Redirects whenever i click on a link

Printable View

13.10.2009, 22:01
philh

Redirects whenever i click on a link

Hi,

This P.C. always takes me to an advert site whenever I click on a link,

can you help?
13.10.2009, 23:28
drongo

Welcome!

1.Do you have something from PC Tools company? Like an antivirus/antirutkit?
Please disasable all your antiviruses, antirutkits etc and disconnect from internet/local network
2. What is a disk G in this system? If it is a removable disk, and you have it, please connect it to this computer before next step.
3.Execute this script in avptools: ( in manual cure)
[code]
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('G:\autorun.inf','');
QuarantineFile('C:\WINDOWS\system32\Drivers\cercsr6.sys','');
QuarantineFile('C:\WINDOWS\system32\gxvxcvkdqbpjetuxicapqbupmmttkbeyymylt.dll','');
QuarantineFile('\\?\globalroot\systemroot\system32\gxvxcvkdqbpjetuxicapqbupmmttkbeyymylt.dll','');
[B]BC_ImportAll;
BC_Activate;
SetAVZPMStatus(True);
RebootWindows(true);
end.[/B]
[/code]

4.After reboot execute following script in Manual Cure
[code]
begin
CreateQurantineArchive('C:\quarantine.zip');
end.
[/code]

5.Upload the C:\quarantine.zip over the link Upload quarantined files on the top of this page.
Let us know, when you will done.

P.s. For your information:these steps will not solve your problem yet, they are for collecting data in order to cure your system in the future.
16.10.2009, 21:53
philh

Thanks for the reply,

G was just the pen drive i used to transfere kaspersky virus removal from my p.c. to this one as i can never get the website i want on this pc,

please find attached quarantine zip, hope you can help!!!

thanks!:)
17.10.2009, 00:08
drongo

No, definitely you don't understand. A quarantine you should send by red link only.: [url=http://virusinfo.info/upload_virus_eng.php?tid=57119][COLOR="Red"]Upload quarantined files[/COLOR] [/url]
It is forbidden to attach any quarantine here.
Please upload, as i did requested before.
Let us know, when you done.And please, do answer to my questions from 1&2 .
17.10.2009, 22:32
philh

on this p.c. is avg antivirus, spybot and ad aware but they won`t update properly and sypbot won`t run,

G was just the pen drive i used to transfere kaspersky virus removal from my p.c. to this one as i can never get the website i want on this pc
18.10.2009, 13:39
drongo

Strange, i am seeing that PCTCore.sys is active and it is from pctools company, as far i know. So, if you said that you don't know about that- very strange.
Go to add remove programs and look for it again :)Uninstall, if you will find something. Then, please disable: Ad-Aware, teatimer(it is registry protector from spybot) and avg antivirus, disconnect from internet, disable windows system restore and only then execute this script:
[code]
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
StopService('PCTCore');
DeleteFile('C:\WINDOWS\system32\drivers\PCTCore.sys');
DeleteFile('G:\autorun.inf');
DeleteFile('\\?\globalroot\systemroot\system32\gxvxcvkdqbpjetuxicapqbupmmttkbeyymylt.dll');
DeleteFile('C:\WINDOWS\system32\gxvxcvkdqbpjetuxicapqbupmmttkbeyymylt.dll');
ExecuteRepair(6);
ExecuteRepair(8);
ExecuteRepair(9);
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
BC_DeleteSvc('PCTCore');
SetAVZPMStatus(true);
RebootWindows(true);
end.
[/code]

After restart, please make a fresh log from avptool like you did in your first post.
Also, i would like to see a log from gmer. ([url]http://virusinfo.info/showthread.php?t=51878[/url] )

Both, please attach in this theme in next post.
27.10.2009, 20:47
philh

Thanks for the reply couldn`t find anything in add or remove programs from PC tools
Ran script
Please find attached log.
every time i try to run gmer it says onijy4r6.exe has encountered a problem and must close

hope this helps

thanks again
28.10.2009, 11:14
Rene-gad

Switch off/Disable:
- Antivirus and and, if you have - Firewall.
- System Restore

- [URL="http://virusinfo.info/showthread.php?t=9207"]Execute following script[/URL] in Manual Cure
[CODE]begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
Clearquarantine;
QuarantineFile('C:\DOCUME~1\Shona\LOCALS~1\Temp\awkiqpoc.sys','');
QuarantineFile('C:\WINDOWS\system32\DRIVERS\78083283.sys','');
DeleteFile('\systemroot\system32\drivers\gxvxcfhxnssiymfoepxegaxvhpdpagenwsdvx.sys');
DeleteFile('\\?\globalroot\systemroot\system32\gxvxcfmitktytdrbfwkngiqfyywrqpnpqmxur.dll');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
ExecuteRepair(6);
ExecuteRepair(8);
ExecuteRepair(9);
RebootWindows(true);
end.
[/CODE]
After reboot
- Repeat a log file.
- Try to make GMER-Log. Before starting of GMER disable your installed Antivirus+Firewall.
-
Execute this script
[code]begin
CreateQurantineArchive('C:\quarantine.zip');
end.[/code]
Do upload a new quarantine by red link.
29.10.2009, 00:04
drongo

Please, disable your system restore [B][U]before [/U][/B]executing script in post #8, otherwise your malware will survive...