Click.GiftLoad ... ugh.

[battousai]

Great site here... kudos to all the volunteers!

I am also having problems with ths nasty Click.GiftLoad problem.
Everytime I reboot and rerun Spybot, it's always catching it. And
yes, I'm getting web page redirects as well.

I can't seem to upload or post from my infected computer, so I'm typing this from my work computer (had the email the DDS file to myself) as I'm getting a time out connection error on my infected computer when posting to this site... I also ran TDSSKiller yesterday, but that came up empty as it could not find anything.

I appreciate any assistance that can be provided.

Thanks in advance!

[shelf life]

hi,

Based on the log you really shouldnt be using the machine. It also should have no connectivity, if your not sure how to stop this you should power it off. Just because your getting a time out dosnt mean there is no connectivity going on.

You have a rootkit on your machine. They hide malicious files and components from traditional antivirus/antimalware software. Rootkits bury themselves deep in the operating system. Special software is needed to detect and remove them. Even if symptoms are gone and logs are clean its still not a 100% guarantee that your machine is clean once a rootkit has been detected and removed. You should consider a complete reformat/reinstall of Windows as an option.

The best source for information on how to do this would be the computer manufacturers website.

To manually clean up the computer with current utilities proceed as follows:

We will get a download to use.Its called combofix. There is a guide to read first, read through the guide on another machine if you have to then apply the directions on your own machine. See if you can actually get to the link to download it directly onto the compromised machine.
1) run combofix and post the log
2) run tdsskiller again and post its log

Guide to using Combofix

[battousai]

Thank you very much for responding... I have had the computer disconnected (basically pulled the ethernet cable) the past few days except for downloading potential antivirus scan/tools such as HIjackThis, aswMBR, ATF-Cleaner, OTL, ComboFix, TDSSKiller and the suite of sysinternal apps. The only other time my computer was connected is the few minutes a day to email my logs to my work address so I can log onto this forum here to post from work.

Here is the ComboFix and TDSS logs (TDSS did not find anything). Note, becasue my computer was disconnected when I ran ComboFix, it did not download the Recovery Console, but it did continue on. Also ran MBAM and Spybot afterwards just to see if it could find and viruses... MBAM turned up empty and Spybot again found Click.Giftload.

I also ran DDS to see what it would say and it also still thinks there is a Rootkit.

Thank you.

[shelf life]

thanks for the info. Please post the DDS log. Also go here. See step number 8 on how to get a Gmer log posted.

[battousai]

Thank you...

An interesting thing about GMER... it wanted to unclick all non-system partitions and drives... is it possible that the problem can hide in a non-system partition or drive? Just wanted to validate that.

I know the ultimate last resort down the line is to format the drive, but I was wondering if it came down to that, would formatting the system partition be enough? Any thoughts?

I will provide the logs tonight when I get home from work...

Thanks again!

[battousai]

Thank you...

An interesting thing about GMER... it wanted to unclick all non-system partitions and drives... is it possible that the problem can hide in a non-system partition or drive? Just wanted to validate that.

I know the ultimate last resort down the line is to format the drive, but I was wondering if it came down to that, would formatting the system partition be enough? Any thoughts?

I will provide the logs tonight when I get home from work...

Thanks again!

That should read - "An interesting thing about the GMER instructions"....