Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Fedex redirect virus

Posted on 2012-12-27
15
906 Views
Last Modified: 2012-12-28
I am dealing with the Fedex Virus. I followed http://www.techjaws.com/fedex-email-malicious-attachment/ instructions of:

1.Reboot your PC and hit F8 to run your computer in Safe Mode with Networking.
 2.Download MalwareBytes to your desktop and rename it to Explorer.exe as Windows Security 2011 blocks the program named MalwareBytes. If you can’t download files, try using another machine that’s not infected and saving the files to a flash drive or other storage device.
 3.Download and Run RKILL to stop all background processes related to Windows Security 2011.
 4.Launch MalwareBytes and run a (Full Scan) to remove infections.

Were completed.

However the next step does not work

5.Delete the file called “Hosts” in C:\Windows\System32\Drivers\etc\HOSTS and add the default Hosts file (below) for your operating system in C:\Windows\System32\Drivers\etc\

The existing host file was not modified. This is a new and improve Fedex redirect virus and uses a different method of redirection.

if I try housecall.trendmicro.com or similiar, I am redirected to www.google.com.  What method would the redirection be done?
0
Comment
Question by:techcodr
  • 6
  • 6
  • 2
  • +1
15 Comments
 
LVL 11

Accepted Solution

by:
David Kroll earned 400 total points
ID: 38724739
I would use ComboFix to get rid of the problem:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix
0
 
LVL 8

Expert Comment

by:Scott Thompson
ID: 38724776
Also. run TDSSKiller to check for rootkit infections which are common for redirecting issues.
0
 
LVL 18

Expert Comment

by:web_tracker
ID: 38724808
How about trying a system restore. Restore your computer to a time when you know the computer was working fine, before you got the virus. Doing a system restore will not cause you to lose any new data or documents you have created it will just restore your computer to a time before the infection. A system restore may save a lot of time troubleshooting trying to remove the infection.

Obviously a system restore will not always work but it is worth a try.
0
Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

 

Author Comment

by:techcodr
ID: 38725166
Tried the system restore and could not complete it.
Ran Combofix It did find and I assume fix problem
Ran TDSSkiller and it found nothing.
Do not see the redirection problem. Will run the 10 days Microsoft scan.
0
 
LVL 18

Expert Comment

by:web_tracker
ID: 38725258
If the sytem can not restore to an earlier time it probably indicates that the virus maybe preventing the system restore.  you can try to fix the windows issues by opening a dos window. Click the start button, click run, type cmd.... to get the dos prompt.

Then you want to type "sfc /scannow"  (do not type the quotation marks)
Running this command may or may not ask you to insert your windows disc.
0
 
LVL 8

Expert Comment

by:Scott Thompson
ID: 38725267
Can you upload the Combofix log? It should be in C:\
0
 

Author Comment

by:techcodr
ID: 38725985
I also believe the virus prevented the system restore.
Microsoft msert found 5 infected files. Currently running Eset.
I belive the Combofix took out most of the infection. I not seeing the redirection. Before I was redirected when trying to reach Trend Micro, Microsoft and Eset. However since things are still being found, I am still running malware finders.

Here is the combofix.txt which I believe is the log that was requested.
ComboFix.txt
0
 
LVL 8

Assisted Solution

by:Scott Thompson
Scott Thompson earned 100 total points
ID: 38725991
It looks like Combofix did take care of the main files of the infection.

One suggestion, when you are done removing the infections, make sure to uninstall Combofix.

Do so by running the command 'Combofix.exe /uninstall' from an elevated command prompt.  This will clear out any extraneous files left behind by Combofix and delete the .exe itself.

Good job removing the infection ! :)
0
 

Author Comment

by:techcodr
ID: 38726111
Eset found nothing. I assume that the problem is gone.

If I run as administrator and open a command prompt window, then run Combofix.exe, I get: C:\Windows\system32>combofix.exe /uninstall
'combofix.exe' is not recognized as an internal or external command,
operable program or batch file.
0
 
LVL 8

Expert Comment

by:Scott Thompson
ID: 38726118
you have to be in the directory of the Combofix executable for the command to work.
0
 

Author Comment

by:techcodr
ID: 38727230
I can not find combofix.exe by doing a search on the C drive. I do see the Qoobox folder but no executable.
0
 
LVL 8

Expert Comment

by:Scott Thompson
ID: 38727257
Okay, if you just ran instead of saving Combofix, that can happen.  Just download Combofix again to a location you know.  Then run 'Combofix.exe /uninstall' from an elevated command prompt once in the proper location (i.e. C:\Users\(USER)\Desktop\>)
0
 

Author Comment

by:techcodr
ID: 38727444
Get Error opening file for writing:
C:\32788R22FWJFW\NirCmd.3XE
0
 
LVL 8

Expert Comment

by:Scott Thompson
ID: 38727468
With running as Administrator?
0
 

Author Comment

by:techcodr
ID: 38727583
Yes, was running as administrator. However, I deleted combofix.exe. Downloaded combofix again and then was able to use the combofix.exe /uninstall.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Who uses Outlook dot com for e-mail (the former Hotmail) 19 78
website issue in Firefox 8 76
google exe file 5 66
How to install a font on WIN2003SBS/IIS 6 & test 17 32
Problem I downloaded the Microsoft Internet Explorer 9 Beta, today, to give it a test drive and maybe write a review for the site, and it failed miserably and got stuck in a crash restart loop. The error message given is as illustrated below i…
It's here again; Microsoft is launching a new version of Internet Explorer: Internet Explorer 9, with noticeable changes on its interface, functions and new tools. As they say on its promotional video: "It's time to play, on a more beautiful web", f…
This Micro Tutorial will demonstrate how nuggets on the Web are formatted by using Chrome Developer Tools. These tools would not only view the site's CSS but it can also modify it and save the CSS to use on your own site.
Shows how to create a shortcut to site-search Experts Exchange using Google in the Chrome browser. This eliminates the need to type out site:experts-exchange.com whenever you want to search the site. Launch the Search Engine Menu: In chrome, via you…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question