05-12-2012 06:42 PM
Late this morning, my browser (IE9) began to be redirected to one of several sites whenever I tried to click on a Google search result. Am running Norton 360, so I tried doing a full system scan first - no threats detected. Did some quick research, and ended up downloading Malwarebytes' Anti-Malware program while running in safe mode with networking. Ran that, and it detected Trojan.Happili in a temp directory (don't recall the path.) The Malwarebytes program said it had resolved the issue, and a subsequent scan was clean. Ran Ccleaner with secure deletion enabled to clean out temp directories. Updated Java, and cleared the cache through the Java console. Tried another Google search - same redirect issue. Found Quads' suggestions in this forum, and downloaded TDSSKiller and aswMBR while in safe mode with networking. Stopping there without further guidance, as I don't know how to interpret the results, and it sounds like messing around in ignorance is a recipe for disaster.
Can you help, Quads? Please let me know if more info is required.
Solved! Go to Solution.
05-12-2012 08:04 PM
Why are you running in Safe Mode with Networking??
Why are you going about using tools that can cause more damage without any supervision, I have warned about doing so to people??
Start Malwarebytes and go to the logs tab to see what it detected.
05-12-2012 09:48 PM
Unfortunately, whatever's wrong with my system seems to be preventing me from accessing anti-malware product sites... running in safe mode with networking was the only way I was able to download the Malwarebytes program. My apologies for jumping the gun with the other two tools - didn't remove anything, just ran them to get the logs to post.
Malwarebytes log is attached as requested. Thanks for any advice you can offer!
05-12-2012 10:20 PM
Please do not run any tools unless instructed to do so.
Please read every post completely before doing anything.
Please read carefully
We may yet have to do this with a program without Windows loading as something is Blocking Programs from running etc. But we will try and log with this,
a) Download OTL hxxp://oldtimer.geekstogo.com/OTL.exe (change the hxxp to http) save it to your Desktop. In Safe Mode if Need be.
Restart the Computer into Normal Mode
Double click on OTL.exe to run it. Right click OTL.exe and select run as administator for Vista and Win 7.
Click the Scan All Users checkbox.
Change file age to 60 days
under Copy and paste what is below between the lines
C:\Program Files\Common Files\ComObjects\*.* /s
%systemroot%\*. /mp /s
%systemroot%\*. /rp /s
hklm\software\clients\startmenuinternet|command /64 /rs
An OTL.txt will be created.
05-12-2012 11:32 PM
Got to make sure the subsystems is untouched with anything linked to that.
Please download hxxp://download.bleepingcomputer.com/farbar/FRST64.ex
Plug the flashdrive into the infected PC.
Enter System Recovery Options.
To enter System Recovery Options from the Advanced Boot Options:
On the System Recovery Options menu you will get the following options:
Windows Complete PC Restore
Windows Memory Diagnostic Tool
05-12-2012 11:39 PM
Next step in process. OTL created another txt file called extras.txt that I just noticed. It is attached, in case it is useful.