Earn Points & Redeem with attractive offers !!!

You can earn points, by asking, answering, voting questions and redeem with
attractive offers. To view various available redemption schemes, please visit
"My Profile".

New User ? Sign Up | Sign In | Help

Information Systems Helpdesk

ask

Ask whatever question, you wish. Make sure you select the correct category for the question.

answer

Like to help other, then browse through the open questions to answer their questions.

discover

Find answer by browsing the resolved questions.

My Profile

Home > Apple > Open Question

Help, major malware problem!?

No matter how much I scan, I can never get it removed. I scan, remove it, restart, and then it just comes back! I have a suspicion that "0.028651856956772415drgs.exe" is one of them, because I can't find the file and you can't just find it and keep it from starting in msconfig. Also, if I forget to close it, I something called "winupd2600.exe" comes up, though I'm not sure whether it's Windows, so I don't open it. Lastly, a friend told me it's "Wild Tangent", but I just keep finding the game on Google. If I click a link on Google, it redirects me to websites, usually consisting with the last part ending in "puma". (Ex. cigarpuma.com) I think whatever I have is also dragging everyone's internet connection speeds to the ruts. More details in a bit.

38 day(s) ago

Comment(s) (0)

Report Abuse

Find Intereseting

E-Mail to Friends

Bookmark

Subscribe to Answer Alert

Add Comment

No comments yet !!! Be the first to comment

Answers (3)

garfield

You have got a Rootkit infection.

A complete pain to get rid of.
this generic attack on the infection should put things right.

First

click on Start > Run.

Type in the following into the open box.

devmgmt.msc

then Click on OK.

This will run Device Manager.

In Device Manager,

click on View > Show Hidden Devices.

expand all the devices by clicking on the "Plus" sign.
Now try to find

TDSSserv.sys or clbdriver.sys or oUltraf or seneka.sys,
right click on whatever one you found and select Disable.

make sure that you do not select the Un-Install option
otherwise infection will be back once you reboot your computer.

if none of them are there do not worry,
it could be something simpler but follow what comes next.

you will have to enable view hidden folders in, folder options > view.

Delete everything in the windows temp folder,
C > Windows > Temp

Delete all cookies,
Delete all temporary internet files(not to be confused with windows temp files)
these are best deleted via your internet browsers.
it will save you messing about in the the hidden system files

reset internet explorer,
tools > internet options > Advanced tab > reset .

Delete everything in the prefetch folder.
C > Windows > Prefetch

Delete the hosts file,
C > Windows > System32 > drivers > etc > HOSTS

A clean hosts file will be written by windows when you reboot later.
Note: if you were using a custom Hosts file
you will need to replace any of those entries yourself.

Delete the flash cookies found in the macromedia, #Shared Objects folder.
c > users > "your name" > App Data > Roaming > macromedia > Flash player > #Shared Objects

delete everything you find in the #Shared Objects folder

last lot to delete,
navigate to
c > users > "your name" > App Data > Local > Temp

delete everything in the Temp folder.

Run a full scan with this
Sophos Anti-Rootkit : http://www.sophos.com/products/free-tools/sophos-anti-rootkit.html

and remove everything suspicious it finds.

Do not have any open windows and shut down all programs when you run it.

Sophos Anti-Rootkit DOWNLOAD : https://secure.sophos.com/support/cleaners/sar_15_sfx.exe

Then run a full scan with this and remove what it finds.

Super anti spyware Pro : http://www.superantispyware.com/

Super anti spyware Pro DOWNLOAD : http://downloads.superantispyware.com/downloads/SUPERAntiSpywarePro.exe
this has a tool built in that can reset the URL prefix's, USE IT.

reset your router to default.

download then run,Hitman pro : http://www.surfright.nl/en to mop up anything left.
remove what ever it finds.

your redirect virus will/should now be gone.

.

Posted 38 days ago

( 0 )

Comment(s) (0)

Report Abuse

Add Comment

No comments yet !!! Be the first to comment on this answer !!!

garfield

Use regedit to look in the Run Keys for start up items by these names. Start-Run- and type regedit. This will open an explorer style program into the Windows Registry. Go to the menu at the top and choose Edit and then Find. Type the name/s of your suspect/s and search them out one by one. Unless you know for sure what you are after, only delete the strings with these names on them from inside the Keys (Folder Icons) named Run or Startup. Exit when you're done. After this, you should be able to start up and log on without these starting up with you. Now you can get rid of the rest of it with your anti-virus or manually delete it. A good Registry Cleaning program can save alot of work in getting rid of the rest of it. You need to remove these dead files to get good performance (speed) from your system.

Posted 38 days ago

( 0 )

Comment(s) (0)

Report Abuse

Add Comment

No comments yet !!! Be the first to comment on this answer !!!

garfield

This scan will work from a cd. If the malware does not allow you to create the disk you can create it on another computer then run it on the infected computer. read the instructions.
http://connect.microsoft.com/systemsweeper

Posted 38 days ago

( 0 )

Comment(s) (0)

Report Abuse

Add Comment

No comments yet !!! Be the first to comment on this answer !!!

Other Open Questions in Apple

» Is it possible to move photos from one album to another on facebook on an ipod touch?

» I need help with malware!?

» How do I take someone off of my Facebook newsfeed on Android?

» What are the steps for posting a comment for looking for jobs on Facebook?