Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: SOS avredirector  (Read 1984 times)

0 Members and 1 Guest are viewing this topic.

kirbyfan2000

    Topic Starter


    Newbie

    SOS avredirector
    « on: March 25, 2010, 11:26:46 PM »
    I need help with this thing. It was included in the installation of 'hide the ip'. I didn't suspect anything at first thanks to regular virus scans with NOD32, but lately the error message ' avredirector has stopped working' keeps on popping up. So i found the file and tried to delete it but to no avail. Then I used NOD32 to quarintine it ( not sure if i spelt it right ) to no avail. Please help I think it may be a trojan, cuz i searched on google and it said it was a trojan. SOS!

    DragonMaster Jay

    • Malware Removal Specialist


    • Specialist

      Thanked: 119
      • SecuraGeek Forums
    • Experience: Beginner
    • OS: Windows XP
    Re: SOS avredirector
    « Reply #1 on: March 26, 2010, 08:43:22 PM »
    Please download ComboFix from BleepingComputer.com

    Alternate link: GeeksToGo.com

    Alternate link: Forospyware.com


    Rename ComboFix.exe to commy.exe before you save it to your Desktop
    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
    • Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
    • When finished, it shall produce a log for you.  Please include the contents of C:\ComboFix.txt in your next reply.

    kirbyfan2000

      Topic Starter


      Newbie

      Re: SOS avredirector
      « Reply #2 on: March 27, 2010, 03:31:25 AM »
      When I run combofix, it says OS is incompatible. Maybe it's because I'm using Windows Vista 64 bit?

      DragonMaster Jay

      • Malware Removal Specialist


      • Specialist

        Thanked: 119
        • SecuraGeek Forums
      • Experience: Beginner
      • OS: Windows XP
      Re: SOS avredirector
      « Reply #3 on: March 27, 2010, 06:30:55 AM »
      That's it.

      Download OTL  to your Desktop
      • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
      • Under the Custom Scan box paste this in
      %systemroot%\*. /mp /s
      %systemroot%\system32\*.dll /lockedfiles
      %systemroot%\system32\*.exe /lockedfiles
      %systemroot%\Tasks\*.job /lockedfiles
      %systemroot%\system32\drivers\*.sys /lockedfiles
      %systemroot%\System32\config\*.sav
      %SYSTEMDRIVE%\*.*
      %PROGRAMFILES%\*.
      netsvcs
      msconfig
      safebootminimal
      safebootnetwork
      activex
      drivers32
      /md5start
      eventlog.dll
      scecli.dll
      netlogon.dll
      cngaudit.dll
      sceclt.dll
      ntelogon.dll
      logevent.dll
      iaStor.sys
      nvstor.sys
      atapi.sys
      IdeChnDr.sys
      viasraid.sys
      AGP440.sys
      vaxscsi.sys
      nvatabus.sys
      viamraid.sys
      nvata.sys
      nvgts.sys
      iastorv.sys
      ViPrt.sys
      eNetHook.dll
      ahcix86.sys
      KR10N.sys
      nvstor32.sys
      ahcix86s.sys
      nvrd32.sys
      symmpi.sys
      adp3132.sys
      mv61xx.sys
      /md5stop
      CREATERESTOREPOINT
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs


      • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
        • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
        • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time