?
Solved

webpage redirects after malware removal

Posted on 2010-08-31
6
Medium Priority
?
586 Views
Last Modified: 2013-12-06
I have a WinXPSP3 PC that had Rogue.Antivirus2010 that was removed with Malwarebytes, Combofix and hijackthis
log files below
The system still has browser redirects to http://stop-malware-website.com
The Hosts file looks OK except that the usual sample information is gone and it only has the line 127.0.0.1    localhost
The registry setting for this is:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DataBasePath is set to %SystemRoot%System32\drivers\etc
There is only an lmhosts.sam in this folder. There is not an lmhosts file in this folder.
There is not a proxy in the browser connection settings.
Appreciate any assistance.
Best Regards.

 hijackthis.log ComboFix.txt

0
Comment
Question by:sgt_best
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 8

Expert Comment

by:tskelly082598
ID: 33569744
Using Control Panel, and the Java icon, clear the cache - Go to Temporary Internet Files, Settings, Delete Files, leave Applications and Applets and Trace and Log Files checks, and click OK to Delete.
 
0
 
LVL 22

Accepted Solution

by:
optoma earned 2000 total points
ID: 33570823
0
 
LVL 3

Author Comment

by:sgt_best
ID: 33570888
deleted temp files from java. still have redirect.
0
Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

 
LVL 30

Expert Comment

by:Sudeep Sharma
ID: 33572555
You could use CCleaner to clean the system of any temporary files and junk files

http://www.piriform.com/ccleaner/download

I hope that would help

Sudeep
0
 
LVL 3

Author Closing Comment

by:sgt_best
ID: 33577518
I've never used any of these recommended products.  The links were easy to follow without misleading download links to other products.  
Ran MBRCheck first and it indicated immediately that there was MBR rookit activity.  Ran TDSKiller and it found an MBR Rootkit but did not fix the issue.  Tested after reboot.  Hitman Pro found and resolved the issue.  Thanks to all for the quick responses.
0
 
LVL 22

Expert Comment

by:optoma
ID: 33578130
No prob :)
0

Featured Post

Bringing Advanced Authentication to the SMB Market

WatchGuard announces the acquisition of advanced authentication provider, Datablink, with one mission – to bring secure authentication to SMB, mid-market, and distributed enterprises with a cloud-based solution, ideal for resale via their established channel & MSSP community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Some of the most commonly posted questions in the "Virus & Malware" Zones are related to the family of rogue malware with the date "2012" somewhere in the title. Examples: XP Antispyware 2012 XP Antivirus 2012 XP Security 2012   XP Home Sec…
If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question