redirect/browser hijack

[essexboy]

Do you have a USB drive that you can use ?

We will use an mobile operating system called xPUD, and a script called rst.sh to restore your computer.

Download http://unetbootin.sourceforge.net/unetbootin-xpud-windows-latest.exe & http://noahdfear.net/downloads/bootable/xPUD/xpud-0.9.2.iso to the desktop of your clean computer

• Insert your USB drive
• Press Start > My Computer > right click your USB drive > choose Format > Quick format
  
• Double click the unetbootin-xpud-windows-387.exe that you just downloaded
  
• Select the ISO file link and browse to xpud.iso

• Press Run then OK
  
• It will install a little bootable OS on your USB
• After it has completed do not choose to reboot the clean computer simply close the installer
  
• Download the following tool and save it inside the bootableUSB
• rst.sh
  
• Remove the USB and insert it in the sick computer
• Boot the Sick computer
• Press F12 and choose to boot from the USB
• Follow the prompts
• A Welcome to xPUD screen will appear
  
• Press File
• Expand mnt
  
• sda1,2...usually corresponds to your HDD
• sdb1 is likely your USB
• Press Tool at the top
• Choose Open Terminal
• In the open terminal window, type in the following:

bash rst.sh

• Press "Enter" and let it run uninterrupted.
  
   (The program lists available Restore Points and will save a report enum.log located in the USB drive.)
  
  
• The program is finished when it say's "Done".
  
• Type "Exit" to close the terminal window.
  
• Please attached the enum.log file in your reply. (You may remove your USB drive when transferring log to a clean computer).

[monkeybones]

the first steps worked and i got everything on the usb. 
f12 did nothing, but i was able to find the key i needed to boot from the usb
when it loaded xpud nothing happened
it says "no job control on this shell"

[essexboy]

Could you confirm that you copied the Xpud ISO  when you ran unetbootin

As per my screenshot

[monkeybones]

yes, i did

[essexboy]

Could you get a fresh copy of Xpud - reformat the USB and try again please

[monkeybones]

now it says
"could not find kernal image: linux
boot: _"

[DonZ63]

I can say from experience that many of the newer AMD based motherboards have problems with the newer Linux kernnels. I can't use the latest Kapersky recovery CD since it uses a later Linux kernnel and my Gigabyte BIOS chokes on it.

[monkeybones]

i feel like each successive step is making it worse and worse...

[monkeybones]

i was given safemode option.  still in sm w/ networking. 

anything else i can do while i'm in here?

[essexboy]

Did TDSSKiller find anything ? as the report is not complete

Now reboot from the Windows Vista Recovery Environment CD and execute the following commands:
 

• bootrec /FixMbr
• bootrec /FixBoot
• exit

[monkeybones]

what do i select to get to that point?

[monkeybones]

with tss i mean.  what i posted is everything it saved.  the scan ran to completion.


what do i do after the boot commands?  each said "completed successfully"

[monkeybones]

the object found by kaspersky is:

TDSS File System
Physical drive: \Device\Harddisk0\DR0
Suspicious object, medium risk


my options are:
skip
copy to quarantine
delete


there is never a "cure" screen

[true indian]

U have to select delete for tdss file system and continue...reboot if asked and attach the tdsskiller log.

[monkeybones]

can't upload log. get error "Your file is too large. The maximum attachment size allowed is 200 KB.
"