cancel
Showing results for 
Search instead for 
Did you mean: 
paulduggan
Level 9

Miserable: Redirect rootkit

Jump to solution

I'm getting redirects after searching with both Google and Bing. I have Mcafee SC that came with my Dell laptop and I've tried using steps frm previous discussion (TDSSKiller, SUPERAntiSpyware, Malwarebytes....), I've turned off and cleaned out my restore points, checked my hosts file, checked my internet settings.....No luck at all. Please help! Been banging my head against tihs for hours now!

Also please could someone tell me what effects (other than the obvious) the malware might have? (IE *seems* to work fine until one of the search files is used.)

Thank you.

Paul

0 Kudos
1 Solution

Accepted Solutions
paulduggan
Level 9

Re: Miserable: Redirect rootkit

Jump to solution

Clean Win7 install has made the problem go away. Thanks to all for trying to help menavoid the nuclear option, but at least I'm getting somewhere now. Or I will be once I've finished downloading drivers...

0 Kudos
42 Replies
newjack
Level 12

Re: Miserable: Redirect rootkit

Jump to solution

You can try the free version of this.It should work on rootkits and redirections.Hitman pro free download.Not sure if it is a 30 dat trial but you can download to try and fix this problem.

Here is their homepage http://www.surfright.nl/en

0 Kudos
paulduggan
Level 9

Re: Miserable: Redirect rootkit

Jump to solution

Thank you. I've downloaded it and it is still running (Classifying) but it already tells me there's a BackDoor.Tdss.5544 in the MBR and Win32/Bootkit. Is the correct action to choose 'Replace'? I'm feeling frightened and paranoid.

0 Kudos
paulduggan
Level 9

Re: Miserable: Redirect rootkit

Jump to solution

Oh hell.

I let it do it's thing. Boot, BSOD, startup repair....15 mins later startup repair fails.

What to do now? Trying ( in vain) to find my w7 disk...

0 Kudos
Hayton
Level 17

Re: Miserable: Redirect rootkit

Jump to solution

If you can get going and connect to the internet, download GetSusp from HERE. The post has links to an FAQ and a User Guide, which you should read first before running the utility.

This looks like a TDL3 variant rather than TDL4, in which case it's been around for a couple of years and should be manageable. I've recommended this utility first because it scans the MBR, which this rootkit hijacks.

Then download the Stinger from HERE. Set the sensitivity level to High, and the Action to Report Only for the first scan. If necessary repeat, and crank up the sensitivity to Very High (but watch out for erroneous reporting - false positives). Before you set the Action to Repair, be sure you're not clearing out innocent files along with infected ones. Again, read the instructions carefully before running the utility.

Let us know what these two find.

0 Kudos
newjack
Level 12

Re: Miserable: Redirect rootkit

Jump to solution

Sorry.Not sure why you had a problem.After download and update.You would run scan.when it is done you would click next.then it will ask to purchase and enter a code.Or under that use free activation (30 days).Click free activation.Unless you want to purchase it.Then it will say activated.Or something like this.Hitman pro will then scan and delete what it can and will most likely ask you to reboot your computer to clean remaining infections.When it starts back up it will go into a pre boot type mode.You will see a black screen with some writing for a minute.Then it will boot up.I would then run another scan.Just in case.Or you can try what Hayton has suggested.Good luck

0 Kudos
newjack
Level 12

Re: Miserable: Redirect rootkit

Jump to solution

There is a partial description on their webpage.

hitman.JPG

0 Kudos
Hayton
Level 17

Re: Miserable: Redirect rootkit

Jump to solution

Hi newjack, any thoughts on why Hitman Pro misbehaved here? Have you ever come across a BSOD using it? I'm wondering whether to request the minidump or kernel dump be sent over, since I spent most of this afternoon downloading and setting up SDK including a raft of Microsoft debugging tools. Can't do it tonight though, so perhaps best to let that little exercise wait for another time.

0 Kudos
newjack
Level 12

Re: Miserable: Redirect rootkit

Jump to solution

No Idea.Not sure why that would have happened.I know someone who used it and it worked for them.I know It is a reputable company. Here is what the vendor claims.

hit.JPG

0 Kudos
Hayton
Level 17

Re: Miserable: Redirect rootkit

Jump to solution

Okay, thanks newjack. It's just one of those things then. As the poster has retired from the fray for a while I'm going to put this to one side and wait for developments. Thanks for your contribution, glad to see you're still willing to help us out.

0 Kudos