1 2 3 Previous Next 42 Replies Latest reply on Aug 1, 2011 7:19 PM by newjack

    Miserable: Redirect rootkit

      I'm getting redirects after searching with both Google and Bing. I have Mcafee SC that came with my Dell laptop and I've tried using steps frm previous discussion (TDSSKiller, SUPERAntiSpyware, Malwarebytes....), I've turned off and cleaned out my restore points, checked my hosts file, checked my internet settings.....No luck at all. Please help! Been banging my head against tihs for hours now!

      Also please could someone tell me what effects (other than the obvious) the malware might have? (IE *seems* to work fine until one of the search files is used.)

       

      Thank you.

      Paul

        • 1. Re: Miserable: Redirect rootkit

          You can try the free version of this.It should work on rootkits and redirections.Hitman pro free download.Not sure if it is a 30 dat trial but you can download to try and fix this problem.

          Here is their homepage http://www.surfright.nl/en

          1 of 1 people found this helpful
          • 2. Re: Miserable: Redirect rootkit

            Thank you. I've downloaded it and it is still running (Classifying) but it already tells me there's a BackDoor.Tdss.5544 in the MBR and Win32/Bootkit. Is the correct action to choose 'Replace'? I'm feeling frightened and paranoid.

            • 3. Re: Miserable: Redirect rootkit

              Oh hell.

              I let it do it's thing. Boot, BSOD, startup repair....15 mins later startup repair fails.

              What to do now? Trying ( in vain) to find my w7 disk...

              • 4. Re: Miserable: Redirect rootkit
                Hayton

                If you can get going and connect to the internet, download GetSusp from HERE. The post has links to an FAQ and a User Guide, which you should read first before running the utility.

                 

                This looks like a TDL3 variant rather than TDL4, in which case it's been around for a couple of years and should be manageable. I've recommended this utility first because it scans the MBR, which this rootkit hijacks.

                 

                Then download the Stinger from HERE. Set the sensitivity level to High, and the Action to Report Only for the first scan. If necessary repeat, and crank up the sensitivity to Very High (but watch out for erroneous reporting - false positives). Before you set the Action to Repair, be sure you're not clearing out innocent files along with infected ones. Again, read the instructions carefully before running the utility.

                 

                Let us know what these two find.

                • 5. Re: Miserable: Redirect rootkit

                  Sorry.Not sure why you had a problem.After download and update.You would run scan.when it is done you would click next.then it will ask to purchase and enter a code.Or under that use free activation (30 days).Click free activation.Unless you want to purchase it.Then it will say activated.Or something like this.Hitman pro will then scan and delete what it can and will most likely ask you to reboot your computer to clean remaining infections.When it starts back up it will go into a pre boot type mode.You will see a black screen with some writing for a minute.Then it will boot up.I would then run another scan.Just in case.Or you can try what Hayton has suggested.Good luck

                  • 6. Re: Miserable: Redirect rootkit
                    Hayton

                    Hold off running those two tools for a bit. There's an app which kills off running malware processes in memory you should probably run first. I'll try to track it down.

                    • 7. Re: Miserable: Redirect rootkit

                      There is a partial description on their webpage.

                       

                       

                      hitman.JPG

                      • 9. Re: Miserable: Redirect rootkit
                        Hayton

                        In part yes. I couldn't get access to the BleepingComputer site earlier, so I wasn't sure. But rkill is primarily intended for the Fake AV end of the spectrum rather than a more serious infection like this. It might be worth trying though.

                         

                        Edit - Overview of Rkill can be found HERE.

                         

                        @paulduggan : follow that link, but it might not be 100% applicable in your case. It won't I think do any harm. Then run the two utilities I described above. If for any reason the infection is still present afterwards, there is another utility available from GMER you should try - but give the McAfee tools a go first.

                         

                        Message was edited by: Hayton on 30/07/11 02:52:21 IST
                        1 2 3 Previous Next