Websearch redirect Virus

buhflykissez · ‎01-10-2012

Yesterday I was hit with the Win 7 2012 virus. I was able to run a scan with Norton and Kapersky in normal mode to eliminate the virus and then re-ran them in safe mode to eliminate anything that had been hiding within a normal boot. I had taken a look through my registry to see if anything there looked amiss. I didn't see anything that could be causing a problem but I am still plagued by something that is causing search engines to redirect to random websites. I was wondering if anyone has any ideas/tips to deal with this. Through research I think it's a rootkit....TDSS I've read is sometimes hand in hand with the win 7 2012 virus. I've tried running TDSSkiller through Kapersky as well and am at a loss of what to do next.

I'm not tech savvy on my own but can be walked through anything!

Thanks

SUBASH_PRABU · ‎05-31-2011

Hi

Create a new Administrator user account->run a scan with Norton Power ersaer -> Post a screenshot of the finds here.

buhflykissez · ‎01-10-2012

The result of the scan are:

Risk: cdrom.sys

Type: driver

Status: bad

Action: remove

I have the log available, not sure if you'd like a look at that as well.

SUBASH_PRABU · ‎05-31-2011

Hi

Sorry for the late reply. The Redirect happens with what browser?

Can try other browsers like chrome/firefox? http://www.whatbrowser.org/en/browser/

Some malware camouflage themselves as cdrom.sys, particularly if they are located in c:\windows or c:\windows\system32 folder, Because the legit File cdrom.sys is located in the folder C:\Windows\System32\drivers.

So in the NPE results click on the filename and click Locate file location, If the location is C:\Windows\System32\drivers -> leave that file and try with anoter browser and let us know. If the location is c:\windows or c:\windows\system32 ->Fix it and do a restart and let us know the outcome.

buhflykissez · ‎01-10-2012

The file is in the drivers folder....I normally use firefox but I'll try using IE. I was reading that there have been issues with this with firefox. We'll see how it goes.

SUBASH_PRABU · ‎05-31-2011

In cases where Firefox is having the issue, Reinstalling Firefox had solved the Problem.

Quads · ‎07-21-2008

There is a Rootkit that has Websearch as it's redirect at the momnent and chooses one of 3 drivers to patch, one being cdrom.sys. Which is a Windows file but has been infected.

But only for 32 bit (x86) systems

c:\windows\$NtUninstallKB23115$
c:\windows\$NtUninstallKB23115$\1197455810
c:\windows\$NtUninstallKB23115$\793998616\@
c:\windows\$NtUninstallKB23115$\793998616\cfg.ini
c:\windows\$NtUninstallKB23115$\793998616\Desktop.ini
c:\windows\$NtUninstallKB23115$\793998616\L\rohepcid
c:\windows\system32\drivers\etc\hosts.txt

Infected copy of c:\windows\system32\drivers\cdrom.sys was found and disinfected
Restored copy

NPE (Norton Power Eraser) does not have the ability to deal with disinfecting this infection, but can generically detect the change in the file.

With System Restore turned on the patched driver also gets backed up in the restore points.

Quads

buhflykissez · ‎01-10-2012

I don't think it's firefox... I was checking into other things it could be using IE and I got the blue screen of death. This virus is starting to get to me.

Norton Internet Security / Norton AntiVirus

Websearch redirect Virus

Re: Websearch redirect Virus

Re: Websearch redirect Virus

Re: Websearch redirect Virus

Re: Websearch redirect Virus

Re: Websearch redirect Virus

Re: Websearch redirect Virus

Re: Websearch redirect Virus

Products

Services

Support