TDSS removal causing Fake AV redirection

[Lol$prakash]

Hello guys, I am unable to remove virus and malware infected file from my laptop Dell Inspiron 6400, and don’t finding a way to get rid of it, I had tried all of the possible solution In my knowledge but as per time problem getting more and more and just before someday I had get a notice from Symantic Endpoint Protection from the infection attacks from web. And after that I had tried to uninstall TDSS rootkit while making use of TDSSKiller and when I am trying to download Mozilla Firefox using IE as what I use for browsing on internet than while using Google for surfing I am Getting message like “look for latest event 118 above re Fake AV” and use to get redirected. What is this issue all about? Does anyone have a little bit knowledge about this? Please help me get out of this problem. Thanks a lot in advance.

[Amie]

First you have to run Overtime Loss (OTL) on your system and then you have to select the Custom Scans/Fixes at the base of the and according to it paste this in that:

Code:

:OTL
MOD - C:\WINDOWS\onuhaxiqexejiv.dll ()
O4 - HKLM..\Run: [Icacatofokey] C:\WINDOWS\onuhaxiqexejiv.dll ()
O33 - MountPoints2\{63f8cd38-0b6f-11de-ad2e-0016cffbea67}\Shell\AutoRun\command - "" = F:\WDSetup.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
[2009/05/20 01:47:32 | 000,113,152 | ---- | C] ()(C:\Documents and Settings\All Users\Documents\??????? ??????.doc) -- C:\Documents and Settings\All Users\Documents\??????? ??????.doc
[2009/05/20 01:47:21 | 000,113,152 | ---- | M] ()(C:\Documents and Settings\All Users\Documents\??????? ??????.doc) -- C:\Documents and Settings\All Users\Documents\??????? ??????.doc
[2009/01/04 16:01:40 | 000,024,576 | ---- | M] ()(C:\Documents and Settings\Lyudmila\My Documents\????????.doc) -- C:\Documents and Settings\Lyudmila\My Documents\????????.doc
[2009/01/04 16:00:29 | 000,024,576 | ---- | C] ()(C:\Documents and Settings\Lyudmila\My Documents\????????.doc) -- C:\Documents and Settings\Lyudmila\My Documents\????????.doc
[2007/10/08 10:56:30 | 000,032,256 | ---- | C] ()(C:\Documents and Settings\Lyudmila\My Documents\???????? ???????? '???????_ ??????_...'.shs) -- C:\Documents and Settings\Lyudmila\My Documents\???????? ???????? '???????_ ??????_...'.shs
[2007/10/08 10:56:15 | 000,032,256 | ---- | M] ()(C:\Documents and Settings\Lyudmila\My Documents\???????? ???????? '???????_ ??????_...'.shs) -- C:\Documents and Settings\Lyudmila\My Documents\???????? ???????? '???????_ ??????_...'.shs
:Files

:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[Reboot]

And after posting in the Codes properly you have start Run FIX option at the top and restart the system when you are done with it and after starting the system again start OTL once again and select the quick scan option on it and your redirecting problem most probably will comes end.

[HiSpeed]

Now proceed with the step which I am mentioning now first you have download TDSS killer and install it on your computer and after downloading killer you prior have to extract its content in some folder or desktop and as you have been completed with it, there you will able to locate TDSSkiller.exe and double click on it, the installation procedure will carry on and after completing the installation, click on the created icon on the desktop and click on the Option (start scan). This will help you get rid of any remaining file of TDSS which can be the major reason for creating this problem.

[BiGMaCHiNe]

Here while using TDSSkiller, if any infection has been detected by it, than during it you have to proceed with the most recommended option, which is to be cure and then you have to continue with scan and while if a unknown file is spotted during the scanning you have to go with SKIP option and continue with scan, and completing scan you killer will ask you to restart your system, and reboot has not been demanded after completing than just post the report of the scan. This might help you solve your problem.

[Connect_Me]

First you have to download Combo.exe from the internet and save the file somewhere on desktop or In some drive and after it you have to install it on your system and before installing it, you have make sure that all antivirus and Anti-Malware on your system has been disabled and after that run the Combofix.exe on your system, it the most powerful tools which has been use for sorting out such kinda issue and also solve it properly and while scanning Combofix should properly verify that there is any Microsoft windows recovery console has been install on your system, as most probably malware use to attack them.

[Wguy2008]

As per my suggestion at first download Malware bytes from the internet, it also comes will free and trial version you can opt for anyone of it and installed it your system and then run the install Anti-malware, after installing and before running the scan procedure, you will have to update the Anti-Malware with latest update of definition and also of programs and the scan process might take much time, so let the scan complete properly without interference and the Anti-Malware bytes will detect and ask for action from you about the infection, as my recommendation you should go with deleting the infection. And after this you have to restart the system. And report for it have been save in Anti-Malware, so after that you have to submit that report which is option available in main windows of Malware Bytes.

[Visala28]

While using OTL after installing it on your desktop, proceed with running of the application and before running it you have to be definite that no other application are running while you have start the OTL on your system, as any interruption may cause problem for the process to be end properly and after it, run the quick scan and don’t make any changes in the setting, else some expert suggests you to do so, the scan procedure will not take much time to end. After completing the scan you will get the notepad windows (OTListIt.Txt and Extras.Txt) and soon after completing with this post the report to the OTL. And if something further is require for your system, than your OTL will update further with it and according fix the any possible errors.