Solved

webpage redirects after malware removal

Posted on 2010-08-31
6
578 Views
Last Modified: 2013-12-06
I have a WinXPSP3 PC that had Rogue.Antivirus2010 that was removed with Malwarebytes, Combofix and hijackthis
log files below
The system still has browser redirects to http://stop-malware-website.com
The Hosts file looks OK except that the usual sample information is gone and it only has the line 127.0.0.1    localhost
The registry setting for this is:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DataBasePath is set to %SystemRoot%System32\drivers\etc
There is only an lmhosts.sam in this folder. There is not an lmhosts file in this folder.
There is not a proxy in the browser connection settings.
Appreciate any assistance.
Best Regards.

 hijackthis.log ComboFix.txt

0
Comment
Question by:sgt_best
6 Comments
 
LVL 8

Expert Comment

by:tskelly082598
Comment Utility
Using Control Panel, and the Java icon, clear the cache - Go to Temporary Internet Files, Settings, Delete Files, leave Applications and Applets and Trace and Log Files checks, and click OK to Delete.
 
0
 
LVL 22

Accepted Solution

by:
optoma earned 500 total points
Comment Utility
0
 
LVL 3

Author Comment

by:sgt_best
Comment Utility
deleted temp files from java. still have redirect.
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 29

Expert Comment

by:Sudeep Sharma
Comment Utility
You could use CCleaner to clean the system of any temporary files and junk files

http://www.piriform.com/ccleaner/download

I hope that would help

Sudeep
0
 
LVL 3

Author Closing Comment

by:sgt_best
Comment Utility
I've never used any of these recommended products.  The links were easy to follow without misleading download links to other products.  
Ran MBRCheck first and it indicated immediately that there was MBR rookit activity.  Ran TDSKiller and it found an MBR Rootkit but did not fix the issue.  Tested after reboot.  Hitman Pro found and resolved the issue.  Thanks to all for the quick responses.
0
 
LVL 22

Expert Comment

by:optoma
Comment Utility
No prob :)
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

PREFACE The purpose of this guide is to explain what the SEPC Status Utility is and how it works. I have written the utility using AutoIt and have included the source code for your review. You are welcome to modify the code to your liking, but I wi…
To Remove Security Suite for Windows Malware from a Windows XP Machine:  Restart computer in Safe Mode (to do this see http://tinyurl.com/me78p) Login as Administrator Go to My Computer /Tools/ Folder Options/ View/  check mark the selectio…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now