Solved

webpage redirects after malware removal

Posted on 2010-08-31
6
581 Views
Last Modified: 2013-12-06
I have a WinXPSP3 PC that had Rogue.Antivirus2010 that was removed with Malwarebytes, Combofix and hijackthis
log files below
The system still has browser redirects to http://stop-malware-website.com
The Hosts file looks OK except that the usual sample information is gone and it only has the line 127.0.0.1    localhost
The registry setting for this is:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DataBasePath is set to %SystemRoot%System32\drivers\etc
There is only an lmhosts.sam in this folder. There is not an lmhosts file in this folder.
There is not a proxy in the browser connection settings.
Appreciate any assistance.
Best Regards.

 hijackthis.log ComboFix.txt

0
Comment
Question by:sgt_best
6 Comments
 
LVL 8

Expert Comment

by:tskelly082598
ID: 33569744
Using Control Panel, and the Java icon, clear the cache - Go to Temporary Internet Files, Settings, Delete Files, leave Applications and Applets and Trace and Log Files checks, and click OK to Delete.
 
0
 
LVL 22

Accepted Solution

by:
optoma earned 500 total points
ID: 33570823
0
 
LVL 3

Author Comment

by:sgt_best
ID: 33570888
deleted temp files from java. still have redirect.
0
Gigs: Get Your Project Delivered by an Expert

Select from freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely and get projects done right.

 
LVL 29

Expert Comment

by:Sudeep Sharma
ID: 33572555
You could use CCleaner to clean the system of any temporary files and junk files

http://www.piriform.com/ccleaner/download

I hope that would help

Sudeep
0
 
LVL 3

Author Closing Comment

by:sgt_best
ID: 33577518
I've never used any of these recommended products.  The links were easy to follow without misleading download links to other products.  
Ran MBRCheck first and it indicated immediately that there was MBR rookit activity.  Ran TDSKiller and it found an MBR Rootkit but did not fix the issue.  Tested after reboot.  Hitman Pro found and resolved the issue.  Thanks to all for the quick responses.
0
 
LVL 22

Expert Comment

by:optoma
ID: 33578130
No prob :)
0

Featured Post

Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The intent of this Article is to provide the basic First Aid steps for working through most malware infections. The target audience includes experienced IT professionals and the casual user who just wants to make the infection go away. **********…
Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

805 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question