I need some answers. Thanks

plutoMarch 4, 2012

Hi everyone,

When I type in the browser, example(sunglasses),it redirests me to sites that try to sell me different things.I have downloaded Malware Pro and run the full scan and it finds 2 trojans every time and tells me to reboot to get rid of them. When I log back in they are still on my computer.I am not computer savy and need advise on how to proceed in fixing this problem. The log that is at the end of the scan has "svchost.exe" . Does anyone know how to help? Thanks

Thank you for reporting this comment. Undo
mikie_gw

maybe try
malwarebytes.com free version

or my favorite
superantispyware.com free version

might be wise to check for root kit with kapersky's little fast checker....

Here is a link that might be useful: tdsskiller

    Bookmark   March 4, 2012 at 9:12AM
Thank you for reporting this comment. Undo
azinoh

If you are actually using a program named "MALWAREPRO", that is the infection!! If this was my computer, I would download Malwarebytes and Superantispyware, install them in safe mode, do a full scan with each in safe mode. I would update the antivirus and do a full scan with that in safe mode. Also, you need to Google "MALWAREPRO" and learn what it does and how to get rid of it.

    Bookmark   March 4, 2012 at 9:25AM
Thank you for reporting this comment. Undo
pluto

Sorry, The program I downloaded is Malwarebytes. I upgraded to the Pro version of Malwarebytes. When I type a site in my browser and hit search I am redirected to other websites that have absolutely nothing to do with what I was searching for. I guess I must have a virus and will require professional help with this. Thanks

    Bookmark   March 4, 2012 at 12:30PM
Thank you for reporting this comment. Undo
zep516

Hi pluto,

You're correct in that you need professional help. If you want to use the forum method I have provided a link for you.

Google re-directs like that can be a sign of rootkit activity. For the sake of this thread can you identify the names of the Trojans that are being found and tell us what they are named.

Joe

Here is a link that might be useful: malware-removal/log-posting-instructions

    Bookmark   March 4, 2012 at 12:38PM
Thank you for reporting this comment. Undo
pluto

This pops up on the screen after a scan.Can anyone tell if this is a virus. Thanks

Malwarebytes Anti-Malware (PRO) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.04.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
John :: JOHN-PC [administrator]

Protection: Enabled

3/4/2012 1:30:11 PM
mbam-log-2012-03-04 (13-30-11).txt

Scan type: Quick scan
Scan options enabled: Memory : Startup : Registry : File System : Heuristics/Extra : Heuristics/Shuriken : PUP : PUM
Scan options disabled: P2P
Objects scanned: 192624
Time elapsed: 1 minute(s), 42 second(s)

Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 1928 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

(end)

    Bookmark   March 4, 2012 at 1:38PM
Thank you for reporting this comment. Undo
albert_135

We were cursed with a browser hijack(s) for several days. The usual suggestions didn't work. Finally someone at SDMB suggested TDSSKiller. The problems were finally resolved with TDSSKiller in just a matter of a couple of minutes. Rootkit.boot.pihar.b was removed.

    Bookmark   March 4, 2012 at 1:47PM
Thank you for reporting this comment. Undo
ravencajun Zone 8b TX

Go to the link Zep gave you this is one that you will need assistance with. Do not use any other programs till the team there tells you to. You will need to register there and create your own post in the malware removal section. The team will lead you step by step instructions to fully recover from this infection. If not done properly parts of it will remain. Don't use this pc for purchases or banking till clean.
If you need help to get registered let me know I am there too.

    Bookmark   March 4, 2012 at 2:15PM
Thank you for reporting this comment. Undo
pluto

Thanks for the link Zep. I am going to register there and hope for the best. Thanks Ravencajun .

    Bookmark   March 4, 2012 at 2:56PM
Thank you for reporting this comment. Undo
zep516

Good!

c:\windows\svchost.exe----->Infected file, it's in the wrong folder. svchost.exe runs only from the System32 folder.

Malwarebytes says it removes it but probably can't

\Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b )
Above is probably the rootkit, as albert pointed out.

The forum will run more revealing scans for you too.

    Bookmark   March 4, 2012 at 3:15PM
Thank you for reporting this comment. Undo
pluto

Ravencajun......I need help with registering at that site.

    Bookmark   March 4, 2012 at 3:42PM
Thank you for reporting this comment. Undo
corrine_mvp

Hi, pluto.

I checked the list of new members awaiting activation and there isn't anyone waiting from the last few days.

If you would send an e-mail to me at the address below, I will pre-register your account. After it is set up, you will be able to login and change the password to one of your choice.

Send to: Corrine-LzD @ hotmail.com (without the spaces)

    Bookmark   March 4, 2012 at 4:44PM
Thank you for reporting this comment. Undo
corrine_mvp

Account created so pluto should be good to go!

    Bookmark   March 4, 2012 at 7:36PM
Sign Up to comment
More Discussions
Google Stylish add-on help
I have Google Stylish add-on but don't know how to...
Cricketm
Win 8 network settings
I need to export my network settings to a flash drive...
carolssis
System Restore on new windows 7 need password?
I just bought an Acer windows 7 tower and when I wanted...
urlee
Lenovo's "malware" not just Lenovo's.
It's been found in a dozen or so apps, some pre-installed,...
lazy_gardens
Hmmmm...can't "scroll" thru sites anymore on laptop?!?!!?
WTH?!?! My Del Inspiron laptop has decided that it...
Faron79
People viewed this after searching for:
© 2015 Houzz Inc. Houzz® The new way to design your home™