Return to the Computer Help Forum | Post a Follow-Up

 o
I need some answers. Thanks

Posted by pluto (My Page) on
Sun, Mar 4, 12 at 8:49

Hi everyone,
When I type in the browser, example(sunglasses),it redirests me to sites that try to sell me different things.I have downloaded Malware Pro and run the full scan and it finds 2 trojans every time and tells me to reboot to get rid of them. When I log back in they are still on my computer.I am not computer savy and need advise on how to proceed in fixing this problem. The log that is at the end of the scan has "svchost.exe" . Does anyone know how to help? Thanks


Follow-Up Postings:

 o
RE: I need some answers. Thanks

maybe try
malwarebytes.com free version

or my favorite
superantispyware.com free version

might be wise to check for root kit with kapersky's little fast checker....

Here is a link that might be useful: tdsskiller


 o
RE: I need some answers. Thanks

If you are actually using a program named "MALWAREPRO", that is the infection!! If this was my computer, I would download Malwarebytes and Superantispyware, install them in safe mode, do a full scan with each in safe mode. I would update the antivirus and do a full scan with that in safe mode. Also, you need to Google "MALWAREPRO" and learn what it does and how to get rid of it.


 o
RE: I need some answers. Thanks

Sorry, The program I downloaded is Malwarebytes. I upgraded to the Pro version of Malwarebytes. When I type a site in my browser and hit search I am redirected to other websites that have absolutely nothing to do with what I was searching for. I guess I must have a virus and will require professional help with this. Thanks


 o
RE: I need some answers. Thanks

Hi pluto,

You're correct in that you need professional help. If you want to use the forum method I have provided a link for you.

Google re-directs like that can be a sign of rootkit activity. For the sake of this thread can you identify the names of the Trojans that are being found and tell us what they are named.

Joe


Here is a link that might be useful: malware-removal/log-posting-instructions


 o
RE: I need some answers. Thanks

This pops up on the screen after a scan.Can anyone tell if this is a virus. Thanks

Malwarebytes Anti-Malware (PRO) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.04.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
John :: JOHN-PC [administrator]

Protection: Enabled

3/4/2012 1:30:11 PM
mbam-log-2012-03-04 (13-30-11).txt

Scan type: Quick scan
Scan options enabled: Memory : Startup : Registry : File System : Heuristics/Extra : Heuristics/Shuriken : PUP : PUM
Scan options disabled: P2P
Objects scanned: 192624
Time elapsed: 1 minute(s), 42 second(s)

Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 1928 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

(end)


 o
RE: I need some answers. Thanks

We were cursed with a browser hijack(s) for several days. The usual suggestions didn't work. Finally someone at SDMB suggested TDSSKiller. The problems were finally resolved with TDSSKiller in just a matter of a couple of minutes. Rootkit.boot.pihar.b was removed.


 o
RE: I need some answers. Thanks

Go to the link Zep gave you this is one that you will need assistance with. Do not use any other programs till the team there tells you to. You will need to register there and create your own post in the malware removal section. The team will lead you step by step instructions to fully recover from this infection. If not done properly parts of it will remain. Don't use this pc for purchases or banking till clean.
If you need help to get registered let me know I am there too.


 o
RE: I need some answers. Thanks

Thanks for the link Zep. I am going to register there and hope for the best. Thanks Ravencajun .


 o
RE: I need some answers. Thanks

Good!

c:\windows\svchost.exe----->Infected file, it's in the wrong folder. svchost.exe runs only from the System32 folder.

Malwarebytes says it removes it but probably can't

\Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b )
Above is probably the rootkit, as albert pointed out.

The forum will run more revealing scans for you too.


 o
RE: I need some answers. Thanks

Ravencajun......I need help with registering at that site.


 o
RE: I need some answers. Thanks

Hi, pluto.

I checked the list of new members awaiting activation and there isn't anyone waiting from the last few days.

If you would send an e-mail to me at the address below, I will pre-register your account. After it is set up, you will be able to login and change the password to one of your choice.

Send to: Corrine-LzD @ hotmail.com (without the spaces)


 o
RE: I need some answers. Thanks

Account created so pluto should be good to go!


 o Post a Follow-Up

Please Note: Only registered members are able to post messages to this forum.

    If you are a member, please log in.

    If you aren't yet a member, join now!


Return to the Computer Help Forum

Information about Posting

  • You must be logged in to post a message. Once you are logged in, a posting window will appear at the bottom of the messages. If you are not a member, please register for an account.
  • Please review our Rules of Play before posting.
  • Posting is a two-step process. Once you have composed your message, you will be taken to the preview page. You will then have a chance to review your post, make changes and upload photos.
  • After posting your message, you may need to refresh the forum page in order to see it.
  • Before posting copyrighted material, please read about Copyright and Fair Use.
  • We have a strict no-advertising policy!
  • If you would like to practice posting or uploading photos, please visit our Test forum.
  • If you need assistance, please Contact Us and we will be happy to help.


Learn more about in-text links on this page here