Go Back   TechArena Community > Technology > Networking & Security
Become a Member!
Forgot your username/password?
Tags Active Topics RSS Search Mark Forums Read

Reply
 
Thread Tools Search this Thread
  #1  
Old 23-06-2011
Member
 
Join Date: Mar 2011
Posts: 44
TDSS removal causing Fake AV redirection

Hello guys, I am unable to remove virus and malware infected file from my laptop Dell Inspiron 6400, and don?t finding a way to get rid of it, I had tried all of the possible solution In my knowledge but as per time problem getting more and more and just before someday I had get a notice from Symantic Endpoint Protection from the infection attacks from web. And after that I had tried to uninstall TDSS rootkit while making use of TDSSKiller and when I am trying to download Mozilla Firefox using IE as what I use for browsing on internet than while using Google for surfing I am Getting message like ?look for latest event 118 above re Fake AV? and use to get redirected. What is this issue all about? Does anyone have a little bit knowledge about this? Please help me get out of this problem. Thanks a lot in advance.
Reply With Quote
  #2  
Old 23-06-2011
Member
 
Join Date: Jun 2009
Posts: 1,205
Re: TDSS removal causing Fake AV redirection

First you have to run Overtime Loss (OTL) on your system and then you have to select the Custom Scans/Fixes at the base of the and according to it paste this in that:
Code:
:OTL
MOD - C:\WINDOWS\onuhaxiqexejiv.dll ()
O4 - HKLM..\Run: [Icacatofokey] C:\WINDOWS\onuhaxiqexejiv.dll ()
O33 - MountPoints2\{63f8cd38-0b6f-11de-ad2e-0016cffbea67}\Shell\AutoRun\command - "" = F:\WDSetup.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
[2009/05/20 01:47:32 | 000,113,152 | ---- | C] ()(C:\Documents and Settings\All Users\Documents\??????? ??????.doc) -- C:\Documents and Settings\All Users\Documents\??????? ??????.doc
[2009/05/20 01:47:21 | 000,113,152 | ---- | M] ()(C:\Documents and Settings\All Users\Documents\??????? ??????.doc) -- C:\Documents and Settings\All Users\Documents\??????? ??????.doc
[2009/01/04 16:01:40 | 000,024,576 | ---- | M] ()(C:\Documents and Settings\Lyudmila\My Documents\????????.doc) -- C:\Documents and Settings\Lyudmila\My Documents\????????.doc
[2009/01/04 16:00:29 | 000,024,576 | ---- | C] ()(C:\Documents and Settings\Lyudmila\My Documents\????????.doc) -- C:\Documents and Settings\Lyudmila\My Documents\????????.doc
[2007/10/08 10:56:30 | 000,032,256 | ---- | C] ()(C:\Documents and Settings\Lyudmila\My Documents\???????? ???????? '???????_ ??????_...'.shs) -- C:\Documents and Settings\Lyudmila\My Documents\???????? ???????? '???????_ ??????_...'.shs
[2007/10/08 10:56:15 | 000,032,256 | ---- | M] ()(C:\Documents and Settings\Lyudmila\My Documents\???????? ???????? '???????_ ??????_...'.shs) -- C:\Documents and Settings\Lyudmila\My Documents\???????? ???????? '???????_ ??????_...'.shs
:Files

:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[Reboot]
And after posting in the Codes properly you have start Run FIX option at the top and restart the system when you are done with it and after starting the system again start OTL once again and select the quick scan option on it and your redirecting problem most probably will comes end.
Reply With Quote
  #3  
Old 23-06-2011
Member
 
Join Date: Mar 2009
Posts: 1,221
Re: TDSS removal causing Fake AV redirection

Now proceed with the step which I am mentioning now first you have download TDSS killer and install it on your computer and after downloading killer you prior have to extract its content in some folder or desktop and as you have been completed with it, there you will able to locate TDSSkiller.exe and double click on it, the installation procedure will carry on and after completing the installation, click on the created icon on the desktop and click on the Option (start scan). This will help you get rid of any remaining file of TDSS which can be the major reason for creating this problem.
Reply With Quote
  #4  
Old 23-06-2011
Member
 
Join Date: May 2008
Posts: 1,304
Re: TDSS removal causing Fake AV redirection

Here while using TDSSkiller, if any infection has been detected by it, than during it you have to proceed with the most recommended option, which is to be cure and then you have to continue with scan and while if a unknown file is spotted during the scanning you have to go with SKIP option and continue with scan, and completing scan you killer will ask you to restart your system, and reboot has not been demanded after completing than just post the report of the scan. This might help you solve your problem.
Reply With Quote
  #5  
Old 23-06-2011
Member
 
Join Date: Nov 2008
Posts: 1,066
Re: TDSS removal causing Fake AV redirection

First you have to download Combo.exe from the internet and save the file somewhere on desktop or In some drive and after it you have to install it on your system and before installing it, you have make sure that all antivirus and Anti-Malware on your system has been disabled and after that run the Combofix.exe on your system, it the most powerful tools which has been use for sorting out such kinda issue and also solve it properly and while scanning Combofix should properly verify that there is any Microsoft windows recovery console has been install on your system, as most probably malware use to attack them.
Reply With Quote
  #6  
Old 23-06-2011
Member
 
Join Date: Nov 2008
Posts: 1,001
Re: TDSS removal causing Fake AV redirection

As per my suggestion at first download Malware bytes from the internet, it also comes will free and trial version you can opt for anyone of it and installed it your system and then run the install Anti-malware, after installing and before running the scan procedure, you will have to update the Anti-Malware with latest update of definition and also of programs and the scan process might take much time, so let the scan complete properly without interference and the Anti-Malware bytes will detect and ask for action from you about the infection, as my recommendation you should go with deleting the infection. And after this you have to restart the system. And report for it have been save in Anti-Malware, so after that you have to submit that report which is option available in main windows of Malware Bytes.
Reply With Quote
  #7  
Old 24-06-2011
Member
 
Join Date: Jul 2009
Posts: 1,113
Re: TDSS removal causing Fake AV redirection

While using OTL after installing it on your desktop, proceed with running of the application and before running it you have to be definite that no other application are running while you have start the OTL on your system, as any interruption may cause problem for the process to be end properly and after it, run the quick scan and don?t make any changes in the setting, else some expert suggests you to do so, the scan procedure will not take much time to end. After completing the scan you will get the notepad windows (OTListIt.Txt and Extras.Txt) and soon after completing with this post the report to the OTL. And if something further is require for your system, than your OTL will update further with it and according fix the any possible errors.
Reply With Quote
Reply

  TechArena Community > Technology > Networking & Security
Tags: , , , , , ,



Thread Tools Search this Thread
Search this Thread:

Advanced Search


Similar Threads for: "TDSS removal causing Fake AV redirection"
Thread Thread Starter Forum Replies Last Post
How to remove malware belonging to the family Rootkit.Win32.TDSS aka Win32/Olmarik aka Alureon/TDSS Rootkit JareD AntiVirus Software 2 28-07-2011 12:47 PM
trojan removal causing Wifi cutoff? Kshaunish Networking & Security 5 25-07-2010 09:38 PM
Fake Antivirus Removal Humberto Guides & Tutorials 3 15-07-2010 01:32 AM
TDSS.a!mem Removal problem Bhagwandas Networking & Security 5 12-01-2010 02:22 PM
Removal of Fake Nortel Antivirus Thunder Chicken Networking & Security 3 21-10-2009 05:17 PM


All times are GMT +5.5. The time now is 01:34 AM.