Most links redirecting to ads

[Sunyavadin]

PSW.Agent.ALCB <-- this is a password stealer ... I advise you to change all your passwords using a known "clean" computer.

Download RKill to a flash drive, then use it on the infected computer. http://download.bleepingcomputer.com/grinler/beta/rkill.exe
This log file is located at C:\rkill.log.
Please post the log

Rkill, like combofix and all my antivitrus/antimalware software triggers a BSOD on the infected system. Looks like a full reinstall is on the cards.

However, first I need to finish switching all 30 or so of my passwords to a temporary one ASAP.

Also going to stick Ubuntu on my second drive.

 

[Jacee]

 

[Dwarf]

PSW.Agent.ALCB <-- this is a password stealer ... I advise you to change all your passwords using a known "clean" computer.

Download RKill to a flash drive, then use it on the infected computer. http://download.bleepingcomputer.com/grinler/beta/rkill.exe
This log file is located at C:\rkill.log.
Please post the log

Rkill, like combofix and all my antivitrus/antimalware software triggers a BSOD on the infected system. Looks like a full reinstall is on the cards.

However, first I need to finish switching all 30 or so of my passwords to a temporary one ASAP.

Also going to stick Ubuntu on my second drive.

Remember to do this from a known clean machine.

 

[Sunyavadin]

Yeah, obviously. Done and done. Installing Ubuntu 10.04 to my secondary HD right now - will use that to backup my important data (Luckily I kept very little on my windows drive itself) and reinstall Win7.

 

[seth500]

Also a good thing to do is make you Host file read-only so nothing can write to it...and yes java is and has been for a couple of months now the newest form of how hijackers and trojans are infecting systems.

 

[Sunyavadin]

Well, combofix repaired the other system that it turned out had the same issue (Seems my GF's work network was the source of the virus). I guess it's a WinXP/Win7 difference though, since Combofix bluescreens my win7 machine, but 100% fixed the XP one... Anyone know of a good repair/antivirus utility I can run from within linux that will look over my Windows partition and fix it? Currently trying ClamAV.

 

[Jacee]

See if this helps SystemRescueCd

 

[Sunyavadin]

Fixed!
Win7 is back up and running fine.
Took the following:

Running ClamAV from my Linux install (This discovered a malicious java file and deleted it)
Running Windows (Which now no longer bluescreened when I tried to run anything but a web browser)
Running Combofix (Which was now ABLE to run, and fixed the hijacking)


SORTED.

 

[Jacee]

Yay-hey!! Thanks for reporting back

 

[Jacee]

Uninstall Combofix ..... You need to do this because CF is updated frequently and the old definitions will never catch the new crapware.
Click START then RUN
Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

Clean up all temps by downloading TFC by Old Timer TFC - Temp File Cleaner by OldTimer - Geeks to Go Forums and save it to your desktop.
Save any unsaved work.
TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

Set a fresh/clean restore point and name it.