link getting redirected ? virus ?

[prince76]

Alright, i'll provide you with some steps.

Open notepad, and type this in:

Code:

tasklist > out_log.txt

Save as .bat, and run this file. Then provide me with the out_log.txt file contents that get produced.

Image Name PID Session Name Session# Mem Usage
========================= ======== ================ =========== ============
System Idle Process 0 Services 0 24 K
System 4 Services 0 1,412 K
smss.exe 332 Services 0 816 K
csrss.exe 428 Services 0 5,556 K
wininit.exe 496 Services 0 4,480 K
csrss.exe 508 Console 1 13,460 K
services.exe 556 Services 0 8,308 K
lsass.exe 576 Services 0 9,172 K
lsm.exe 584 Services 0 2,980 K
winlogon.exe 664 Console 1 6,104 K
svchost.exe 732 Services 0 6,612 K
svchost.exe 808 Services 0 5,752 K
svchost.exe 908 Services 0 11,764 K
svchost.exe 948 Services 0 90,012 K
svchost.exe 980 Services 0 22,456 K
svchost.exe 1112 Services 0 8,208 K
SbieSvc.exe 1272 Services 0 3,000 K
svchost.exe 1380 Services 0 12,840 K
spoolsv.exe 1528 Services 0 9,308 K
svchost.exe 1556 Services 0 8,760 K
taskhost.exe 1772 Console 1 12,124 K
ekrn.exe 1784 Services 0 93,444 K
dwm.exe 1828 Console 1 58,348 K
openvpnas.exe 1896 Services 0 7,468 K
hsssrv.exe 2008 Services 0 8,452 K
hsswd.exe 256 Services 0 5,784 K
svchost.exe 548 Services 0 4,124 K
YahooAUService.exe 824 Services 0 5,932 K
explorer.exe 1296 Console 1 72,508 K
jusched.exe 2216 Console 1 3,592 K
bdagent.exe 2232 Console 1 7,248 K
egui.exe 2432 Console 1 18,076 K
netsession_win.exe 2748 Console 1 8,024 K
IDMan.exe 2788 Console 1 17,996 K
netsession_win.exe 2804 Console 1 12,868 K
IEMonitor.exe 3284 Console 1 5,352 K
svchost.exe 3712 Services 0 7,656 K
svchost.exe 1680 Services 0 24,232 K
svchost.exe 832 Services 0 2,828 K
openvpntray.exe 2772 Console 1 7,736 K
firefox.exe 1656 Console 1 344,064 K
notepad.exe 1620 Console 1 5,384 K
notepad.exe 3860 Console 1 7,532 K
plugin-container.exe 1008 Console 1 104,636 K
audiodg.exe 3128 Services 0 13,860 K
AcroRd32Info.exe 700 Console 1 13,488 K
WmiPrvSE.exe 4044 Services 0 5,340 K
cmd.exe 2724 Console 1 2,432 K
conhost.exe 1728 Console 1 5,220 K
tasklist.exe 3880 Console 1 4,188 K

[AceInfinity]

Open up TaskManager by going to your start menu and typing in "tskmgr.exe" then hit enter. In here, right click on the process with the name:

"idman.exe" and choose to "End Process" to kill it.

Navigate to these 2 files, and remove them from your system, make sure you delete these files ONLY.

Code:

%Windows%\system32\consrv.dll

Code:

%Windows%\system32\DRIVERS\mrxsmb.sys

To navigate to these locations easier, you can open the Run command as I showed you before, copy and paste one into the Run command, hit enter, remove the file, then do the same with the next one. Make sure both these files get deleted permanently from your machine if they exist.

Next step: Create a system restore point, if you don't know how to do that, go into your start menu and type in System Restore, start that program up, and the rest should be easy to follow, "Create Restore Point".

Then save this content to a file of any name with the extension ".reg", double click it, merge into the registry:

Code:

Windows Registry Editor Version 5.00

[-HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\System Index\Crawls\ll@IsCatalogLevel 0]

This virus creates registry entries to allow persistence.

On a last note, if we get this solved, DO NOT RUN MORE THAN ONE ANTIVIRUS AT THE SAME TIME. I noticed that you have BOTH ESET, and Bitdefender on your PC. Only have one, realtime Antivirus with an autoscanner.

[prince76]

Open up TaskManager by going to your start menu and typing in "tskmgr.exe" then hit enter. In here, right click on the process with the name:

"idman.exe" and choose to "End Process" to kill it.

Navigate to these 2 files, and remove them from your system, make sure you delete these files ONLY.

Code:

%Windows%\system32\consrv.dll

Code:

%Windows%\system32\DRIVERS\mrxsmb.sys

To navigate to these locations easier, you can open the Run command as I showed you before, copy and paste one into the Run command, hit enter, remove the file, then do the same with the next one. Make sure both these files get deleted permanently from your machine if they exist.

Next step: Create a system restore point, if you don't know how to do that, go into your start menu and type in System Restore, start that program up, and the rest should be easy to follow, "Create Restore Point".

Then save this content to a file of any name with the extension ".reg", double click it, merge into the registry:

Code:

Windows Registry Editor Version 5.00

[-HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\System Index\Crawls\ll@IsCatalogLevel 0]

This virus creates registry entries to allow persistence.

On a last note, if we get this solved, DO NOT RUN MORE THAN ONE ANTIVIRUS AT THE SAME TIME. I noticed that you have BOTH ESET, and Bitdefender on your PC. Only have one, realtime Antivirus with an autoscanner.

bro , i killed dat process " idman.exe" , then i copied dat stuff and tried several times but it says " the file does not exist , make sure u typed correctly ", and i was unable to remove my bitdefender , doing it right now in the safe mode , but i use eset nod32 and malware bytes . is it f9 using these two ??

[AceInfinity]

bro , i killed dat process " idman.exe" , then i copied dat stuff and tried several times but it says " the file does not exist , make sure u typed correctly ", and i was unable to remove my bitdefender , doing it right now in the safe mode , but i use eset nod32 and malware bytes . is it f9 using these two ??

Is if F9 using those two? "fine?"

Yeah, ESET is a realtime scanner, and Malware bytes is just a scanner. Just don't have 2 AV's or programs for security that run and do realtime checks at the same time.

Have you tried locating them manually then?

Most likely in C:\

C:\Windows\system32\DRIVERS\mrxsmb.sys
C:\Windows\system32\DRIVERS\consrv.dll

Btw. STAY in Safe mode, it's much better to keep in Safe Mode when removing viruses, as it potentially disables some of the threat that it has with persistence.

If they don't exist they might have hidden attributes on them. Go into your start menu, type "Folder Options"

In here find the option that says "Hide Files and Folders" and make sure that the one with "Show hidden files, folder and drives" is checked under that title. Then try looking for these files again.

[prince76]

Is if F9 using those two? "fine?"

Yeah, ESET is a realtime scanner, and Malware bytes is just a scanner. Just don't have 2 AV's or programs for security that run and do realtime checks at the same time.

Have you tried locating them manually then?

Most likely in C:\

C:\Windows\system32\DRIVERS\mrxsmb.sys
C:\Windows\system32\DRIVERS\consrv.dll

Btw. STAY in Safe mode, it's much better to keep in Safe Mode when removing viruses, as it potentially disables some of the threat that it has with persistence.

If they don't exist they might have hidden attributes on them. Go into your start menu, type "Folder Options"

In here find the option that says "Hide Files and Folders" and make sure that the one with "Show hidden files, folder and drives" is checked under that title. Then try looking for these files again.

yeah f9 means fine and i have all hidden files shown , and i tried searching manually but still it says dat same option ,

[AceInfinity]

F9 for me means the function key F9.. lol

and i tried searching manually but still it says dat same option

What do you mean, if you navigate to that location through explorer it shouldn't say anything :huH:

The directory/folder just won't exist. What about the registry file? And did you create a restore point like I suggested?

[prince76]

F9 for me means the function key F9.. lol

What do you mean, if you navigate to that location through explorer it shouldn't say anything :huH:

The directory/folder just won't exist. What about the registry file? And did you create a restore point like I suggested?

lol bro it said d same thing , dat is "windows can not find , make sure you have spelled it right " :O and bro iam unable to do what you are saying about registry as wen i clicked on "create a system restore point " type a description to help you identify the restore point " what i have to put here? and an empty text file is to be created ??

[AceInfinity]

I mean clicking on a folder one by one to navigate to the location i've showed you. It shouldn't show you any errors because you're not typing the address in. Locate it manually, don't use the Run command to find it if it can't find it's location. See if you can find it manually.

You name your system restore point, so that you know that it's your own created restore point, nothing gets created, it creates a restore point saved on your system, you don't manage any of that.

[prince76]

I mean clicking on a folder one by one to navigate to the location i've showed you. It shouldn't show you any errors because you're not typing the address in. Locate it manually, don't use the Run command to find it if it can't find it's location. See if you can find it manually.

You name your system restore point, so that you know that it's your own created restore point, nothing gets created, it creates a restore point saved on your system, you don't manage any of that.

oh . u mean i can right my name "prince " or any other thing . . on dat desc of restore point ? and bro how to merge dat file into registry , what exactly have 2 be done please say ! nd sorry if iam damn irritating u

[AceInfinity]

Yeah, just name it whatever, it doesn't matter as long as you create one.

I posted instructions on how to do so, read my earlier posts, first make the registry file though by opening a text file, adding in the contents i've shown, and changing the file extension to .reg

Double click the file and it should ask if you want to merge with the registry, click ok