Unable to run antivirus, Hijackthis & Combofix

wiskerluv

New member
Local time
1:28 AM
Messages
18
I have some sort of Redirect virus when I use Firefox. I have AVG antivirus which won't open nor will Spyware Hunter or HiJack This open. Even Combofix won't open. I ran Malwarebytes and Hitman Pro but they found nothing, yet still getting redirected to strange websites. Help please if possible.
 

My Computer My Computer

At a glance

Windows 7 64 bit
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Dell
OS
Windows 7 64 bit
Hard Drives
C & DVD drives
Try using Windows Defender Offline (WDO):

https://support.microsoft.com/en-us/help/17466/windows-defender-offline-help-protect-my-pc

Go to a known clean computer and create a WDO CD (64-bit). Power-on the infected computer with the WDO disk in the drive, booting with it. You will then be able to do a pre-Windows scan, catching things that are buried deep in Windows.

Be patient when running WDO - it takes a long time. But it will likely find whatever is causing this problem.

After running WDO, run some of your other malware tools.

Finally, go to your browser and check your add-ons. Make sure that there aren't any problematic add-ons or extensions. If there are, disable/uninstall them.

If necessary, get a copy of Firefox from a known good computer - burn it to a CD. Then install it from the CD onto the problematic computer.
 

My Computer My Computer

At a glance

Linux Mint 18.2 xfce 64-bit (VMWare host) / W...Haswell4 GB
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Dell
OS
Linux Mint 18.2 xfce 64-bit (VMWare host) / Windows 8.1 Pro 32-bit (VMWare guest)
CPU
Haswell
Memory
4 GB
Monitor(s) Displays
Acer 23"
Screen Resolution
1920 x 1080
Hard Drives
Two hard drives, 1TB each: One for Linux, one for my data.
Keyboard
IBM Model M
Antivirus
Sophos (Linux), Trend Micro (Windows)
Browser
Firefox, Opera
Other Info
I use Samba to share my data drive with the other computers at my house and with my guest session in VMWare Workstation Player.
I uninstalled some programs and no longer have the Redirect virus. I still don't know why I can't open Spyhunter or Combofix. I have run Windows Defender in safe mode and it found nothing. Widows Defender wont open offline but I will try again. Thanks so much for your response.
 

My Computer My Computer

At a glance

Windows 7 64 bit
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Dell
OS
Windows 7 64 bit
Hard Drives
C & DVD drives
To run "Windows Defender Offline", you first create the WDO disk, and you then put it in the drive of the infected computer. You then turn the computer on. The computer then boots into the "Windows Defender Offline" environment, in which you can safely run a virus scan.

You are offline during this entire process. WDO is designed to run when the computer is offline.

This is not the same as the Windows Defender program which comes with Windows 7.
 

My Computer My Computer

At a glance

Linux Mint 18.2 xfce 64-bit (VMWare host) / W...Haswell4 GB
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Dell
OS
Linux Mint 18.2 xfce 64-bit (VMWare host) / Windows 8.1 Pro 32-bit (VMWare guest)
CPU
Haswell
Memory
4 GB
Monitor(s) Displays
Acer 23"
Screen Resolution
1920 x 1080
Hard Drives
Two hard drives, 1TB each: One for Linux, one for my data.
Keyboard
IBM Model M
Antivirus
Sophos (Linux), Trend Micro (Windows)
Browser
Firefox, Opera
Other Info
I use Samba to share my data drive with the other computers at my house and with my guest session in VMWare Workstation Player.
WDO doesn't work

I followed all instructions and WDO won't even boot up. I tried this twice with no luck. It burned to disk alright but when I put disk in, it just went straight to my desktop. Dont know what else to try.
 

My Computer My Computer

At a glance

Windows 7 64 bit
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Dell
OS
Windows 7 64 bit
Hard Drives
C & DVD drives
Hi wiskerluv,

Welcome to SevenForums! :)

Let's check for a rootkit.


  • First of all, the procedures we are about to perform are specific to your problem and should only be used on this specific computer.
  • Do not make any changes to your computer that include installing/uninstalling programs, deleting files, modifying the registry, nor running scanners or tools of any kind unless specifically requested by me.
  • Please read ALL instructions carefully and perform the steps fully and in the order they are written.
  • If things appear to be better, let me know. Just because the symptoms no longer exist as before, does not mean that you are clean.
  • Continue to read and follow my instructions until I tell you that your machine is clean.
  • If you have any questions at all, please do not hesitate to ask before performing the task that I ask of you, and please wait for my reply before you proceed.
  • Scanning with programs and reading the logs do take a fair amount of time. Again, your patience will be necessary. :)


Please do as follows:

Download Farbar Recovery Scan Tool to your desktop from one of the links below. It appears that your system is 64-bit, so please click on the 2nd link:

For x32 (x86) bit systems download Farbar Recovery Scan Tool.
For x64 bit systems download Farbar Recovery Scan Tool x64.


  • Right click on the FRST.exe and choose Run as administrator.
  • When the tool opens click Yes to disclaimer.
  • Under Optional Scan make sure there is a checkmark in the box for Addition.txt to ensure it creates that 2nd log.
  • Press Scan button.
  • Please attach both logs in your next reply.
 

My Computer My Computer

At a glance

Win7 64-bit, Vista 32-bit, XP 32-bit, W2K 32-...
Computer type
Laptop
OS
Win7 64-bit, Vista 32-bit, XP 32-bit, W2K 32-bit (VM)
Antivirus
Avast, MSE
Browser
Firefox
Other Info
Multiple systems. Too many specs to name.
I followed all instructions and WDO won't even boot up. I tried this twice with no luck. It burned to disk alright but when I put disk in, it just went straight to my desktop. Dont know what else to try.

Apparently your computer is not set to boot from a CD/DVD. You will need to go into the computer's setup and make sure that the list of boot devices includes your CD/DVD drive; you will then need to put the CD/DVD drive as the first item in the list.

To get into Setup, power the computer on, and as soon as the Dell splash screen disappears, start tapping on F2. Soon you will be in Setup.
 

My Computer My Computer

At a glance

Linux Mint 18.2 xfce 64-bit (VMWare host) / W...Haswell4 GB
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Dell
OS
Linux Mint 18.2 xfce 64-bit (VMWare host) / Windows 8.1 Pro 32-bit (VMWare guest)
CPU
Haswell
Memory
4 GB
Monitor(s) Displays
Acer 23"
Screen Resolution
1920 x 1080
Hard Drives
Two hard drives, 1TB each: One for Linux, one for my data.
Keyboard
IBM Model M
Antivirus
Sophos (Linux), Trend Micro (Windows)
Browser
Firefox, Opera
Other Info
I use Samba to share my data drive with the other computers at my house and with my guest session in VMWare Workstation Player.
Seriously, you want me to post all that information from Farbar? That's a ton of stuff but if I must, I will.
 

My Computer My Computer

At a glance

Windows 7 64 bit
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Dell
OS
Windows 7 64 bit
Hard Drives
C & DVD drives
Yes, please attach the logs. FRST scans the registry and file system where malware attacks. I want to rule out the possibility that you are infected with the Smart Service rootkit which blocks the use of any AV and malware removal tools and dumps tons of adware, trojans etc onto the system.
 

My Computer My Computer

At a glance

Win7 64-bit, Vista 32-bit, XP 32-bit, W2K 32-...
Computer type
Laptop
OS
Win7 64-bit, Vista 32-bit, XP 32-bit, W2K 32-bit (VM)
Antivirus
Avast, MSE
Browser
Firefox
Other Info
Multiple systems. Too many specs to name.
Farbar scan 1

The text that you have entered is too long (45316 characters). Please shorten it to 25000 characters long

Sorry, don't know how to do this. I will just forget about it.
 

My Computer My Computer

At a glance

Windows 7 64 bit
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Dell
OS
Windows 7 64 bit
Hard Drives
C & DVD drives
I know how frustrating this is for you, but please do not give up. The length of the logs is why we need to attach the logs, not copy paste them into the reply box. We can even compress the logs as follows:

Right click on the log and from the context menu choose Send to > Compressed (zipped) folder.

Do that to both log files then attach as follows:

It's not as hard as it appears. I know you can do it! :)

Just click on the Quick Reply box and type something like, "Here ya go!"
Now scroll down and click on the Go Advanced button to the lower right.
Give your post a moment to adjust, then scroll way down till you see the Additional Options section.
Look for and click on the Manage Attachments button.
The Manage Attachments window will pop up. In the Upload File from your Computer section look for and click on the Browse... button.
The File Upload window will open.
Click on Desktop in the left pane.
Use the scroll bar on the right side of that window to locate the file on your desktop.
Once you locate the file, click on it and you will see the file name appear in the File Name field.
Now click the Open button.
The File Upload window will now disappear and you should see the file to the right of the Browse... button that you clicked earlier.
Now click on the first Upload button from the top.
Minimize that window an click the Preview Post button.

And walla! That's it! ;)

I felt this would be easier for you than mrjimphelps instructions. I could be wrong. You can try following what he posted in his reply as well.

Apparently your computer is not set to boot from a CD/DVD. You will need to go into the computer's setup and make sure that the list of boot devices includes your CD/DVD drive; you will then need to put the CD/DVD drive as the first item in the list.

To get into Setup, power the computer on, and as soon as the Dell splash screen disappears, start tapping on F2. Soon you will be in Setup.
 

My Computer My Computer

At a glance

Win7 64-bit, Vista 32-bit, XP 32-bit, W2K 32-...
Computer type
Laptop
OS
Win7 64-bit, Vista 32-bit, XP 32-bit, W2K 32-bit (VM)
Antivirus
Avast, MSE
Browser
Firefox
Other Info
Multiple systems. Too many specs to name.
Here ya go

Here ya go:
 

Attachments

My Computer My Computer

At a glance

Windows 7 64 bit
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Dell
OS
Windows 7 64 bit
Hard Drives
C & DVD drives
Hi wiskerluv,

I do apologize for the delay. I am not sure how I overlooked the email notification that you had replied 3 days ago, but I did.

I need for you to move FRST.exe from the following Programs folder to the desktop.

Running from C:\Users\Marcia\Downloads\Programs

In regards to ComboFix, see here. If you were not trained by the experts that be to use ComboFix, I would heed Jacee's warning. Please uninstall ComboFix.

I noticed that AV Malwarebytes is enabled and up to date. Is this the Pro (paid) version or is it the free trial version?

AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
See if you can uninstall the following version from the Control Panel > Programs and Features. Let me know if you are unable to.


Malwarebytes Anti-Malware versione 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)

You have a few programs installed that are totally unnecessary and can cause irriversable damage to your Windows system. You should avoid Registry Cleaners, Boosters, Optimizers, TuneUp Utilities... This type of software will do a lot more harm than good, and should only be used by advanced users who really know their way around the registry. These utilities do not only remove what "they think" are orphan entries in the registry but legitimate files still in use will be deleted in the process, crippling some programs and Windows applications beyond repair.

Keep in mind that they will always find "errors" to fix, even on a fresh Windows install! In itself, this should be enough to convince non-believers...

Please uninstall the following program from Control Panel > Programs and Features:

iolo technologies' System Mechanic

We have quite a bit to clean up/fix here. The fix script is quite long so I am going to have you do as follows to ensure the complete script is executed properly:

Download the attached fixlist.txt that is located at the bottom of this post to your Desktop.

Please note: fixlist.txt must be saved to the same location as FRST\FRST64.exe


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


  • Run frst.exe (on 64bit, run frst64.exe) and press the Fix button just once and wait. FRST will locate the script fixlist.tx and execute the script.
  • Once complete, the tool will make a log (Fixlog.txt) in the same location as where you saved FRST. Please post it to your next reply.

Next:

Download AdwCleaner from here. Save the file to the desktop.


NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
  • Click the Clean button.
  • Everything checked will be moved to Quarantine.
  • When the program has finished cleaning a report appears. Once done it will ask to reboot, allow this.
  • On reboot a log will be produced please copy/paste that log in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C0].txt

In your next reply, please attach the following logs:

Fixlog.txt
AdwCleaner[C0].txt


Thank you. :)
 

Attachments

My Computer My Computer

At a glance

Win7 64-bit, Vista 32-bit, XP 32-bit, W2K 32-...
Computer type
Laptop
OS
Win7 64-bit, Vista 32-bit, XP 32-bit, W2K 32-bit (VM)
Antivirus
Avast, MSE
Browser
Firefox
Other Info
Multiple systems. Too many specs to name.
Back
Top