Avast community forum
Home
Help
Search
Login
Register
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
redirect/browser hijack
« previous
next »
Print
Pages:
1
2
[
3
]
4
5
Go Down
Author
Topic: redirect/browser hijack (Read 18852 times)
0 Members and 1 Guest are viewing this topic.
essexboy
Malware removal instructor
Avast Überevangelist
Probably Bot
Posts: 40589
Dragons by Sasha
Re: redirect/browser hijack
«
Reply #30 on:
February 28, 2012, 09:18:11 PM »
Do you have a USB drive that you can use ?
We will use an mobile operating system called xPUD, and a script called rst.sh to restore your computer.
Download
http://unetbootin.sourceforge.net/unetbootin-xpud-windows-latest.exe
&
http://noahdfear.net/downloads/bootable/xPUD/xpud-0.9.2.iso
to the desktop of your clean computer
Insert your USB drive
Press
Start
>
My Computer
> right click your USB drive > choose
Format
>
Quick format
Double click the
unetbootin-xpud-windows-387.exe
that you just downloaded
Select the ISO file link and browse to xpud.iso
Press
Run
then
OK
It will install a little bootable OS on your USB
After it has completed do
not
choose to reboot the clean computer simply close the installer
Download the following tool and save it inside the bootableUSB
rst.sh
Remove the USB and insert it in the sick computer
Boot the Sick computer
Press F12 and choose to boot from the USB
Follow the prompts
A
Welcome to xPUD
screen will appear
Press
File
Expand
mnt
sda1,2...usually corresponds to your HDD
sdb1 is likely your USB
Press Tool at the top
Choose Open Terminal
In the open terminal window, type in the following:
bash rst.sh
Press "
Enter
" and let it run uninterrupted.
(The program lists available Restore Points and will save a report
enum.log
located in the USB drive.)
The program is finished when it say's "
Done
".
Type "
Exit
" to close the terminal window.
Please attached the
enum.log
file in your reply. (You may remove your USB drive when transferring log to a clean computer).
Logged
monkeybones
Guest
Re: redirect/browser hijack
«
Reply #31 on:
February 29, 2012, 08:42:11 PM »
the first steps worked and i got everything on the usb.
f12 did nothing, but i was able to find the key i needed to boot from the usb
when it loaded xpud nothing happened
it says "no job control on this shell"
Logged
essexboy
Malware removal instructor
Avast Überevangelist
Probably Bot
Posts: 40589
Dragons by Sasha
Re: redirect/browser hijack
«
Reply #32 on:
February 29, 2012, 08:47:31 PM »
Could you confirm that you copied the Xpud ISO when you ran unetbootin
As per my screenshot
Logged
monkeybones
Guest
Re: redirect/browser hijack
«
Reply #33 on:
February 29, 2012, 09:04:08 PM »
yes, i did
Logged
essexboy
Malware removal instructor
Avast Überevangelist
Probably Bot
Posts: 40589
Dragons by Sasha
Re: redirect/browser hijack
«
Reply #34 on:
February 29, 2012, 09:21:34 PM »
Could you get a fresh copy of Xpud - reformat the USB and try again please
Logged
monkeybones
Guest
Re: redirect/browser hijack
«
Reply #35 on:
February 29, 2012, 10:18:03 PM »
now it says
"could not find kernal image: linux
boot: _"
Logged
DonZ63
Guest
Re: redirect/browser hijack
«
Reply #36 on:
February 29, 2012, 10:29:28 PM »
I can say from experience that many of the newer AMD based motherboards have problems with the newer Linux kernnels. I can't use the latest Kapersky recovery CD since it uses a later Linux kernnel and my Gigabyte BIOS chokes on it.
Logged
monkeybones
Guest
Re: redirect/browser hijack
«
Reply #37 on:
February 29, 2012, 10:47:48 PM »
i feel like each successive step is making it worse and worse...
Logged
monkeybones
Guest
Re: redirect/browser hijack
«
Reply #38 on:
February 29, 2012, 11:12:58 PM »
i was given safemode option. still in sm w/ networking.
anything else i can do while i'm in here?
Logged
essexboy
Malware removal instructor
Avast Überevangelist
Probably Bot
Posts: 40589
Dragons by Sasha
Re: redirect/browser hijack
«
Reply #39 on:
March 01, 2012, 09:12:24 PM »
Did TDSSKiller find anything ? as the report is not complete
Now reboot from the Windows Vista Recovery Environment CD and execute the following commands:
bootrec /FixMbr
bootrec /FixBoot
exit
Logged
monkeybones
Guest
Re: redirect/browser hijack
«
Reply #40 on:
March 04, 2012, 08:06:33 AM »
what do i select to get to that point?
Logged
monkeybones
Guest
Re: redirect/browser hijack
«
Reply #41 on:
March 04, 2012, 08:34:00 AM »
with tss i mean. what i posted is everything it saved. the scan ran to completion.
what do i do after the boot commands? each said "completed successfully"
Logged
monkeybones
Guest
Re: redirect/browser hijack
«
Reply #42 on:
March 04, 2012, 09:09:16 AM »
the object found by kaspersky is:
TDSS File System
Physical drive: \Device\Harddisk0\DR0
Suspicious object, medium risk
my options are:
skip
copy to quarantine
delete
there is never a "cure" screen
Logged
true indian
Guest
Re: redirect/browser hijack
«
Reply #43 on:
March 04, 2012, 09:32:49 AM »
U have to select delete for tdss file system and continue...reboot if asked and attach the tdsskiller log.
Logged
monkeybones
Guest
Re: redirect/browser hijack
«
Reply #44 on:
March 04, 2012, 11:19:07 AM »
can't upload log. get error "Your file is too large. The maximum attachment size allowed is 200 KB.
"
Logged
Print
Pages:
1
2
[
3
]
4
5
Go Up
« previous
next »
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
redirect/browser hijack