Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

IE8 redirect from search results

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: IE8 redirect from search results

Unread postby melboy » February 6th, 2011, 7:36 pm

slewrate wrote:ESET Scan Log. "zanew" was Zone Alarm, a firewall used a long time ago.

E:\Win\zanew\zlsSetup_70_483_000_en.exe a variant of Win32/AdInstaller application


You can delete that file. The other ESET findings will be dealt with when you uninstall combofix.


Update Adobe Reader

Your Adobe Reader is out of date.
Older versions may have vulnerabilities that malware can use to infect your system.
Please download Adobe Reader x to your PC's desktop.
  • Uninstall via Start > Control Panel > Add/Remove Programs:
    Adobe Reader 8
  • Install the new downloaded updated software.

Do not uninstall
Adobe Acrobat 5.0
I am not going to ask you to update because it costs quite some money to do so. From now on, use the Reader to read PDF files. For anything else which the reader cannot do, feel free to use your Acrobat


Update Java Runtime
You are using an old version of Java. Oracle's Java (Was Sun Java) is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system. The most current version of Oracle Java is: Java Runtime Environment Version 6 Update 23.

  • Go to Oracle Java
  • Scroll down to where it says "Java Platform, Standard Edition JDK 6 Update 23 (JDK or JRE)"
  • Click the Download JRE button to the right
  • In the Platform box choose Windows.
  • Check the box to Accept License Agreement and click Continue.
  • Click on Windows Offline Installation, click on the link under it which says "jre-6u23-windows-i586.exe" and save the downloaded file to your desktop.
  • Uninstall all old versions of Java via Start > Control Panel > Add/Remove Programs:
    Java 2 Runtime Environment, SE v1.4.2_06
  • Install the new version by running the newly-downloaded file with the java icon which will be at your desktop, and follow the on-screen instructions.
  • Reboot your computer


------------------------------------------------


Your log now appears to be clean.
This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are. If evrything is good, please continue with the instructions below.



Uninstall Combofix

We Need to Remove ComboFix
  1. Please go to Start -> Run
  2. Enter "ComboFix /uninstall" (without quotes). Note the space between "ComboFix" and "/uninstall", it needs to be there.
    Image
  3. Press OK (Or hit enter).
  4. Allow ComboFix to remove itself.



OTC by OldTimer

Download OTC by Old Timer and save it to your Desktop.

  • Double-click OTC.exe
  • Click the CleanUp! button
  • Select Yes when the Begin cleanup Process? Prompt appears
  • If you are prompted to Reboot during the cleanup, select Yes
  • The tool will delete itself once it finishes, if not delete it by yourself


---------------------------------------------------------

Your computer was infected with a ROOTKIT. In particular, the TDL3 rootkit, also known as Win32/Alureon. A rootkit is a set of software tools intended for concealing running processes, files or system data from the operating system.

Due to its rootkit functionality, it's impossible to tell what may have been done when the system was compromised.

Therefore it may be prudent to:

  1. Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts.
  2. Change all your passwords (ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, online groups and forums and any other online activities you carry out which require a username and password)

Windows Rootkits

How do I respond to a possible identity theft and how do I prevent it


----------------------------------------------------------------

Protection Programs
Don't forget to re-enable any protection programs we disabled during your fix.

Ad-Aware

Please be informed that the latest versions of Ad-Aware now have Anti-virus protection included. It is not recommended to have more than one anti-virus installed on a system, and that doing so not only does not provide better protection, it can actually cause additional problems. Anti-virus programs patch into the system kernel. Having more than one anti-virus patching into the system kernel will not only destabilize a system, it can corrupt system files and can cause crashes!

You can turn off the anti-virus engine as follows:
  • Open Ad-Aware
  • Click on switch to advanced mode
  • Click on Settings
  • Click on the Ad-watch live! tab and under Detection layers ensure Antivirus engine is UNchecked
  • Click OK and close Ad-Aware

----------------------------------------------------------------


General Security and Computer Health
Below are some steps to follow in order to dramatically lower the chances of reinfection. You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented.

  • Make sure that you keep your antivirus updated
    New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
    Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
    Uninstall Tools for Major Antivirus Products

  • Security Updates for Windows, Internet Explorer & Microsoft Office
    Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.
    Note: The update process uses ActiveX, so you will need to use internet explorer for it and allow the ActiveX control to install.

  • Update Non-Microsoft Programs
    Microsoft isn't the only company whose products can contain security vulnerabilities. To check whether other programs running on your PC are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month.


Recommended Programs

I would recommend the download and installation of some or all of the following programs (if not already present), and the updating of them on a regular basis.

  • WinPatrol
    As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. For more information, please visit HERE.
  • Malwarebytes' Anti-Malware
    As you already have Malwarebytes' Anti-Malware on board I would keep it regularly updated and run regular quick scans with it. (TIP: Cleaning out temp files can reduce scanning times.)
    Malwarebytes' Anti-Malware is an anti-malware application that can thoroughly remove even the most advanced malware. The Full version includes a number of features, including a built in protection monitor that blocks malicious processes before they even start.
  • Hosts File
    For added protection you may also like to add a host file. A simple explanation of what a Hosts file does is HERE and for more information regarding host files read HERE.
  • Use an alternative Internet Browser
    Many of the exploits are directed to users of Internet Explorer. Try using a different browser instead:
    Firefox
    Opera
  • Install and use a firewall with outbound protection
    The Windows firewall only monitors incoming traffic, NOT outgoing. Using a software firewall in its default configuration to replace the Windows firewall greatly reduces the risk of your computer being hacked. Make sure your firewall is always enabled while your computer is connected to the internet.
    Note: You should only have one firewall installed at a time. Having more than one firewall installed at once is likely to cause conflicts and may well decrease your overall protection as well as seriously impairing the performance of your PC.
    Suggestions:
    [Please note that trial pay is not needed to get any product for free.]


Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs up to date.

Also please read this great article by Tony Klein So How Did I Get Infected In First Place

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Happy surfing and stay clean!
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK
Advertisement
Register to Remove

Re: IE8 redirect from search results

Unread postby slewrate » February 7th, 2011, 8:32 pm

Was going great up to now. McAfee chewed up ComboFix. I still have folders such as c:\Qoobox, c:\cmdcons, c:\Combofix and in my E drive, I have e:/Win/Combofix which is an icon like a computer and when I hover over it, is says "show disk drives and hardware connected to this computer" I'm scared to delete this since it seems to be a mapped drive equivalent to my complete drive C. Should I disable McAfee, download ComboFix to the desktop, and thereafter uninstall it?
As per the rest of your informative details, I will have to read it another 5 times to comprehend it to comment on it, but I will.
slewrate
Regular Member
 
Posts: 20
Joined: December 16th, 2008, 4:26 pm

Re: IE8 redirect from search results

Unread postby melboy » February 8th, 2011, 3:39 am

Should I disable McAfee, download ComboFix to the desktop, and thereafter uninstall it?


Yes. Download a fresh copy of combofix from here & save it to your Desktop. Then repeat the uninstall procedure and also then re-run OTC as well if you have already done so.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: IE8 redirect from search results

Unread postby slewrate » February 8th, 2011, 6:02 pm

I have to uninstall combofix via the command prompt since windows couldn't find the path for some reason. Do you think I can delete e:win\combofix computer icon of almost 9MB. When I double click on this computer type icon, I get exactly the same as if I was to use MS-Explorer and view my C drive. I see the compter Icon E:\Win\Combofix in my Explorer address bar. Please advise. So I re-read your advice and WinPatrol sounds good. Do you strongly recomment Malwarebytes' Anti-Malware online monitoring via purchasing the application? Thank You & Best Regards, the rock band U2 is coming to town for a concert this summer! If you decide to visit eastern Canada, let me know!
slewrate
Regular Member
 
Posts: 20
Joined: December 16th, 2008, 4:26 pm

Re: IE8 redirect from search results

Unread postby melboy » February 10th, 2011, 1:17 pm

Hi

Sorry for the late reply.

slewrate wrote:Do you think I can delete e:win\combofix computer icon of almost 9MB?
Yes, delete it.

Do you strongly recomment Malwarebytes' Anti-Malware online monitoring via purchasing the application?
Whilst it's not essential to pay for the full protection - it can just be used freely as an on-demand scanner, I do think the full protection is good value for the money.

slewrate wrote:Thank You & Best Regards, the rock band U2 is coming to town for a concert this summer! If you decide to visit eastern Canada, let me know!

You're welcome & if I'm ever in Canada I'll look you up! :thumbright:
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: IE8 redirect from search results

Unread postby Cypher » February 13th, 2011, 8:29 am

As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 23 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware