well as the McAfee Enterprise AV 8.7 (in safe and normal modes). None of them reported finding the file, so on the advice of the avertlabs blog, I deleted wdmaud.drv from the system32 folder.
This seems to have solved the Google issue, but I suspect there is still another virus, as online antivirus scans are blocked and when I go to Windows Update the scan hangs almost immediately.
I've got a HiJack this log that I just created that I'll upload as part of the question.
Thanks,
BenderBender
hijackthis.log
I have a user who was experiencing a Google Redirect due to a Lando trojan (according to McAfee). McAfee would find the virus each time she went to Google's homepage, but then it would close and IE would close as well.
I ran scans with MalwareBytes and Spybot-S&D, as well as the McAfee Enterprise AV 8.7 (in safe and normal modes). None of them reported finding the file, so on the advice of the avertlabs blog, I deleted wdmaud.drv from the system32 folder.
This seems to have solved the Google issue, but I suspect there is still another virus, as online antivirus scans are blocked and when I go to Windows Update the scan hangs almost immediately.
I've got a HiJack this log that I just created that I'll upload as part of the question.
Thanks,
BenderBender
hijackthis.log
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I was able to get this solved by running DaonolFix, which showed that I had a bogus registry item for my aux driver as well as a file under my Documents and Settings that was the cause.
After I used XP Emergency Utilities (http://www.dougknox.com/xp/utils/xp_emerutils.htm) to regain access to the registry I was able to delete the entry and the file. I then restarted and was able to run all of the online virus scan tools and combo fix, as well as access the Registry, MSConfig and the command line.
Unfortunately, the Daonol trojan doesn't show up anywhere on McAfee's site, so there's no help to be found there. I was just lucky and got a suggestion from another forum.
After I used XP Emergency Utilities (http://www.dougknox.com/xp/utils/xp_emerutils.htm) to regain access to the registry I was able to delete the entry and the file. I then restarted and was able to run all of the online virus scan tools and combo fix, as well as access the Registry, MSConfig and the command line.
Unfortunately, the Daonol trojan doesn't show up anywhere on McAfee's site, so there's no help to be found there. I was just lucky and got a suggestion from another forum.
ASKER
I've run every commercial antivirus I could find, Kaspersky, McAfee, Panda, etc... AVG won't install because it says it can't find an internet connection.
Any suggestions?