[Active] Google, redirection (Firefox)

**broni** · 18-11-2009

Still redirecting?

**Libe** · 18-11-2009

Unfortunately, yes.

**broni** · 19-11-2009

At this point, I'm not sure what else we can try.
Your computer seems to be squeaky clean.
One more question...
Where do those redirections go to?

**Libe** · 21-11-2009

Originally Posted by broni

Where do those redirections go to?

Well....It depends...here are some examples:

luckyresults

spyware

rentmaker.com

nirsoft.com

eAcceleration's StopSign Anti-Virus product

FindStuff.com what virus

insuranceinil.com

------------------------

I'm just a little bit anxious...Not that the redirection is really annoying, but I just fear that there's maybe something else in my computer that can result in something more problematic.

**broni** · 21-11-2009

Unfortunately, as I said before, I can't see anything malicious on your computer, so to me, you must have some other issue....system files problem?

**Libe** · 21-11-2009

I don't know....): I don't see any more problems for the moment

I'm ready to do some more test...

I will do more virus scan meanwhile...just to be sure.

**broni** · 22-11-2009

Fair enough. Let me know.

**broni** · 24-11-2009

I want you to try one more thing...

Please download Malwarebytes' Anti-Malware from Here or Here

Next disconnect your system from the internet, and your router, then…

Double Click mbam-setup.exe to install the application.

Launch Malwarebytes' Anti-Malware, then click Finish.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
===============================================

Next you must reset the router to its default configuration. This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds). If you don’t know the router's default password, you can look it up HERE

However, if there are other Zlob-infected machines using the same router, they will need to be cleared with the above steps before resetting the router. Otherwise, the malware will simply go back and change the router's DNS settings. You also need to reconfigure any security settings you had in place prior to the reset. Check out this site here for video tutorials on how to properly configure your router's encryption and security settings. You may also need to consult with your Internet service provider to find out which DNS servers your network should be using.

Once you have ran Malwarebytes' Anti-Malware on the infected system, and reset the router to its default configuration you can reconnect to the internet, and router. Then return to this site to post your logs.

===============================================

Please post the Malwarebytes log and let me know how things are running now

**Libe** · 30-11-2009

Hi, I’m back…

1- I ran MBAM again and I followed your instructions.
The problem is still occurring.
Here’s the MBAM log (sorry, it’s in French...but the report shows nothing)
__________________________________________________ _________________
Malwarebytes' Anti-Malware 1.41
Version de la base de données: 3256
Windows 6.0.6002 Service Pack 2

2009-11-29 10:08:59
mbam-log-2009-11-29 (10-08-59).txt

Type de recherche: Examen rapide
Eléments examinés: 98687
Temps écoulé: 6 minute(s), 52 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

__________________________________________________ ______________________
2- I installed Kapersky Internet Security 2010. The scans show nothing again.

3- Now...the weird part. I ran again DrWeb CureIt. The quick scan indicated that a Backdoor.Tdss.935 infected the file C:\Windows\system32\drivers\iaStor.sys. The weird part ? DrWeb can’t cure it. The program froze...and nothing happen after that.