Redirection! Can't get rid of

[techlabco]

Dealing with a system that was infected with Antivirus GT. I have removed the infection but the last thing I have left is a dman redirector that when a url is input...a red box pops up with a generic figure of a traffic cop that says your "connection has been cancelled as you are being redirected to a malicious website. You need to activate your anti-spyware by clicking "Fix Now".
Below the message it says "Fix Now" or "Continue to Website". Of course I am not gonna click any.
I have run SpyBot, Malwarebytes, Avast, Spyware Doctor and Ad-Aware in attempts to find this little rascal. I am about to go with ComboFix...

Does anyone have any suggestions? I have researched the net for this problem but there is not alot out there!

Any help would be greatly appreciated!

 

[techlabco]

OH...and I have checked all the HOST files--nothing out of ordinary, except for what Spybot inserted...

 

[Appleby]

I haven't seen that exact thing but I've had some difficult redirectors recently. I would suggest UnHackMe. It has seemed to do the trick for me.

 

[Martyn]

Proxy set on your browser?

 

[iisjman07]

It's probably a rootkit, in the last couple of months there have been many redirections caused by rootkits. I recommend GMER

 

[techlabco]

Thanks guys...I am looking into these right now. Will Remote in to clients PC in morning. Arr...this thing is ridiculous! I will let you know if it works!

 

[techlabco]

btw, there are no proxies...I checked, like, 10 times...driving me nuts

 

[sieow13]

One area in addition to checking for rootkits, is to ensure the DNS values on the modem/router isn't changed.

 

[lciavarella]

Microsoft Malicious Removal Tool

Had something similar and ran all the software you have, what finally did the trick was Microsofts Malicious Removal Tool. Make sure it is up to date. I ran a full scan and the redirection stopped.


Hope that helps
lciavarella

 

[computerdoc]

I had a similar problem and I used ComboFix to clean it up.

Use ComboFix with caution. Don't interrupt it or there could be problems.

 

[commodore64]

Maybe try TDSSKiler by kaspersky, combofix, gmer, and run a quick hitman pro scan. Anyone of those may help you.

 

[trapped]

I found a MBR rootkit with Antivirus GT. Used TDSSKiller to repair it.

 

[vontreigo]

it is in the MBR i have had two come in the other day.

tdsskiller and run a mbrfix the only way I found to kill it was to then reload os

 

[techlabco]

guys...about to remote into clients computer...gonna see what happens....gonna use 1. TDSSKiller and then after that...well, we will see!! wish me luck!