Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

webpage redirects after malware removal

Posted on 2010-08-31
6
Medium Priority
?
589 Views
Last Modified: 2013-12-06
I have a WinXPSP3 PC that had Rogue.Antivirus2010 that was removed with Malwarebytes, Combofix and hijackthis
log files below
The system still has browser redirects to http://stop-malware-website.com
The Hosts file looks OK except that the usual sample information is gone and it only has the line 127.0.0.1    localhost
The registry setting for this is:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DataBasePath is set to %SystemRoot%System32\drivers\etc
There is only an lmhosts.sam in this folder. There is not an lmhosts file in this folder.
There is not a proxy in the browser connection settings.
Appreciate any assistance.
Best Regards.

 hijackthis.log ComboFix.txt

0
Comment
Question by:sgt_best
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 8

Expert Comment

by:tskelly082598
ID: 33569744
Using Control Panel, and the Java icon, clear the cache - Go to Temporary Internet Files, Settings, Delete Files, leave Applications and Applets and Trace and Log Files checks, and click OK to Delete.
 
0
 
LVL 22

Accepted Solution

by:
optoma earned 2000 total points
ID: 33570823
0
 
LVL 3

Author Comment

by:sgt_best
ID: 33570888
deleted temp files from java. still have redirect.
0
Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

 
LVL 30

Expert Comment

by:Sudeep Sharma
ID: 33572555
You could use CCleaner to clean the system of any temporary files and junk files

http://www.piriform.com/ccleaner/download

I hope that would help

Sudeep
0
 
LVL 3

Author Closing Comment

by:sgt_best
ID: 33577518
I've never used any of these recommended products.  The links were easy to follow without misleading download links to other products.  
Ran MBRCheck first and it indicated immediately that there was MBR rookit activity.  Ran TDSKiller and it found an MBR Rootkit but did not fix the issue.  Tested after reboot.  Hitman Pro found and resolved the issue.  Thanks to all for the quick responses.
0
 
LVL 22

Expert Comment

by:optoma
ID: 33578130
No prob :)
0

Featured Post

Tech or Treat!

Submit an article about your scariest tech experience—and the solution—and you’ll be automatically entered to win one of 4 fantastic tech gadgets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Operating system developers such as Microsoft (https://www.microsoft.com) and Apple have made incredible strides in virus protection over the past decade. Operating systems come packaged with built in defensive tools such as virus protection and a f…
This article investigates the question of whether a computer can really be cleaned once it has been infected, and what the best ways of cleaning a computer might be (in this author's opinion).
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question