Status
Not open for further replies.
Infection date and initial symptoms
Few weeks ago. Some pages were redirected via many mostly chinese pages to pages with chinese recipes. It was possible to go back to originally required page.
Current issues and symptoms
Instead of chinese recipes blank pages occurs after redirections. No possible way back to see required page.
Avast antivirus doesnt run and cannot be started. (I dont know, if it is caused by malware problem)
Steps taken in order to remove the infection
I tried to fix it with Kaspersky rescue usb. Almost no effect (for a while it returned to recipes, then again got worse - blank pages)

smudla

New Member
Router model is TP-LINK TL WR 543G. I have access to its settings. I tried to reboot it, changed username, changed password, changed SSID. (Nothing have fixed the redirection problem). But for some reason, I cannot reset it via reset button.
 

smudla

New Member
I reset the router to factory settings and connected to net again. Redirection continues.
Then I installed AVG instead of unfunctional Avast. AVG is able to stop the redirections, but everytime shows information about finding a threat, so the problem is not really fixed. Now I'm going to run AVG scan of the computer.
AVG finds virus in following object: js.users.51.la/2771713.js?_=1452465166279
 

smudla

New Member
AVG warning occurs while the page (which is beeing redirected), is uploading. AVG stops the redirection, shows warning and the right page is open.
 

smudla

New Member
Almost every http page in Firefox and Chrome. For example kaspersky.com, csfd.cz and others that I tried. It is not strictly regular, but these pages were redirected almost everytime. AVG it stops now. In both mentioned browsers. At this time, redirection does not occur in IE.
 

TwinHeadedEagle

Removal Expert
Staff member
Verified
Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.
  • Right-click on
    icon and select
    Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please include their content into your next reply.
 

smudla

New Member
I am sending new logfiles from Farbar.
Current behavior in Firefox is this: when first http (not https) page is loading, it is redirected to page with chinese recipe and at the same time appears AVG warning about finding virus JS/Redir and healing it. It is possible to go back.
Next pages are then loaded correctly, but everytime AWG warning appears.
 

TwinHeadedEagle

Removal Expert
Staff member
Verified
Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.

Running it on another one may cause damage and render the system unstable.

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on
    icon and select
    Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please attach it to your reply.
 

Attachments

smudla

New Member
It seems to be OK now!
Since restart after Farbar fixing, CPU is used for about 60% by trustedinstaller or svchost. I know it has something to do with Windows update. Is its higher activity caused by fixing my malware problem?
 

Attachments

TwinHeadedEagle

Removal Expert
Staff member
Verified
Yes, I think so. You must understand that your PC is probably 7-8 years old and you'll see a lot of CPU usage with modern apps and operating systems.
 
Status
Not open for further replies.