IE redirects

**surdbird** · 02-12-2008, 02:03 PM

1. As per the instructions,I downloaded AVg Anti Spyware, Microsoft defender, ATf-Cleaner and Hijack This.

2. I switched to Safe mode and ran the tools as instructed.

3. Switched back to normal mode. Found some problems starting up. Active desktop could not be restored. system also gave message that svchost.exe is missing.
4. The problem did not go away. URLs continue to be redirected In addition i am unable to restore my Active desktop. AM now uploading the log files.

Assistance is resolving would be much appreciated.

**jholland1964** · 02-12-2008, 02:51 PM

Please follow the instructions below to run ComboFix.

Download this file and save to desktop - combofix.exe
Double click combofix.exe & follow the prompts.
When finished, it will produce a log for you. Attach this log back here

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.

__________________

**surdbird** · 02-12-2008, 03:50 PM

Hello,
Combofix log attached. Thanks for your assistance.

**jholland1964** · 02-12-2008, 11:22 PM

One thing I don't understand is why all these items are showing in TEMP files. Didn't you run the ATF-Cleaner BEFORE running anythng else?

I would like for you to run the ESET Online Scanner again but this time please tell it to fix everything found.
Be sure to save the log.

After that then run a new Combofix scan. Post back here with both logs.

**surdbird** · 02-13-2008, 03:36 AM

Hello,

1. I believe I ran the tools in the order specified -- windows malicious software removal, eset online,atf cleaner, avg, microsoft defender, hijack this. I'm not certain but i may have connected to the internet in between tools -- there was a point where the F8 didnt work and had to log back into your post to print out the safeboot using safe configuration utility.Could that be the reason?

2. Combofix and eset online logs attached.

Thanks very much for your assistance. Much appreciated.

**PhilliePhan** · 02-13-2008, 04:02 PM

Hello Surdbird,

You are making some progress, but there is still much left to do. In a large infestations such as yours, it is not unusual to find a lot of things to be messed up . . . Often a clean reinstall of the Operating System is the best course of action. But, for now, let's see what we can do:

First, you need to Uninstall Limewire via Add/Remove Programs.
I would recommend you do the same for BitTorrent.
Those are probably major culprits in your huge infestation of malware.....

Also, you should be aware that you have an infested USB drive somewhere that has come into contact with your computer and left evidence of itself.A tool such as Flash-Disinfector by sUBs
http://www.techsupportforum.com/sect...isinfector.exe may help....

After uninstalling the above, please do this:

-- Please delete your copy of ComboFix and download a fresh one to your Desktop - not a folder on your desktop
-- Download the attached file CFScript.txt to your Desktop as well
-- Close ALL browser windows and then drag CFScript.txt into ComboFix.exe to start ComboFix

-- Let Combofix run as before and post that log along with a fresh HJT Log for Judy.She will probably have additional steps for you based on the new logs. Just those two logs ought to do for now.

Best Luck

PP

**surdbird** · 02-14-2008, 08:25 AM

Hello,

1. I uninstalled Limewire and BitTorrent.

2. Deleted and re-downloaded Combofix to desktop.

3. Combofix and HijackThis Logs attached.

Thanks

**PhilliePhan** · 02-15-2008, 06:45 PM

Hello Surdbird,

Sorry for the delay - I thought Judy was going to continue....

The logs look better, though I did miss one file that you will need to delete manually:
C:\WINDOWS\system32\kfnybhor.dll

You can also scan with HijackThis and FIX the following entries:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://kqworld
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

-- You should definitely Update your Java here ---> http://www.java.com/en
-- Then, look in Add/Remove Programs and Remove ALL traces of any older Java versions! If you do not uninstall ALL older versions, you may remain at risk for a number of baddies such as Vundo.

Other than that, thing look OK. Are you still experiencing any problems?

PP

**surdbird** · 02-16-2008, 12:32 PM

Hello Phillie,
I am not experiencing any problems now. Thank you for all your assistance. It has really helped.
Best,

**PhilliePhan** · 02-16-2008, 05:12 PM

Originally Posted by surdbird

I am not experiencing any problems now. Thank you for all your assistance. It has really helped.

Glad to hear it!

We are happy to help

PP

Thread: IE redirects

Thread Tools

Display

IE redirects

Combofix Log

Combofix and Eset online logs

Combofix and HijackThis Logs

Thread Information

Users Browsing this Thread

Posting Permissions