Virus Redirects & prevents updates

To be filled by o.e.m. / To be filled by o.e.m.
March 9, 2010 at 20:25:10
Specs: Microsoft Windows XP Professional, 2.611 GHz / 2047 MB
My pc apparently has a virus that redirects it to websites other than ones I select in IE8. I cannot update Spysweeper or MS Windows as it blocks access to the update websites. I have Avira Antivirus and it can update but it can't find the virus. I've tried Malwarebytes but it hasn't found the virus.

See More: Virus Redirects & prevents updates

Report •

#1
March 10, 2010 at 12:02:25

Hi

It sounds like you might have the TDSS, TDL3 or Alureon Rootkit the removal guide is Here you might have to read it on another computer though as the site is currently blocked by the rootkit.

smifff

Help to avoid an infection use FREE protection
nowyoudo.co.uk


Report •

#2
March 10, 2010 at 23:40:42
Hi smifff,

I tried running TDSSkiller and it came back with this:

TDSS rootkit removing tool, Kaspersky Lab, 2010
version 2.2.8 Mar 10 2010 15:53:20

Scanning Services ...

Scanning Kernel memory ...
Driver "nvgts" infected by TDSS rootkit!
File "C:\WINDOWS\system32\DRIVERS\nvgts.sys" infected by TDSS rootkit ... cure failed

Completed

Results:
Memory objects infected / cured / cured on reboot: 1 / 0 / 0
Registry objects infected / cured / cured on reboot: 0 / 0 / 0
File objects infected / cured / cured on reboot: 1 / 0 / 0

Press any key to continue . . .

After pressing a key the program ends and the symptoms remain. So it appears to detect something but can't remove it.


Report •

#3
March 11, 2010 at 14:37:05

Hi

Try running TDSSKiller again and see if tdss rootkit is detected again as it might have been removed, this rootkit comes along with rogues like Dr Guard but Malwarebytes should have picked that up, you could try SuperAntispyware and see if that finds anything also Sophos Anti-Rootkit or one of the others listed Here if you cant access that one.

You could try an online scan from ESET Online and see if that finds anything if it's not blocked.

Does this only happen with IE8 ?
Do you have Firefox installed ?
as it might be a host problem or a redirect, try the above and see if anything shows up if not it might be time to try HJT.

smifff

Help to avoid an infection use FREE protection
nowyoudo.co.uk


Report •

Related Solutions

#4
March 11, 2010 at 21:58:21

Report •

#5
March 20, 2010 at 11:14:53
Hi there,

I tried TDSSKiller again but it wasn't able to remove the virus. Same for Super Antispyware and Sophos Anti-rootkit. ESET online was blocked. I tried Hitman Pro, it found the virus and once I paid for the licence, it successfully removed it on the 2nd try.

Thank you both smifff and XpUser4real for your suggestions. I really appreciate it.


Report •

#6
March 20, 2010 at 11:25:59
I tried Hitman Pro, it found the virus and once I paid for the licence, it successfully removed it on the 2nd try.

Hitman Pro is FULLY functional for 30 days, you don't have to buy a license to remove the rootkit so why did you pay for it?

Some HELP in posting on Computing.net plus free progs and instructions Cheers


Report •

#7
March 27, 2010 at 11:39:49
After Hitman Pro found the virus, I recall being prompted to purchase a licence to have it remove the virus. There did not appear to be another option so I decided to proceed. Maybe I missed something and could have avoided paying but this virus was such a pain, I was quite happy to pay a fairly small fee to get rid of it. Secondly, I feel better now that it's installed and fully operational on my computer for at least a year.

Report •

#8
March 27, 2010 at 11:46:23
oh well, like you said, you will be protected. It is totally free for 30 days and then you have the option to clean the PC or buy the license if you want. I don't spend money on those, I just use them on PC's for removing the rootkits.

Some HELP in posting on Computing.net plus free progs and instructions Cheers


Report •

Ask Question