no access for mcaffee, microsoft, etc.

April 24, 2011 at 10:56:05
Specs: Windows XP
I have a virus/trojan/spyware whatever and it is preventing me from accessing most antivirus sites. it also blocks me from anything microsoft related, i cant even get the new ie. i don't know much about viruses, but i need to get it off. oh also i can't update my mcafee. also sometimes in IE, i get redirected from a search results page to something random.

Please help. i need this off of here

See More: no access for mcaffee, microsoft, etc.

Report •

April 24, 2011 at 13:12:51
There is not enough information in your post for us to confirm a particular virus, however, if you do what follows we can get an idea of what we may be dealing with.

Please download GMER:

>>If you cannot download the file, malware may be blocking the attempt. You need to download it to a clean computer and then transfer it to the infected one using an external drive or USB flash drive.<<

Save the file to the Desktop.
Double-click on gmer.exe

If a Windows security warning appears asking if you would like to run the program, click on the Run button to allow GMER to start.

You may get a warning about rootkit activity and GMER may ask if you want to run a full scan. If this happens, please click on the NO button.

Now, configure GMER.
Please uncheck the following settings:
Drives/Partition other than System drive (normally C:\)
Show All

Next, click on Scan (may take a while).
When GMER finishes you will be back at its main screen.
Click on the Copy button (lower right), then right-click on your Desktop, and select: New > Text document.

Once the file is created, open it, right-click again, and select: Paste

>>Please post the GMER report in your next reply for us to see what is going on.<<

Note: Please, do not take action on any of the information on this report!!

Also download Gmer's mbr.exe:
Save the file on your C drive (so the file is then C:\mbr.exe)<<Important!!

Go to Start - Run, type cmd (and press OK).
At the prompt type or copy/paste the following entries, one at a time, pressing Enter after each:


mbr.exe -t

Then type: Exit
Press Enter to close the command window.

The report created is saved to C:\mbr.log.

>>Also post the mbr.log in your reply.<<

Report •

April 24, 2011 at 18:13:27
okay here is the mbr one, the other is still scanning

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer,
Windows 5.1.2600 Disk: ST380012A rev.4.06 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x85FC9AC8]<<
1 nt!IofCallDriver[0x804E13B9] -> \Device\Harddisk0\DR0[0x861DFAB8]
3 CLASSPNP[0xF74C7FD7] -> nt!IofCallDriver[0x804E13B9] -> \Device\00000069[0x861E7238]
5 ACPI[0xF743E620] -> nt!IofCallDriver[0x804E13B9] -> [0x861CB940]
[0x861076F0] -> IRP_MJ_CREATE -> 0x85FC9AC8
kernel: MBR read successfully
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskST380012A_______________________________4.06____#4a35325650544253202020202020202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x85FC98B4
user & kernel MBR OK
sectors 156301486 (+255): user != kernel
Warning: possible TDL3 rootkit infection !

Report •

April 24, 2011 at 18:36:58
actually i am gonna do a restore/reset/recovery.. whatever resets to factory settings.... and hope i dont get a code purple again.... stupid hp

Report •

Related Solutions

April 24, 2011 at 19:31:18
If you have any problems, let us know.

Report •

April 25, 2011 at 07:27:53
yeah i had problems but i was prepared with a boot disk this time. woho! in your face code purple!

Report •

Ask Question