I THINK I HAVE A VIRUS-I KNOW I DO!!!!!MOVED TO CORRECT FORUM

[MrCharlie]

Has that made any difference??  MrC

[latricedolly]

Well so far, I have not had any redirected searches during my usage.  I am pleased once again!!!  It was very interesting in following the instructions that you was giving, but I don't know what we were doing.  I just know that the procedures were doing something.  Could you give me a summary of what we did to fix the problem that I was having?  I would like to know starting from the very begin when you told me to get a report.  I would appreciate this.

[MrCharlie]

Well from your DDS log, I saw this:

Warning: possible TDL3 rootkit infection !

TDSSKiller is the tool we use to take of this infection.

Bootkit Removal Tool is a tool that will also work but for some reason it wouldn't work on your system.

--------------------------

TDSSKiller found and cured the rootkit:

14:33:14.0515 3136 Detected object count: 1
14:33:14.0515 3136 Actual detected object count: 1
14:33:24.0015 3136 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
14:33:24.0015 3136 \Device\Harddisk0\DR0 - ok
14:33:24.0015 3136 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
14:33:44.0640 3876 Deinitialize success

We ran TDSSKiller again and it confirms the rootkit is gone.

------------------------------

I had you run RogueKiller to check for any other infections and also check the master boot record  (MBR)
It turned up clean (OK) except for the host file: (which was corrupt)

¤¤¤ HOSTS File: ¤¤¤
94.63.240.122 www.bing.com

-----------------------------

+++++ PhysicalDrive0: SAMSUNG HD160JJ/P +++++
--- User ---
[MBR] 54f27e3eb12aa828010f072d5d43f642
[BSP] 11d467b9f31927f29d49c85858b51038 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 159989 Mo

User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

---------------------------

I had you run RogueKiller again to restore the host file back to what it's supposed to be.

¤¤¤ Resetted HOSTS: ¤¤¤
127.0.0.1 localhost

--------------------

So now we'll see how it is.

MrC

[latricedolly]

Well thanks!!!!  I will work with it some more to see how are things.  But so far, I had not had any problems.  I will post back

[MrCharlie]

How are we doing????

MrC

[MrCharlie]

Re-opened

[latricedolly]

It's been awhile, but I had to come back to let everyone know how my computer is doing.  Mr. Charles had given good, easy, and thorough instructions on how to remove the viruses and they worked. I have my computer back to normal and at the same time, gained knowledged on what to do if this should happen again.  Please feel free to use the guidance that Mr. Charles and the forum will give you to solve your computer problems.

Latrice Dolly

[MrCharlie]

Thanks 

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum,  MrC