Computer Hope

Software => Computer viruses and spyware => Virus and spyware removal => Topic started by: kirbyfan2000 on March 25, 2010, 11:26:46 PM

Title: SOS avredirector
Post by: kirbyfan2000 on March 25, 2010, 11:26:46 PM

I need help with this thing. It was included in the installation of 'hide the ip'. I didn't suspect anything at first thanks to regular virus scans with NOD32, but lately the error message ' avredirector has stopped working' keeps on popping up. So i found the file and tried to delete it but to no avail. Then I used NOD32 to quarintine it ( not sure if i spelt it right ) to no avail. Please help I think it may be a trojan, cuz i searched on google and it said it was a trojan. SOS!

Title: Re: SOS avredirector
Post by: Dr Jay on March 26, 2010, 08:43:22 PM

Please download ComboFix (http://img7.imageshack.us/img7/4930/combofix.gif) from BleepingComputer.com (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)

Alternate link: GeeksToGo.com (http://subs.geekstogo.com/ComboFix.exe)

Alternate link: Forospyware.com (http://www.forospyware.com/sUBs/ComboFix.exe)


Rename ComboFix.exe to commy.exe before you save it to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here (http://www.bleepingcomputer.com/forums/topic114351.html)
  
• Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
• When finished, it shall produce a log for you.  Please include the contents of C:\ComboFix.txt in your next reply.

Title: Re: SOS avredirector
Post by: kirbyfan2000 on March 27, 2010, 03:31:25 AM

When I run combofix, it says OS is incompatible. Maybe it's because I'm using Windows Vista 64 bit?

Title: Re: SOS avredirector
Post by: Dr Jay on March 27, 2010, 06:30:55 AM

That's it.

Download OTL (http://oldtimer.geekstogo.com/OTL.exe)  to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Under the Custom Scan box paste this in

%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\*.exe /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%SYSTEMDRIVE%\*.*
%PROGRAMFILES%\*.
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
/md5stop
CREATERESTOREPOINT
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time