Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

Can't prevent pages being redirected

Options
  • 19-09-2009 7:29pm
    #1
    mordeith
    Registered Users Posts: 5,278 ✭✭✭


    A friends PC is having any internet sites connected with anti virus, anti spyware etc redirected to irrelvant sites. I'm run Ad-aware and Spybot S&D which both found issues. Ad-Aware removed all issues but Spybot could not remove two redirect issues that were called merijin.org 127.0.0.1. I get a warning saying they cannot be removed because they all still being used by an application. Has anyone any light to shed on this?
    Thanks


Comments

  • Options
    #2
    Keano
    Moderators, Recreation & Hobbies Moderators, Social & Fun Moderators, Sports Moderators Posts: 12,803 Mod ✭✭✭✭Keano


    Can I suggest downloading malwarebytes on another computer and run that on your friends computer and that should work.


  • Options
    #3
    mordeith
    Registered Users Posts: 5,278 ✭✭✭mordeith


    Thanks for the tip. I'll try that tomorrow and report any progress


  • Options
    #4
    novarock
    Registered Users Posts: 1,132 ✭✭✭novarock


    It is essentially a running program, so malwarebytes might not get it. If it doesnt, remove all the ticks on the startup tab of the system configuration utility, and re run the scan, failing that you will have to find out the name of the process that is running, and manually remove any references to it from the C: drive and the registry.


  • Options
    #5
    ballsymchugh
    Registered Users Posts: 7,936 ✭✭✭ballsymchugh


    malwarebytes is the mutts nuts.


  • Options
    #6
    xprepairs
    Closed Accounts Posts: 69 ✭✭xprepairs


    mordeith,
    Is the problem resolved yet? You may have a rootkit problem if Malwarebytes can't remove the infection. Post back and let us know,
    Thanks
    xprepairs


  • Advertisement
  • Options
    #7
    biko
    Registered Users Posts: 81,223 ✭✭✭✭biko


    Also have a look in your hosts file
    c:\windows\system32\drivers\etc\
    Open it in Notepad
    Should pretty much only contain this line
    127.0.0.1 localhost


  • Options
    #8
    mordeith
    Registered Users Posts: 5,278 ✭✭✭mordeith


    xprepairs wrote: »
    mordeith,
    Is the problem resolved yet? You may have a rootkit problem if Malwarebytes can't remove the infection. Post back and let us know,
    Thanks
    xprepairs
    Malwarebytes didn't solve the problem nor did Superantispyware. I'm thinking a reinstall of the OS might be the easiest solution at this stage. The only thing is that the data that needs to be saved is photos that have been put on a usb stick. Is it likely that this infection is now also on the stick?
    Thanks for everyones help and advice so far


  • Options
    #9
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    try this

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**
    1. If you are using Firefox, make sure that your download settings are as follows:
      • Tools->Options->Main tab
      • Set to "Always ask me where to Save the files".
    2. During the download, rename Combofix to Combo-Fix as follows:

      CF_download_FF.gif

      CF_download_rename.gif

    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    7. Double click on combo-Fix.exe & follow the prompts.
    8. When finished, it will produce a report for you.
    9. Please post the "C:\Combo-Fix.txt" for further review.
    **Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**


  • Options
    #10
    mordeith
    Registered Users Posts: 5,278 ✭✭✭mordeith


    The PC in question is ina friends house so I may not get a chance to try that ComboFix for a few days. When I do I'll let you know the results. Thanks


  • Options
    #11
    xprepairs
    Closed Accounts Posts: 69 ✭✭xprepairs


    mordeith, actually the most user-friendly program to eliminiate rootkits is unhackme:
    http://www.greatis.com/unhackme/download.htm
    Use the beginners guide on the left of the download page and go through all the scans. It gives you lots of options, just follow the prompts and scan untill the problem is gone. It's a powerful tool, so DON'T delete anything you are unsure of. If you find a threat that you are unsure of, post it back in here and we'll let you know if it is safe to remove.
    Thanks,
    xprepairs


  • Advertisement
Advertisement