• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 501
  • Last Modified:

Windows 7 System Restore Virus/Rootkit and browser redirect

One of the machines on the small network that I maintain was infected by the System Restore malware/scamware. It is a Windows 7 32 bit Dell Optiplex 380 connected to a Windows 2003 R2 network. I have run Malwarebytes, Radix, Combofix, and several others. Malwarebytes is my usual go to, and it did catch quite a bit of stuff, but it hasn't resolved everything... the one thing that still hasn't been resolved is the browser redirect. I have not been able to find anything that will help with the redirect issue. Can anyone help?
0
Roger Bailey
Asked:
Roger Bailey
4 Solutions
 
Roger BaileyOperations ManagerAuthor Commented:
The machine does not have any vital information on it, so I am very close to simply reformating...will this eliminate the rootkit?
0
 
sentnerCommented:
Browser redirects are usually fixable with hijackthis.  However, if you are able to do a re-install, that's your safest bet.
0
 
Gary ColtharpSr. Systems EngineerCommented:
Yes, at about 2 hours of effort on malware removal, it is time to wipe and reload.

0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
Chris MillardCommented:
Before doing that however, you could use a program such as ROOTALYZER to check for Rootkits. There are some malware that is HIDDEN from Windows. If Rootalyzer finds anything (use the deep scan option), then you could boot from a Linux LiveCD and remove the offending files...
0
 
Roger BaileyOperations ManagerAuthor Commented:
I am at about 4-6 hours of fighting with this at this point...mostly because I have never run into something this tenacious, and was curious to see what it would take to beat it. Typically I run a few scans, run a fix and its done. I did run ROOTALYZER and it did not give me anything to work with. I ran Malwarebytes first, and after it was done nothing else has been flagged, but I know something is still not right, and the browsers randomly redirect. I ran GMER and it came back with much more info than usual, but I really don't know what I am looking for in all of that. I have not run Hijackthis yet. But it sounds like you guys think that if a wipe and reload is possible that is the best bet?
0
 
sentnerCommented:
Yep, reload is always the safest bet.  Back up any important data, and re-install from scratch.  

If you're just curious though, run hijackthis real quick, and you can paste the logfile here.  

http://free.antivirus.com/hijackthis/
0
 
Roger BaileyOperations ManagerAuthor Commented:
Sentner, the attached txt file is the hijackthis log that you requested. I saw a BHO (the second 02) that had no designation and looked out of place, but other than that everything looked good to me. Any help is appreciated.

hijackthis10-24-11.txt
0
 
edbedbCommented:
0
 
younghvCommented:
Please read through the entire guide for reparing your system found here:
http://www.bleepingcomputer.com/virus-removal/remove-system-restore

Note that there are several applications that you are going to have to use, but you can get your system back to normal. The guides written by "Grinler" (MS MVP) are among the most detailed and accurate available.

Where he mentions "RKill", you can substitute "RogueKiller" as described in this EE Article:
Rogue-Killer-What-a-great-name

With many current variants of malware, you MUST run a rogue process stopper before you can do any other scans.
0
 
Roger BaileyOperations ManagerAuthor Commented:
Hey, I have been out of the office...will try to get back to this later on today.
0
 
Roger BaileyOperations ManagerAuthor Commented:
Well folks, I had tried everything that everyone has posted before you all posted, and I have a functional computer, but there are still things that are off< like certain programs not running in certain profiles etc> At this point, I am chalking this up to my first runnin with a rootkit. I learned a lot about what is available out there. I appreciate your input. My main takeaway, is that backups are important, and after a couple of hours of fighting with it, just wipe and reload. Thanks for your help. I tried to spread the points around to the different ones that had input.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: CompTIA Healthcare IT Tech

This course will help prep you to earn the CompTIA Healthcare IT Technician certification showing that you have the knowledge and skills needed to succeed in installing, managing, and troubleshooting IT systems in medical and clinical settings.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now