Solved

webpage redirects after malware removal

Posted on 2010-08-31
6
582 Views
Last Modified: 2013-12-06
I have a WinXPSP3 PC that had Rogue.Antivirus2010 that was removed with Malwarebytes, Combofix and hijackthis
log files below
The system still has browser redirects to http://stop-malware-website.com
The Hosts file looks OK except that the usual sample information is gone and it only has the line 127.0.0.1    localhost
The registry setting for this is:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DataBasePath is set to %SystemRoot%System32\drivers\etc
There is only an lmhosts.sam in this folder. There is not an lmhosts file in this folder.
There is not a proxy in the browser connection settings.
Appreciate any assistance.
Best Regards.

 hijackthis.log ComboFix.txt

0
Comment
Question by:sgt_best
6 Comments
 
LVL 8

Expert Comment

by:tskelly082598
ID: 33569744
Using Control Panel, and the Java icon, clear the cache - Go to Temporary Internet Files, Settings, Delete Files, leave Applications and Applets and Trace and Log Files checks, and click OK to Delete.
 
0
 
LVL 22

Accepted Solution

by:
optoma earned 500 total points
ID: 33570823
0
 
LVL 3

Author Comment

by:sgt_best
ID: 33570888
deleted temp files from java. still have redirect.
0
Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

 
LVL 29

Expert Comment

by:Sudeep Sharma
ID: 33572555
You could use CCleaner to clean the system of any temporary files and junk files

http://www.piriform.com/ccleaner/download

I hope that would help

Sudeep
0
 
LVL 3

Author Closing Comment

by:sgt_best
ID: 33577518
I've never used any of these recommended products.  The links were easy to follow without misleading download links to other products.  
Ran MBRCheck first and it indicated immediately that there was MBR rookit activity.  Ran TDSKiller and it found an MBR Rootkit but did not fix the issue.  Tested after reboot.  Hitman Pro found and resolved the issue.  Thanks to all for the quick responses.
0
 
LVL 22

Expert Comment

by:optoma
ID: 33578130
No prob :)
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The purpose of this Article is to provide information for a newly released variant of malware – with the assumption that many EE Members will have need of the information. According to “Computerworld”, well over one million web sites have been co…
By the time you finish reading this article, you may have already lost all your money because you don't know the simple steps to securing your BitCoin wallet. BitCoin is an incredible invention. It is a decentralized currency system, which is the…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question