Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Browser does not go where I want it to

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Browser does not go where I want it to

Unread postby melboy » February 15th, 2013, 9:25 am

Hi

Good, a couple of things to clear up and you're just about done.

First,

TDSSKiller

  • Double click TDSSKiller.exe to run it.
    (Click Continue if it prompts that an update is available)
  • Click Change parameters
  • Under Additional Options check Detect TDLFS file system only.
  • Click Start scan and allow it to scan for Malicious objects.

    • If TDLFS file system is detected, select Delete and then click Continue

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now and allow the computer to reboot.
  • A log will be created on your root (usually C:) drive. The log is like UtilityName.Version_Date_Time_log.txt.
    for example, C:\TDSSKiller.2.4.1.2_20.04.2010_15.31.43_log.txt.
  • If no reboot is required, click on Report. A log file should appear.
  • Please post the contents in your next reply
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK
Advertisement
Register to Remove

Re: Browser does not go where I want it to

Unread postby punkpal » February 15th, 2013, 10:13 am

It didnt seem to do anything, I guess I did it a bunch of times for good measure LOL. :oops:


09:12:40.0747 5072 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
09:12:41.0230 5072 ============================================================
09:12:41.0246 5072 Current date / time: 2013/02/15 09:12:41.0230
09:12:41.0246 5072 SystemInfo:
09:12:41.0246 5072
09:12:41.0246 5072 OS Version: 6.1.7601 ServicePack: 1.0
09:12:41.0246 5072 Product type: Workstation
09:12:41.0246 5072 ComputerName: CHRISCROSS-PC
09:12:41.0246 5072 UserName: owner
09:12:41.0246 5072 Windows directory: C:\Windows
09:12:41.0246 5072 System windows directory: C:\Windows
09:12:41.0246 5072 Running under WOW64
09:12:41.0246 5072 Processor architecture: Intel x64
09:12:41.0246 5072 Number of processors: 3
09:12:41.0246 5072 Page size: 0x1000
09:12:41.0246 5072 Boot type: Normal boot
09:12:41.0246 5072 ============================================================
09:12:43.0524 5072 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
09:12:43.0539 5072 ============================================================
09:12:43.0539 5072 \Device\Harddisk0\DR0:
09:12:43.0539 5072 MBR partitions:
09:12:43.0539 5072 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2713B60, BlocksNum 0xE8E3E70
09:12:43.0555 5072 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x10FF7A0F, BlocksNum 0x2938CE81
09:12:43.0555 5072 ============================================================
09:12:43.0570 5072 C: <-> \Device\Harddisk0\DR0\Partition1
09:12:43.0586 5072 D: <-> \Device\Harddisk0\DR0\Partition2
09:12:43.0586 5072 ============================================================
09:12:43.0586 5072 Initialize success
09:12:43.0586 5072 ============================================================
09:12:54.0646 4016 ============================================================
09:12:54.0646 4016 Scan started
09:12:54.0646 4016 Mode: Manual; TDLFS;
09:12:54.0646 4016 ============================================================
09:12:54.0646 4016 ============================================================
09:12:54.0646 4016 Scan finished
09:12:54.0646 4016 ============================================================
09:12:54.0662 1096 Detected object count: 0
09:12:54.0662 1096 Actual detected object count: 0
09:12:55.0426 3268 ============================================================
09:12:55.0426 3268 Scan started
09:12:55.0426 3268 Mode: Manual; TDLFS;
09:12:55.0426 3268 ============================================================
09:12:55.0426 3268 ============================================================
09:12:55.0426 3268 Scan finished
09:12:55.0426 3268 ============================================================
09:12:55.0442 1148 Detected object count: 0
09:12:55.0442 1148 Actual detected object count: 0
09:12:55.0801 3428 ============================================================
09:12:55.0801 3428 Scan started
09:12:55.0801 3428 Mode: Manual; TDLFS;
09:12:55.0801 3428 ============================================================
09:12:55.0801 3428 ============================================================
09:12:55.0801 3428 Scan finished
09:12:55.0801 3428 ============================================================
09:12:55.0816 0924 Detected object count: 0
09:12:55.0816 0924 Actual detected object count: 0
09:12:56.0066 1592 ============================================================
09:12:56.0066 1592 Scan started
09:12:56.0066 1592 Mode: Manual; TDLFS;
09:12:56.0066 1592 ============================================================
09:12:56.0066 1592 ============================================================
09:12:56.0066 1592 Scan finished
09:12:56.0066 1592 ============================================================
09:12:56.0066 0740 Detected object count: 0
09:12:56.0066 0740 Actual detected object count: 0
09:12:56.0128 4960 ============================================================
09:12:56.0128 4960 Scan started
09:12:56.0128 4960 Mode: Manual; TDLFS;
09:12:56.0128 4960 ============================================================
09:12:56.0128 4960 ============================================================
09:12:56.0128 4960 Scan finished
09:12:56.0128 4960 ============================================================
09:12:56.0144 3420 Detected object count: 0
09:12:56.0144 3420 Actual detected object count: 0
09:12:56.0362 4968 ============================================================
09:12:56.0362 4968 Scan started
09:12:56.0362 4968 Mode: Manual; TDLFS;
09:12:56.0362 4968 ============================================================
09:12:56.0362 4968 ============================================================
09:12:56.0362 4968 Scan finished
09:12:56.0362 4968 ============================================================
09:12:56.0378 4196 Detected object count: 0
09:12:56.0378 4196 Actual detected object count: 0
09:12:56.0425 3476 ============================================================
09:12:56.0425 3476 Scan started
09:12:56.0425 3476 Mode: Manual; TDLFS;
09:12:56.0425 3476 ============================================================
09:12:56.0425 3476 ============================================================
09:12:56.0425 3476 Scan finished
09:12:56.0425 3476 ============================================================
09:12:56.0440 4312 Detected object count: 0
09:12:56.0440 4312 Actual detected object count: 0
09:12:56.0643 0992 ============================================================
09:12:56.0643 0992 Scan started
09:12:56.0643 0992 Mode: Manual; TDLFS;
09:12:56.0643 0992 ============================================================
09:12:56.0643 0992 ============================================================
09:12:56.0643 0992 Scan finished
09:12:56.0643 0992 ============================================================
09:12:56.0659 4300 Detected object count: 0
09:12:56.0674 4300 Actual detected object count: 0
09:12:56.0706 2460 ============================================================
09:12:56.0706 2460 Scan started
09:12:56.0706 2460 Mode: Manual; TDLFS;
09:12:56.0706 2460 ============================================================
09:12:56.0706 2460 ============================================================
09:12:56.0706 2460 Scan finished
09:12:56.0706 2460 ============================================================
09:12:56.0721 2708 Detected object count: 0
09:12:56.0721 2708 Actual detected object count: 0
09:12:57.0704 2072 ============================================================
09:12:57.0704 2072 Scan started
09:12:57.0704 2072 Mode: Manual; TDLFS;
09:12:57.0704 2072 ============================================================
09:12:57.0704 2072 ============================================================
09:12:57.0704 2072 Scan finished
09:12:57.0704 2072 ============================================================
09:12:57.0720 3436 Detected object count: 0
09:12:57.0720 3436 Actual detected object count: 0
09:12:58.0094 2480 ============================================================
09:12:58.0094 2480 Scan started
09:12:58.0094 2480 Mode: Manual; TDLFS;
09:12:58.0094 2480 ============================================================
09:12:58.0094 2480 ============================================================
09:12:58.0094 2480 Scan finished
09:12:58.0094 2480 ============================================================
09:12:58.0110 2396 Detected object count: 0
09:12:58.0110 2396 Actual detected object count: 0
09:12:58.0593 4940 ============================================================
09:12:58.0593 4940 Scan started
09:12:58.0593 4940 Mode: Manual; TDLFS;
09:12:58.0593 4940 ============================================================
09:12:58.0593 4940 ============================================================
09:12:58.0593 4940 Scan finished
09:12:58.0593 4940 ============================================================
09:12:58.0609 2740 Detected object count: 0
09:12:58.0609 2740 Actual detected object count: 0
09:12:58.0812 0184 ============================================================
09:12:58.0812 0184 Scan started
09:12:58.0812 0184 Mode: Manual; TDLFS;
09:12:58.0812 0184 ============================================================
09:12:58.0812 0184 ============================================================
09:12:58.0812 0184 Scan finished
09:12:58.0812 0184 ============================================================
09:12:58.0827 4988 Detected object count: 0
09:12:58.0827 4988 Actual detected object count: 0
punkpal
Regular Member
 
Posts: 37
Joined: February 4th, 2013, 4:32 pm

Re: Browser does not go where I want it to

Unread postby melboy » February 15th, 2013, 5:16 pm

Hi

With the infection you reported in your opening post we had to check, but the fact nothing was detected is good.

Delete the following folder, found at the root of your C: drive:

C:\TDSSKiller_Quarantine


Your log now appears to be clean. Congratulations!
This is my general post for when your logs show no more signs of malware ;) - Please let me know if you still are having problems with your computer and what these problems are.


Uninstall Combofix

We Need to Remove ComboFix

  • Press the Windows key + R on your keyboard to open the Run command box.
  • Enter "ComboFix /uninstall" (without quotes). Note the space between "ComboFix" and "/uninstall", it needs to be there.
    Image
  • Press OK (Or hit enter).
  • Allow ComboFix to remove itself.
.
Note: If at any stage you have problems removing combofix, please inform me before continuing.



OTC by OldTimer

Download OTC by Old Timer and save it to your Desktop.

  • Right click on OTC.exe and select "Run as Administrator"
  • Click the CleanUp! button
  • Select Yes when the Begin cleanup Process? Prompt appears
  • If you are prompted to Reboot during the cleanup, select Yes
  • The tool will delete itself once it finishes, if not delete it by yourself


====================================

Rootkit

From the information provided in your opening post and subsequent detections made in the course of this topic, I would like to point out you were infected with a variant of the Alureon malware family - see here.

Please also refer to this topic.

====================================


General Security and Computer Health
Below are some steps to follow in order to dramatically lower the chances of reinfection. You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented.


Enable UAC

The User Account Control (UAC) helps protect your PC against malicious software: http://windows.microsoft.com/en-US/wind ... nt-control

  1. Click on Start > Control Panel.
  2. In the search box, type uac, and then click Change User Account Control settings.
  3. Move the slider to choose when you want to be notified (I recommend at least the Default level).
  4. Click OK.

  • Make sure that you keep your antivirus updated
    New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
    Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
  • Security Updates for Windows, Internet Explorer & Microsoft Office
    Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Manually check for Windows updates via Start > All Programs > Windows Update > In the left pane, click Check for updates, and then wait while Windows looks for the latest updates for your PC, or visit the Microsoft Update site on a regular basis.
    Note: The update process uses ActiveX, so you will need to use internet explorer for it and allow the ActiveX control to install.
  • Update Non-Microsoft Programs
    Microsoft isn't the only company whose products can contain security vulnerabilities. To check whether other programs running on your PC are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month.


    Recommended Programs

    I would recommend the download and installation of some or all of the following programs (if not already present), and the updating of them on a regular basis.

    • WinPatrol
      As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. For more information, please visit HERE.
    • Malwarebytes' Anti-Malware
      Malwarebytes' Anti-Malware is an anti-malware application that can thoroughly remove even the most advanced malware. As you already have Malwarebytes' Anti-Malware on board I would keep it regularly updated and run regular quick scans with it. The Full version can be used as an addition to an anti-virus & includes a number of features, including a built in protection monitor that blocks malicious processes before they even start. It's IP Protection provides an additional layer of security for your computer, by preventing access to known malicious IP addresses and IP ranges. You can now trial the full versions features within the program. Click the Protection Tab to see.
    • Hosts File
      For added protection you may also like to add a host file. A simple explanation of what a Hosts file does is HERE and for more information regarding host files read HERE.
    • Use an alternative Internet Browser
      Many of the exploits are directed to users of Internet Explorer. Try using a different browser instead:
      Firefox
      Opera


Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs up to date.

Also please read this great article by Gary R & Wingman: Computer Security - a short guide to staying safer online

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Happy surfing and stay clean!
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Browser does not go where I want it to

Unread postby punkpal » February 17th, 2013, 12:35 pm

Hi melboy,
"Your log now appears to be clean. Congratulations!
This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are."
Well you're just awesome then :cheers:


-TDSS.Quarantine successfully deleted
-Combofix was NOT removed --(It could not be found. I also could not find it in control panel > programs and features).
-OTL completed and rebooted successfully

-UAC changed to 'always notify'
-Just did an update on Windows Security Essentials and Windows update
-Will keep Malwarebytes'
-Saved all recommended links and programs and will follow your advice ;)
-Installed Google Chrome. My problem is with Internet Explorer (I am pretty sure), I tried to get to this site the last few days and it wouldn't let me...after I installed Chrome, well...here I am. Is it recommended that I uninstall Internet Explorer ? (Would I do this via control panel?) The browser itself seems very slow and 'buggy'. Chrome is working like a dream :cheers:
punkpal
Regular Member
 
Posts: 37
Joined: February 4th, 2013, 4:32 pm

Re: Browser does not go where I want it to

Unread postby melboy » February 18th, 2013, 3:28 am

Hi

Let me know when you have completed the instructions below and we'll see what we can do with Internet Explorer.

To uninstall combofix, please download and run this file

After combofix has uninstalled:

Create a new, clean System Restore point

  1. Click on Start > Control Panel.
  2. Double click on System.
  3. On the left, click on the System Protection link.
  4. At the bottom right hand corner, click on the Create... button.
  5. Give this System Restore point a descriptive name and click on Create.
  6. You should receive a prompt that a System Restore point is created successfully. Click OK to confirm.
  7. Click OK again to close the System Protection window. Then close Control Panel.

Warning: Do not clear infected System Restore points before creating a new System Restore point first!

Please read the above to create a new System Restore point first, then clear out the infected System Restore points.


Clear infected System Restore points

  1. Click on Start > All Programs > Accessories > System Tools.
  2. Right click on Disk Cleanup and select Run As Administrator to run it. UAC will prompt. Allow it.
  3. Select your C drive and click OK.
  4. Select the More Options tab.
  5. Under System Restore and Shadow Copies, click on the Clean up... button.
  6. You will receive a prompt. Click on Delete to delete the old System Restore points.
  7. When done, click OK. You will receive another prompt. Click Delete Files to confirm.
  8. When done, Disk Cleanup will automatically close.
.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Browser does not go where I want it to

Unread postby punkpal » February 18th, 2013, 10:00 pm

Done and done!

Should I remove IE? What is your recommendation?
punkpal
Regular Member
 
Posts: 37
Joined: February 4th, 2013, 4:32 pm

Re: Browser does not go where I want it to

Unread postby melboy » February 19th, 2013, 9:26 am

Hi

Are you able to access this site now using IE?

Start IE in no add-ons mode and tell me if you have any problems using it.

  • Press the Windows key + R on your keyboard to open a Run command window.
  • Copy and paste the following command into the Run command window.
    Code: Select all
    iexplore -extoff
  • Click OK
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Browser does not go where I want it to

Unread postby punkpal » February 19th, 2013, 2:59 pm

Hey melboy,
Seems to be running okay with no add-ons...I am able to access this site and others. Although it seems VERY slow (perhaps that is because I'm getting used to using Chrome now lol).

If I just leave IE on my computer will it take up a lot of memory? Does it matter?
punkpal
Regular Member
 
Posts: 37
Joined: February 4th, 2013, 4:32 pm

Re: Browser does not go where I want it to

Unread postby melboy » February 19th, 2013, 3:38 pm

Hi

I would leave it installed - as ever, keep it updated.

Run this Microsoft fixit, which will reset IE.

http://go.microsoft.com/?linkid=9646978

Any further problems or questions? :)
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Browser does not go where I want it to

Unread postby punkpal » February 20th, 2013, 12:30 pm

Greatttt, thank you! You're awesome!
punkpal
Regular Member
 
Posts: 37
Joined: February 4th, 2013, 4:32 pm

Re: Browser does not go where I want it to

Unread postby deltalima » February 20th, 2013, 2:12 pm

As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 26 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware