Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Internet Connection being redirected

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Internet Connection being redirected

Unread postby jmurphy12513 » September 7th, 2010, 11:26 pm

When I boot to Windows 7 I cannot get onto the Internet. It shows that I am connected to my wireless router but without Internet Access. There is another entry in the list of possible connections called "JMART" that has "always use this connection" checked. It is impossible to get this to uncheck and when I right click this entry it doesn't show any Properties entry. When I boot to my Windows Vista partition, I can get onto the Internet ok using my wireless router, but I cannot print. I cannot keep a restore point on either partition. When I recreate one and reboot, the System Restore says one was never created. I have a Verizon Novatel 2000 wireless router that I can use to get onto the Internet with my laptop to report this problem. Thanks for your help.

Here is the HiJackThis Log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:34:01 PM, on 9/7/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
H:\Windows\system32\taskhost.exe
H:\Windows\system32\Dwm.exe
H:\Windows\Explorer.EXE
H:\Program Files\Logitech\SetPointP\SetPoint.exe
H:\Program Files\Common Files\Java\Java Update\jusched.exe
H:\Program Files\iTunes\iTunesHelper.exe
H:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
H:\Program Files\Skype\Phone\Skype.exe
H:\Windows\System32\StikyNot.exe
H:\Users\Jo Ann\AppData\Roaming\Dropbox\bin\Dropbox.exe
H:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
H:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
H:\Program Files\Mozilla Firefox\firefox.exe
H:\Users\Jo Ann\Downloads\HijackThis.exe
H:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
H:\Windows\system32\conhost.exe
H:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
H:\Windows\system32\conhost.exe
H:\Program Files\Common Files\Apple\Mobile Device Support\com.apple.DotMacSync.client.exe
H:\Windows\system32\conhost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dictionary.reference.com/browse/onceer
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - H:\Program Files\Norton Internet Security\Engine\17.7.0.12\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - H:\Program Files\Norton Internet Security\Engine\17.7.0.12\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - H:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - H:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - H:\Program Files\Norton Internet Security\Engine\17.7.0.12\coIEPlg.dll
O4 - HKLM\..\Run: [EvtMgr6] H:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "H:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] H:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKCU\..\Run: [Skype] "H:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] H:\Windows\System32\StikyNot.exe
O4 - Startup: Dropbox.lnk = Jo Ann\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = H:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://H:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - H:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - H:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - H:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - H:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - H:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - H:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - H:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

--
End of file - 5777 bytes



Here is the uninstall list:

Adobe Flash Player 10 Plugin
Adobe Reader 9.3.3
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft MediaImpression
AVS Video Converter 6
Bejeweled 2 Deluxe
Big Fish Games: Game Manager
Blokus World Tour
Boggle®
Bonjour
Brain Power
EPSON Perfection V30/V300 Photo Scanner Driver Update
EPSON Scan
eReg
Foxit Reader
Google Earth
Hoyle Card Games Classic
iTunes
Java(TM) 6 Update 21
Junk Mail filter update
Ka Kuro Master
Laptop Integrated Webcam Driver (1.04.01.1011)
Logitech SetPoint 6.15
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
jmurphy12513
Active Member
 
Posts: 2
Joined: September 7th, 2010, 10:59 pm
Advertisement
Register to Remove

Re: Internet Connection being redirected

Unread postby askey127 » September 8th, 2010, 3:43 pm

jmurphy12513,
I don't think we can help much with your machine using online methods.

You have a multi-boot system.
Having System Restore fail to run properly in this kind of a setup is a well known problem.

Many of the infections that cause redirects now are rootkits or infections of the Master Boot Record.
If your Master Boot Record is infected, you will not be readily able to repair it, because the available tools will not work properly work with the multi-boot loader.

I don't want to try and analyze rootkit data except in a single boot setup.

That said, the first thing you should do is check your router. A router hack can redirect anything and any user.
Many people leave the default password for the router Admin account
They actually publish the list of the original, default passwords for each router on the Internet.
You can look it up for your make and model.
Router Passwords Default List : http://www.phenoelit-us.org/dpl/dpl.html

If you don't change it, a ZLOB or other infection can use the default password and change your router settings, so as to intercept every communication by passing it through a spyware server.
It will definitely produce redirects.
Unless you are certain you have a secure Admin account password for it, the router will likely have to be re-installed so any added malware server address can be removed. (Then you can change your own password)
If you can find the instructions that came with the router, it may save a bit of work.

Good Luck.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Internet Connection being redirected

Unread postby jmurphy12513 » September 8th, 2010, 5:05 pm

Thanks for your reply. I never used the default password on the router. Always reset the password on my router when i use it. Any suggestions on how an infected root kit or boot record can be fixed? If I get rid of the vista partition and keep the windows 7 partition, will this create a new uninfected boot record?
jmurphy12513
Active Member
 
Posts: 2
Joined: September 7th, 2010, 10:59 pm

Re: Internet Connection being redirected

Unread postby askey127 » September 8th, 2010, 6:27 pm

The standard rootkit remover right now is this one.
You are on your own.
You can tell it, if asked, to NOT do anything with the MBR (Master Boot Record)
I cannot guarantee it will work correctly in your present setup, but it is a thorough rootkit remover for TDSS-the most likely rootkit for redirects.
--------------------------------------------
TDSSKiller - Rootkit Removal Tool
Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  1. Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista - W7 users: Right-click and select "Run As Administrator".
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com).
    If you don't see file extensions, please see: How to change the file extension.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. If the scan completes with nothing found, click Close to exit.
  4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Ensure Cure (default) is selected... then click Continue > Reboot now to finish the cleaning process.
  5. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory. (usually Local Disk C:).
  6. Copy and paste the contents of that file in your next reply.
If, for some reason,you can't locate the text file to paste into your reply, just tell me, but DO NOT run the program a second time.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Internet Connection being redirected

Unread postby askey127 » September 11th, 2010, 11:38 am

This topic is now closed.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 29 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware