Author Topic: redirect/browser hijack  (Read 18750 times)

0 Members and 1 Guest are viewing this topic.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: redirect/browser hijack
« Reply #15 on: February 20, 2012, 11:45:20 PM »
OK here we go

Download win Vistax86 iso from here http://www.forum.probz.net/index.php?/files/file/21-windows-vista-recovery-environment-iso/
Burn to a cd as bootable -  You can use ImgBurn do this.

Now reboot from the Windows Vista Recovery Environment CD and execute the following commands:
 
When you reboot you will  see this although yours will say windows 7. Click repair my computer

 
Select your operating system

 
Select Command prompt

 
At the command prompt type the following 
 
    Bootrec.exe /FixMbr 
     
    • Once finished type Exit
    If that does not work then :



    For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.
     
    Plug the flashdrive into the infected PC.
     
    Enter System Recovery Options.
     
    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select English as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
    On the System Recovery Options menu you will get the following options:
      Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
      [/list]
      • Select Command Prompt
      • In the command window type in notepad and press Enter.
      • The notepad opens. Under File menu select Open.
      • Select "Computer" and find your flash drive letter and close the notepad.
      • In the command window type e:\frst.exe (for x64 bit version type e:\frst64)  and press Enter
        Note: Replace letter e with the drive letter of your flash drive.
      • The tool will start to run.
      • When the tool opens click Yes to disclaimer.
      • Press Scan button.
      • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

      monkeybones

      • Guest
      Re: redirect/browser hijack
      « Reply #16 on: February 21, 2012, 01:25:50 AM »
      is that going to delete any files from her computer?  should i try to save her photos/docs etc before i run the repair?

      monkeybones

      • Guest
      Re: redirect/browser hijack
      « Reply #17 on: February 21, 2012, 01:32:53 AM »
      OTL LOGS

      Offline essexboy

      • Malware removal instructor
      • Avast Überevangelist
      • Probably Bot
      • *****
      • Posts: 40589
      • Dragons by Sasha
        • Malware fixes
      Re: redirect/browser hijack
      « Reply #18 on: February 21, 2012, 09:10:43 PM »
      No none of the tools I use will delete files until they are told to do so - What is the current state of play, I see you are running from safe mode.  Can you achieve normal mode

      Did the Fixmbr allow you to get this far


      monkeybones

      • Guest
      Re: redirect/browser hijack
      « Reply #19 on: February 23, 2012, 01:13:44 AM »
      can't get in at all right now.  it keeps prompting start up repair then shutting down while it's loading files. 


      Offline essexboy

      • Malware removal instructor
      • Avast Überevangelist
      • Probably Bot
      • *****
      • Posts: 40589
      • Dragons by Sasha
        • Malware fixes
      Re: redirect/browser hijack
      « Reply #20 on: February 23, 2012, 09:16:20 PM »
      OK could you follow the destructions to download the farbar recovery tool and the windows recovery console ISO and I will get you up and running again

      monkeybones

      • Guest
      Re: redirect/browser hijack
      « Reply #21 on: February 25, 2012, 07:18:11 AM »
      sorry.  flu.  been out of commission.  still not up to snuff.

      tried the disc, but no dice.  i will try the farbar tool again and report back.  there will likely be some lag between posts still while i'm recovering. 

      Offline essexboy

      • Malware removal instructor
      • Avast Überevangelist
      • Probably Bot
      • *****
      • Posts: 40589
      • Dragons by Sasha
        • Malware fixes
      Re: redirect/browser hijack
      « Reply #22 on: February 25, 2012, 12:04:08 PM »
      FRS will not do any repairs untill I tell it to.  The initial run will be to determine the problem

      monkeybones

      • Guest
      Re: redirect/browser hijack
      « Reply #23 on: February 27, 2012, 09:55:08 PM »
      it keeps saying "the device is not ready" when i try to open the flash drive from cp

      Offline essexboy

      • Malware removal instructor
      • Avast Überevangelist
      • Probably Bot
      • *****
      • Posts: 40589
      • Dragons by Sasha
        • Malware fixes
      Re: redirect/browser hijack
      « Reply #24 on: February 27, 2012, 10:07:22 PM »
      OK this is not the ideal way but could you run FRS from safe mode

      monkeybones

      • Guest
      Re: redirect/browser hijack
      « Reply #25 on: February 27, 2012, 10:09:31 PM »
      log

      Offline essexboy

      • Malware removal instructor
      • Avast Überevangelist
      • Probably Bot
      • *****
      • Posts: 40589
      • Dragons by Sasha
        • Malware fixes
      Re: redirect/browser hijack
      « Reply #26 on: February 27, 2012, 10:14:56 PM »
        I can see nothing evident from that

        Download the latest version of TDSSKiller from
      here and save it to your Desktop.
       
       
      • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
         

         
      • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
         

         
      • Click the Start Scan button.
         

         
      • If a suspicious object is detected, the default action will be Skip, click on Continue.
         

         
      • If malicious objects are found, they will show in the Scan results and offer three (3) options.
      • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
         

         
      • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
      A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
      [/list]

      monkeybones

      • Guest
      Re: redirect/browser hijack
      « Reply #27 on: February 27, 2012, 11:04:23 PM »
      is there a way to get this on the infected machine without downloading?  it's difficult to keep the computer on long enough to get online, let alone download.  right now it's just cycling through the blue screen over and over and i can't get it to stay on at all.

      Offline essexboy

      • Malware removal instructor
      • Avast Überevangelist
      • Probably Bot
      • *****
      • Posts: 40589
      • Dragons by Sasha
        • Malware fixes
      Re: redirect/browser hijack
      « Reply #28 on: February 28, 2012, 12:06:39 AM »
      I thought you had manage to achieve safe mode ( Use safe mode with networking)

      monkeybones

      • Guest
      Re: redirect/browser hijack
      « Reply #29 on: February 28, 2012, 06:33:04 AM »
      it works SOMETIMES.  and in spurts.  the computer is still cycling over and over and over, restarting itself.  sometimes it won't turn on at all.