Computer Support Forum

malware: google yahoo redirect and can't launch malware removal software

Question: malware: google yahoo redirect and can't launch malware removal software

Hi,

I am the IT manager in my company.

I have a co-worker, his computer has search redirect issue. That means most likely it has malware.
Then i installed some major malware removal: Spybot Search & Destroy, SUPERAntiSpyware, Malwarebytes

After i installed them, i cannot launch them(That definitely means it has some kind of malwares)
I needed to rename their .exe files, after i can run them and scan my computer.

SUPERAntiSpyware, Malwarebytes found something, but didn't solve the problem, search redirect and
blocking malware removal software are still there. Now i am running Spybot Search & Destroy will see what happened.

By the way, i run them in safe mode because when i logon window to normal mode, it is slow (like it takes a long time to explore hard drive, etc). I suspect the malware slow down my pc. hopefully not registry corrupted or something, but works smoothly in safe mode.

So you guys have any suggestions? or you need a log file from combofix?

Please advise,
Tommy

Relevance 100%
Preferred Solution: malware: google yahoo redirect and can't launch malware removal software

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: malware: google yahoo redirect and can't launch malware removal software

Try this:http://www.bleepingcomputer.com/virus-remo...sing-tdsskiller

5 more replies
Relevance 100.04%

I need help removing a yahoo search redirect/hijack malware from my computer. When I enter search terms, appropriate results appear, but upon clicking the links, junk/spam search sites appear instead of the correct link.McAfee Security has issued warnings about an Artemis trojan, though I don't know if this is the same virus/malware that it causing the problem.As instructed by the preparation guide, here is the DDS log and attached are attach.txt and ark.txt.DDS log:DDS (Ver_10-03-17.01) - NTFSx86 Run by Admin at 14:32:14.42 on Wed 07/21/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1450 [GMT -7:00]AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exesvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exeC:\WINDOWS\system32\CTsvcCDA.exeC:&... Read more

Answer:yahoo search redirect/hijack malware removal

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEmsconfigsafebootminimalactivexdrivers32netsvcs%SYSTEMDRIVE%\*.exe/md5st... Read more

14 more replies
Relevance 99.63%

Hi there,I am a new user. I am running Windows 7 Home (64 bit) on my laptop and I have an issue where any link I click on either Google/Yahoo takes me somewhere else. I have done various scans with McAfee and Malwarebytes but nothing is found. I have checked my hosts file and cannot see anything wrong with it. Please help! My HijackThis log is pasted. Please Help!Logfile of Trend Micro HijackThis v2.0.4Scan saved at 12:59:43, on 06/10/2011Platform: Windows 7 SP1 (WinNT 6.00.3505)MSIE: Internet Explorer v9.00 (9.00.8112.16421)Boot mode: NormalRunning processes:C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exeC:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exeC:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Windows\SysWOW64\RunDll32.exeC:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exeC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files\Sony\VAIO Care\listener.exeC:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exeC:\Windows\SysWOW64\DllHost.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.eu/vaioportalR1 - HKCU\Software&... Read more

Answer:Google/Yahoo Redirect malware

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the r... Read more

3 more replies
Relevance 99.63%

I have been fighting with this one for 3 days now. Searched and tried all the following.

Symptons:

1. Antivirus programs disabled.
2. System restore disabled.
3. redirects from all search engines.

I did a manual system restore from recovery console to the last date I was not infected. Now I was able to install AVG, and norton and Malwarebytes. Ran all but still the redirects. Replaced apati.sys, from another computer, and a few other files that I have read maybe infected from other forums.

I have used the following programs to no avail

1. Avg 9.0
2. Norton anti virus 2010
3. Malwarebytes
4. combofix
5. MGtools


I am attaching logs.

Thank you in advance for your help.
 

Answer:google, yahoo,... redirect malware

I also went into recovery console and did a fixmbr, but still redirects
 

3 more replies
Relevance 98.81%

Hello, when I search with Yahoo the links I click on take me to result.yahoo.ca and then redirects. If I click back and then try again I get my destination fine. Google is also bad. I have run Malwarebytes and a host of others,..all to no end.I have run these programs with log files and was told to post here.Thanks you for your help in advance.GooredFix by jpshortstuff (08.01.10.1)Log created at 06:26 on 10/06/2010 (Grigo68)Firefox version [Unable to determine]========== GooredScan ==================== GooredLog ==========C:\Program Files\Mozilla Firefox\extensions\(none)[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions](none)-=E.O.F=-GMER 1.0.15.15281 - http://www.gmer.netRootkit scan 2010-06-10 06:33:59Windows 6.1.7600 Running: 2gqvgqfd.exe; Driver: C:\Users\Grigo68\AppData\Local\Temp\ugroqpod.sys---- System - GMER 1.0.15 ----INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E2AAF8INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E2A104INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E2A3F4INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E132D8INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft ... Read more

Answer:Google Yahoo redirect malware/virus - please help!

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you let... Read more

14 more replies
Relevance 98.81%

like many others here i seem to have the redirect virus from yahoo, google, etc. additionally, i am unable to make any updates to windows or malwarebytes. if i run malwarebytes it will usually scan to about 21,000 files and then goes to a blues screen, saying DRIVER IRQL NOT LESS OR EQUAL, upon restart everything appears to work normally but continues to redirect. when i attempt to update malwarebytes i get the 732 error message. i have followed the instructions to fix this from another thread but it did not work. i also have access to another uninfected computer and downloaded a "clean" version of malwarebytes, installed it to the infected computer but it will still not update and the computer goes to blue screen after scanning for several minutes. after examining another related thread i also looked into the device manager for a suspect file but going through control panel>system>hardware>device manager>view>show hidden devices. within that there is an exclamation mark in yellow next to the entry DS1410D. i disabled this, rebooted, and tried to update malwarebytes but it did nothing. i have only tried these things in an attempt to solve this problem on my own and save some time for all the helpful people here and not to circumvent the rules of this community. but it seems that i do not have the skills to do this. thanks so much and i hope to speak with someone soon.i use the following programs that might pertain to this issu... Read more

Answer:redirect from yahoo/google can't update or run malware

could anyone help me with this? i aplogize for bumping but i gotten no responses after 7days. thanks again.

28 more replies
Relevance 97.58%

Hello,

I would appreciate you guys if you can take a look at this logs from malwarebytes and hijackthis. I keep scanning with malware bytes and keep getting the same infections after removing and restarting.

Thanks for all your help.

Answer:Search engines (google, yahoo etc.) redirect - possible malware

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 97.17%

I've already tried Avira AntiVir Scanning, Malware Anti-Bytes, Ad-Aware, Windows Defender, CCleaner and SUPERAntiSpyware. All programs have removed some stuff but I still have the OVERCLICK.CN redirect whenever I do a GOOGLE search. So here is my last plead for help otherwise I'll have to reformatHere is my HIJACK LOG:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:33:58 AM, on 6/24/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Avira\AntiVir Desktop\sched.exeC:\Program Files\Avira\AntiVir Desktop\avguard.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Java ... Read more

Answer:Google Redirect Malware Removal - HELP!

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 97.17%

Hi, this is my 1st time on this site so apologies if I don't follow the correct protocol. I was hit by the Google redirect malware and followed the full procedure listed in the Malware removal support forum.
I no longer get the redirects to various search websites, but I want to be sure the various software I installed and ran has now fully solved the problem.
I attach 4 of my files and hope someone can analyse them and confirm this is the case. I guess I just send the 5th file in a reply to this post?
Regards, Ric
 

Answer:Malware Removal - Google Redirect

And here is the 5th log
 

8 more replies
Relevance 97.17%

I am having trouble removing what i believe is a malware issue. Every link i click on in google and a couple other search sites redirect me to shopping sites. Anti-malware bites cannot seem to locate it. also running vipre and that also cannot seem to find it. Any suggestions? Thank you in advance for help with my first post.

Answer:google redirect malware removal

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic and do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for postin... Read more

2 more replies
Relevance 97.17%

GreetingsThe darn Google redirect virus has infected one of my computers! Just capping off a good week when I had a catastrophic card failure fried that a cpu! My son is the primary user of this computer so it has games AOL and lots of other junk.I did find the TSSD virus and removed it from the start up menu but the virus is still live. Typing incomplete addresses (missing .net, .com etc) into Firefox or Explorer results in Yahoo search engine starting, I though this was a function of the AVG toolbar configuration but it may not be. I also get an apparent false AVG trojan virus's found pop up. AVG is used along with SpyBot. I've since added superAntiSpyware and MalwareBytes and cleaned out a lot of adware features.If there wasn't a lot of kids stuff I'd probably just blow it away and reinstall.ThanksTonyAnyway, the DDS.txt and GMER results followDDS (Ver_10-03-17.01) - NTFSx86 Run by Anthony at 17:37:40.12 on Wed 05/26/2010Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_16Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1146 [GMT -4:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exe... Read more

Answer:Malware Removal - Google redirect? and others?

Hi Tony I know how you feel......it's maddening. Please disable Spybot and leave it disabled until we're finished, as it tends to interfere with the necessary changes we're going to make.Go to this page and Download TDSSKiller.zip to your Desktop.Extract its contents to your desktop and drag TDSSKiller.exe on the desktop, not in the folder.Vista Start logo >All Programs> Accessories> RIGHT-click on Command Prompt and Select Run As Administrator. Copy/paste the following bolded command and hit Enter."%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -vIf TDSSKiller alerts you that the system needs to reboot, please consent.When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.Thanks,teaI'm going to close your other thread.

2 more replies
Relevance 97.17%

Hello,

I'm dealing with heavy search redirect symptoms, I have no idea how to deal with this, and I would really appreciate any help I can get.

Thanks in advance!
DDS (Ver_10-12-12.02) - NTFSx86
Run by user at 18:06:05.34 on Mon 02/14/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1431 [GMT -5:00]

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\... Read more

Answer:google redirect malware removal

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!These instru... Read more

16 more replies
Relevance 97.17%

I know this is a super common thread, but i really need someone to work with me 1 on 1 to rid this malware from my pc once and for all!
The usual description here... Searching anything in google is hijacked to an other site.
Any help would be appreciated

Mitch barker

More replies
Relevance 97.17%

I am getting redirected from google to unwanted sites.. my computer has gotten sluggish also. I have uploaded logs, hope you can see the problem.. I have had no luck

Answer:google redirect malware removal help

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

3 more replies
Relevance 97.17%

Hi,

I've recently been having a lot of trouble with various google redirect malware. I tried to use Malwarebytes Anti-Malware but it is to no avail. I was just wondering if anyone could please help me sort of this issue.

Thanks

Answer:Removal of Google Redirect Malware

Please follow these instructions:

http://www.bleepingcomputer.com/forums/topic34773.html

1 more replies
Relevance 97.17%

Hi guys, Any help with this would be greatly appreciated. My work computer has a case of the google redirect malware/adware that is cropping up all over lately. The "virus" will cause google searches to be redirected to alternate pages or search engines. Another thing I have noticed is that most pages that run 'Ads by google' are also replaced with malware links, like "STOPZILLA" etc. I also have about 50+ processes running, not sure how many are malicious. Another odd thing is that the computer seems to be stalling Malwarebytes antumalware (eg. click it and it wont run).I have run hijackthis and here is the log from that: Logfile of Trend Micro HijackThis v2.0.4Scan saved at 12:49:29 PM, on 9/23/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Symantec Client Security\Symantec AntiVirus\Smc.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\hkcmd.exeC:\Program Files\Common Files\Apple\Mobile Device Suppor... Read more

Answer:Help with Malware Removal - Google Redirect

Hello systemtool,Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Since this is a work computer, do you have a IT dept? ************Download Security Check by screen317 from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt.Please post the contents of that document. ************We need to run GMER for rootkits. If you having trouble running GMER, try running it in the Safe Mode. QUOTEHow to Reboot into Safe Mode tap F8 key during reboot, until the boot menu appears...use the arrow keys to choose "Safe Mode" from the menu......,then press the "Enter" key.Please download GMER from one of the following locations, and save it to your desktop: Main Mirror This version will download a randomly named file (Recommended) Zip Mirror This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop. Close any and all open programs, as this process may crash your computer. Double click or on your desktop. Allow the gmer.sys driver to load if asked. You may see this window. If you do, click No. Click on and wait for the scan to finish. **********Please download RKill by Grinler from one of the 4 links below and save it to your desktopLink #1Link #2Link #3L... Read more

2 more replies
Relevance 97.17%

For the last couple of days, clicking a google search result usually displays an unrelated page. I've read about this malady on numerous forums and tried many remedies. Malwarebytes seems to have removed a few items, but it didn't fix the problem. The last thing i tried was combofix. Following directions I found at xdelbox.com, I used a CFScript.txt file with the following lines (which I think only eliminates the advanced virus remover virus anyway)

File::
c:\windows\system32\winupdate.exe
c:\windows\system32\winhelper.dll
c:\windows\system32\AVR09.exe
c:\Program Files\AdvancedVirusRemover\PAVRM.exe

I really hope the experts here can help me, or I'll have to learn how to use bing instead of google. Here's my DDS.txt (and many thanks in advance):
DDS (Ver_09-10-26.01) - NTFSx86
Run by Me at 21:05:37.10 on Thu 11/12/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.350 [GMT -10:00]

AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\EvtE... Read more

Answer:Google redirect malware -- need removal help

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.??If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine.??Please perform the following scan:Download DDS by sUBs from one of the following links.??Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool.??No input is needed, the scan is running.Notepad will open with the results.Follo... Read more

3 more replies
Relevance 96.35%

Error 404 Redirect on Google.com after malware removalProblem:When attempting to access Google.com, the following error appears: Actual redirection does not occur and the issue can be intermittent. Discussion:This issue can occur when URL search hooks remain after malware removal that contains a hijacker payload has been removed. This can affect any browser, including Chrome, Firefox, Safari, etc. NOTE: If actual webpage redirection occurs, the system is still active and malware removal should continue instead of this process. Resolution:Remove the remaining URL search hook in Windows Registry. NOTE: Make a backup of the registry by clicking Filex, Export, and save the backup to whereever you wish. 1. Click Start. In the Search\Run box, type regedit and press <Enter>. Click Yes to the UAC prompt.2. Navigate to the following key: HKEY_LOCAL_MACHINE\Software\Microsoft\ Internet Explorer. Click on the URLSearchHooks key.3. In the right pane, right click each entry and choose Delete. The only entry that should remain is the Default value. 4. Close the Registry Editor. Restart the system.If the issue continues, then the system still has an active infection. Continue with malware removal processes.I see this one all the time, unfortunately. Thought I would share.

More replies
Relevance 96.35%

I am having an issue of being constantly redirected when trying to reach links in Google. This is from both Firefox (latest) and Chrome. Below is my DDS log file as well as the attached files as requested. Please help!!.DDS (Ver_11-03-05.01) - NTFSx86 Run by CAL at 11:14:23.62 on Tue 05/17/2011Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_25Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.3068.1996 [GMT -4:00].SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exeC:\Windows\system32\Ati2evxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\SLsvc.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\Ati2evxx.exeC:\Windows\RtkAudioService.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Program Files\Protector Suite QL\upeksvr.exeC:\Windows\System32\spoolsv.exeC:... Read more

Answer:Google Redirect Virus - Malware Removal

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator&#... Read more

2 more replies
Relevance 95.53%

Hello,

I am having a problem with being redirected in google and yahoo.

I also am unable to check for updates on Malware "Update failed. Make sure you are connected to the internet and your firewall is set to allow malwarebytes anti-malware to access the internt".
- My internet works.
- My firewall has Malwarebytes anti-malware on the exception list
I can run the quick scan and full scan and it shows no problems.
I CAN NOT update at all before I run them.

Some web pages will not connect at all.
- I cant get on any Microsoft page. I get the error page "Internet Explorer Cannot Display the Web Page"
- I can get on Malwarebytes web page. I get the error page "Internet Explorer Cannot Display the Web Page"
I am connected to the internet. It is as if this virus does NOT want me to get help!!!
- I also tried to download run the AVG Internet Security Free Version. It wont let me download it either. I get an error message.

HELP!!
Thanks so much,

Answer:Redirect Google & Yahoo, cant update windows or Malware. Cant open some web pages.

Hello, let's try to run either or both of theseIf you cannot use the Internet,you will need access to another computer that has a connection.From there save mbam-setup.exe to a flash,usb,jump drive or CD. Now transfer it to the infected machine, then install and run the program. If you cannot transfer to or install on the infected machine, try running the setup (installation) file directly from the flash drive or CD by double-clicking on mbam-setup.exe so it will install on the hard drive.***Manually Downloading Updates: Manually download them from HERE and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.DownloadFixExe.reg FixExe.reg Download RKill...., Some times several attempts are needed to kill the malwares before running MBAM.Please download Rkill by Grinler and save it to your desktop.Link 2Link 3Link 4Double-click on the Rkill desktop icon to run the tool.If using Vista, right-click on it and Run As Administrator.A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.If not, delete the file, then download and use the one provided in Link 2.If it does not work, repeat the process and attemp... Read more

13 more replies
Relevance 95.53%

i'm having increasing problems with my computer and am now sure i have some form of malware or viruses. i've had a constant popup where MSWord tries to install itself repeatedly, and i have to manually cancel multiple times when i start the computer. i was worried this was a virus, but when i searched about it i found this was related to windows installer. if i disable windows installer, it goes away.

however, for the past week i've started getting repeated popups saying that google update has encountered a problem and needs to close. i read on some forums that this was related to a google chrome installation. i don't remember if i've even installed google chrome-- but i can't find it on my computer to uninstall it. in the past few days i've started to be redirected to various ad sites when i search for things on google in firefox. i have avira antivirus, windows defender, have used windows malicious software removal tool, lavasoft adaware, and windows defender. all were coming up with no malicious software when scanned, but the problem persists. windows malicious software removal tool just finished a full scan and removed one infection, for an ad program it said would cause random popups, which i haven't had a problem with. i have tried repeatedly to install MBAM and hijack this, along with other tools. even after renaming, i had a lot of problems. MBAM would not open at first, then would partially install, then finally said it completed its installation, started to update... Read more

Answer:google update problem, google search redirect, can't install malware removal tools, stopzilla(?) reported infected by UACd,...

i might've misunderstood the DDS instructions on the tutorial on how to post about these things. i looked at a couple of other posts where people have posted their hijackthis logs. here's mine:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:57:42 PM, on 4/1/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16791)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\ctfmon.exeC:\Program Files\SiteAdvisor\6261\SiteAdv.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exeC:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\program files\common files\mcafee\mna\mcnasvc.... Read more

5 more replies
Relevance 95.12%

Hello,Today my computer was affected by a malware which redirects me to a search website which makes me install malicious programs, I manager to get rid of those programs by Spybot. But google searching sometimes redirect me to those website (about 1 out of 5 clicks). I scan my computer with Malwarebyte/Spybot in Safe Mode but I couldn't find anything. In addition, I cannot do windows updates, it keeps lagging and it doesn't response. Please help me fix this, I really need my computer to be safe soon before my school project presentation. I only have DDS report, GMER doesn't work for me (keep crashing with blue screen). Thanks in advance. UPDATE 1: I get redirected even not using google! Sometimes I browse around websites and then bring me to those malicious sites!Update 2: Here's what I got from AVG virus scan:"C:\Windows\System32\wuauclt.exe (5388):\memory_00010000";"Trojan horse Agent_r.XJ";"Object is inaccessible.""C:\Windows\System32\wuauclt.exe (5388)";"Trojan horse Agent_r.XJ";"""C:\Windows\explorer.exe (1060):\memory_00010000";"Trojan horse Agent_r.XJ";"Object is inaccessible.""C:\Windows\explorer.exe (1060)";"Trojan horse Agent_r.XJ";""DDS (Ver_11-03-05.01) - NTFSx86 Run by Kenny Tang at 14:41:17.71 on 22/03/2011Internet Explorer: 8.0.6001.18999 BrowserJavaVersion: ... Read more

Answer:Google redirect malware residual after Spybot removal

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
Do not d... Read more

17 more replies
Relevance 95.12%

Like many of the other users on these forums, I too am having problems with my browser being redirected to a web page other than that which I had originally clicked (most often through google search links). I have attempted to diagnose a specific problem that is wrong with my pc, but I just don't know what it is. These pop ups seem to be more annoying than malicious, but I have a strong feeling that if I don't do anything soon the problem will get worse. The reason that I say this is because I tried to start my computer in safe mode and Windows refuses to boot properly (I was given an error message that told me that Windows failed to initialize in safe mode). I know that the problem is not SmitFraud because I have had experience with that before. As I stated, these pop-ups are the result of redirected google searches and are not happening when I am not browsing the web.

Some of the websites that I have been getting redirected to include:

green-insulation.net
zanuga.com
freewareplus.com
searchfindsite.com
innatpenn.com
search27.info.com
iwa-spain.com
mylocalhero.com
online-scaner-software.net
nyas.com

...and many, MANY more.

The only other clue that I have which might help to lead to a solution is that almost every single redirect site uses the same exact logo on the browser tab next to the name of the website. I have attached a small .jpg file which shows the logo that I am speaking about. (a second logo of a wire frame green sphere appears less often but still of... Read more

Answer:malware removal request : google redirect problem

hi dgwozdz,

Sorry for the delay. If you still need help with the redirects simply reply to my post.

11 more replies
Relevance 95.12%

I had a Google redirect problem that I employed Avast, Avira, Malwarebytes, Adaware, and Hack(something)500.exe that finally seemed to fix the problem. I also downloaded HJT and found some other issues that I tried to clean up as best I could. The only issues I can see from the log is two entries for missing files. Can someone take a look at my log and tell me if they see any other issues I need to address. The removal process and research about what went wrong has taken me most of the day and I would just like to make sure I haven't missed anything. Thanks for your time.

I am running fully updated XP Pro SP3 and Avira AntiVir Personal.
 

Answer:Post Google redirect malware removal check

Welcome to Major Geeks!

Please read ALL of this message including the notes before doing anything.

Pleases follow the instructions in the below link:

READ & RUN ME FIRST. Malware Removal Guide
and attach the requested logs when you finish these instructions.
**** If something does not run, write down the info to explain to us later but keep on going. ****
Do not assume that because one step does not work that they all will not. MGtools will frequently run even when all other tools will not.

After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
Helpful Notes:

If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware and Malwarebytes ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
If you cannot seem to login to an infected user account, try using a differe... Read more

1 more replies
Relevance 95.12%

After I followed some instructions to remove the system diagnosis malware, some others remained and I don't know how to remove them.
I followed the instructions on pasting the DDS log, but had a problem with gmer.exe. When I opened gmer.exe, I was only allowed to check some of the settings, I can only check services, registry, files and ADS.

DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.3.1
Run by Yongbin at 17:58:05 on 2012-09-14
Microsoft Windows 7 Home Premium 6.1.7601.1.936.86.1033.18.3835.2614 [GMT -7:00]
.
AV: 360杀毒 *Disabled/Updated* {A0FD413B-F662-C08C-7B21-F57CED225A55}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Program Files (x86)\360\360Safe\deepscan\Zh... Read more

Answer:Malware removal leftover (google redirect and sound ads)

I forgot to mention, there are some chinese programs in that DDS list. I looked over it and the programs with Chinese characters are virus scan, firewall protection, Chinese character input, and video player.

46 more replies
Relevance 94.71%

Good Day,

My sister in laws laptop got a program called Live Security Platinum and she took it to a computer shop. They removed the program but the system keeps redirecting to random websites when searching on Yahoo, Google and MSN(Bing). The operating system is Windows Vista with Service Pack 2. The redirects are occuring in both Chrome and Internet Explorer. The browser will travel to the website in the search links but then forwards on to a random website. When I got it I figured it was a exploit of Java 6 so I removed older versions and install the lastest version from Sun/Oracle. Below is the DSS.com log and attached are the Attach and Gmer logs. When running GMER it did not provide me with the options to select from System all the way downs to Libraries. The only options were for Services, Registry, Files(with C drive, and ADS. There is a copy of ComboFix on the machine so I believe that was ran on this machine by the computer shop. I will await instructions on what to do next.

DDS (Ver_2012-10-14.05) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
Run by Owner at 9:25:53 on 2012-10-14
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.3934.1125 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
=======... Read more

Answer:Malware Live Security Platinum removed but now Google, Yahoo, Bing redirect

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top o... Read more

16 more replies
Relevance 94.3%

Hi,

I have been encountering some problems with my PC over the last few days. I am running eset NOD32 and it is blocking attempts to go to websites when i visit google, select google links, when using hotmail and using other search engines. Eset is doing its job, and preventing the redirect so i am able to continue on normally, but it has become consistent therefore i assume there must be a problem somewhere.

A couple of days ago eset quarantined a pdf exploit virus, and then the issues started.

The only other issue i am having is that the computer is unable to enter hibernation mode.

I am running XP and using Firefox, although same problems are occurring in IE.

I have updated my adobe acrobat and flash player to the most recent versions, however i was using acrobat 7 before infection.

I have read many posts on this website and other to try and rectify the problem including
Malwarebytes
Combofix
gmer
mbr.exe
gooredfix
and others i have forgoten.
I have ran a hijackthis scan and posted below is the log::

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:03:39 PM, on 13/04/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wi... Read more

More replies
Relevance 93.48%

I'm having trouble with my browsers, both firefox and internet explorer. I apparently contracted some malware last night and can't figure out how to get rid of it. All my links in google searches are redirected to ad sites, and after hours of trying to fix it, I'm out of ideas. My virus scanner doesn't even detect it, and I'm at a loss of what to do. I've read several posts about this link redirecting problem already, and tried to follow their intructions. The tools ComboFix.exe and Malwarebytes' Anti-Malware refuse to even run properly. I can see it in process explorer when I try to run them.. they just hangs there and nothing happens. Here is my hijack log... requesting any assistance that can be provided..
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:34:48 AM, on 1/26/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files�... Read more

Answer:google + yahoo links redirect to ad sites, can't get combofix or Malwarebytes' Anti-Malware running

Hi

If you still need help with this post a fresh hjt log, please.

2 more replies
Relevance 92.25%

Hi everyone,Long time lurker first time poster (usually cos other people's malware logs help me diagnose problems on the PCs I fix), but I've really run into a dead end on this one!The machine in question had all sorts of malware on it, including the new "Security Suite" infection that seems to be doing the rounds, I managed to remove the bulk of it, however there's still something a bit fishy up there as avast keeps complaining that explorer.exe and winlogon.exe are infected with "Bamital-X".If I restart the PC, the avast on access scanner does something to explorer.exe and I have to delete the explorer to allow Windows to replace it with a working version, however then after a few more minutes avast pops up an infected warning again!For the moment by the way, I do not have physical access to the computer, I'm connecting to it remotely, however I could probably guide the user through anything that needs to be done in the recovery console if needs be.Hopefully I've done the rest of this right, here's the DDS log and attached are the Attach.txt and GMER logs.Regards,JamesDDS (Ver_10-03-17.01) - NTFSx86 Run by Administrator at 9:51:32.45 on 20/08/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3063.2348 [GMT 1:00]AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}============== Running Processes ===============C:\WINDO... Read more

Answer:PC still claiming explorer.exe is infected after removal of all sorts of malware (including Google redirect)

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the ... Read more

2 more replies
Relevance 89.38%

I recently got a new client who needed help with his computer. It was silly of me to think it would be simple. I was up all night working on it.

His initial problem was that windows would hang on "Loading personal preferences" and would only boot in safe mode. It wasn't the page file, or any of the usual things... though I did start to notice that normal Windows functions didn't work properly, from MsPaint to IExplorer. I tried to run Autoruns.exe and Hijackthis and they shutdown as soon as they were opened. IExplorer wouldn't load pages and firefox would pop up and load the pages instead.

I thought I should just repair windows, which I tried to do and accidentally installed a second copy of windows on the same partition... I then deleted the second windows installation (windows.0), but after that windows would boot fine without safe mode. That was only the beginning though. I found the google redirect on there, a bunch of old adware and a mess of a disorganized computer.

The system also booted and gave a tapi.nfo error, I searched for this and got nowhere. So I went to regedit and deleted the line causing it. It doesn't pop up anymore, but that didn't solve anything.

I looked further into the situation and found that many others are having trouble with rootkit malware that shuts down anti-malware software.

I tried loading malwarebytes, etc, and even renaming the files and the extensions. It still all shuts down immediately when its loaded.
... Read more

Answer:Rootkit, Malware, Tapi.nfo, Google Redirect, Can't open anit-malware

have you tried root repeal? it sounds to me like you've read that post.




Rerun Rootrepeal. After the scan completes, go to the files tab and find this file:

C:\WINDOWS\system32\drivers\UACxpqhxbvttn.sys

Then use your mouse to highlight it in the Rootrepeal window.
Next right mouse click on it and select *wipe file* option only.
Then immediately reboot the computer.

Then run a quick-scan with Malwarebytes. Keep rebooting and running quick-scans with Malwarebytes until it shows zero infections. If after 3 scans it is still not clean post the final log.

this isn't my post so I can't take credit for it but apparently it works
good luck either way. the entire post is called AntiSpy Protector 2009 you should check it out before trying this, good luck

38 more replies
Relevance 84.05%

I have a serious computer problem I have read numerous posts to self diagnose and correct the problem. When I think it's good it comes back to haunt me, I am stuck with a computer that constantly freezes, Google redirects me to malicious sites and mostly everytime I try to run the control panel it freezes up on me. I also have this error messege that pops up and says "Generic Host process for Win32 services has encountered a problem and needs to close." Some additional info for that error message:SzAppname: svchost.exeSzAppVersion: 5.1.2600.5512SzModname: ntdll.dllSzModVersion: 5.1.2600.5755I have run Malware bytes numerous times quick scan, full scan it will detect then I will remove and when I restart the computer and run it again it's back on there! I am getting to my witsends over this I don't know what to do and need some help please! here is my HiJackthis log:Logfile of Trend Micro HijackThis v2.0.4Scan saved at 2:52:09 AM, on 11/30/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.17091)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WI... Read more

Answer:Google redirect virus, generic host process win32 error messege, constant virus removal with malware bytes

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the ... Read more

2 more replies
Relevance 81.18%

I have some sort of malware that redirects webpages and searches. The url shows yahoo.search as it sends me to some other random website. This malware affects, IE, Safari, Chrome and Firefox. Thanks for the help!JeffRan DDS and GMER:DDS (Ver_10-03-17.01) - NTFSx86 Run by Administrator at 21:38:05.97 on Tue 07/20/2010Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_17Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1527.499 [GMT -5:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}============== Running Processes ===============C:\WINXP\system32\svchost -k DcomLaunchsvchost.exeC:\WINXP\System32\svchost.exe -k netsvcsC:\WINXP\system32\svchost.exe -k WudfServiceGroupsvchost.exesvchost.exeC:\WINXP\system32\spoolsv.exesvchost.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINXP\system32\svchost.exe -k imgsvcC:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exec:\WINXP\system32\ZuneBusEnum.exeC:\WINXP\system32\SearchIndexer.exeC:\WINXP\Explorer.EXEC:\WINXP\system32\igfxtray.exeC:\WINXP\SOUNDMAN.EXEC:\Program Files\Brother\Brmfcmon\BrMfcWnd.exeC:\Program Files\Brother\ControlCenter3\brccMCtl... Read more

Answer:Yahoo.search redirect malware

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEmsconfigsafebootminimalactivexdrivers32netsvcs%SYSTEMDRIVE%\*.exe/md5st... Read more

11 more replies
Relevance 80.77%

My sister's computer is an HP Pavilion dv5t-2200 notebook PC running its native OS, Windows 7 Home Premium x64. In the last 24 hours, Avast found and attempted to remove some sort of malware. After the reboot, it recommended a full scan. After the scan was completed, the computer rebooted again. This is where the real problems began.

With the exception of core programs and services, no other program will launch. Not Chrome, not AIM, not even Avast!. The only HP program still installed on the system, HP Support Assistant, will not start. Attempting to use Windows System Restore results in a BSOD as the computer is shutting down to begin the restore process. Upon returning to the desktop, a dialog box recommends that we run chkdsk, but of course that won't even launch.

Internet Explorer will launch, but the campus network requires a third-party client software install. Unfortunately, that's another program that will not launch.

The computer has a recovery partition, but HP Recovery Manager is not installed or cannot be found, and attempts to download and install it have failed because 1) we cannot access the Internet to download it to the hard drive, and 2) it could not be installed from a flash drive containing the softpaq from HP.

UAC is turned on. Maybe this is part of the issue?

I'm on the phone with HP Support right now, but I'd like some feedback from your end.

Answer:Need to restore Windows, but some malware is blocking software launch

Pressing the f11 key during startup on a computer with an HP factory image will start the system recovery process even if the prompt is not displayed.
Recover Windows 7 Operating System Using HP Recovery - HP Customer Care (United States - English)
Performing an HP System Recovery in Windows 7 - HP Customer Care (United States - English)

How to make HP Recovery DVD disks:
Recover Windows Vista Operating System Using HP Recovery - HP Customer Care (United States - English)

How to make HP Recovery USB disk:
Creating a Recovery Disk on a USB Flash Disk HP Pavilion dv6700z CTO Entertainment Notebook PC - HP Customer Care (United States - English)

or
You can Order HP Recovery Disks from here:
Compaq Mini CQ10-500 PC series*-* HP Notebook PCs - Order Recovery Discs for Windows 7, Vista, or XP - c00810334 - HP Business Support Center

2 more replies
Relevance 79.95%

Hello,Well got some virus/malware. I dont know which one.It is redirecting my yahoo/msn search. Computer is slow.I went through few steps to get rid of it. Disabled System Restore.1. Malwarebytes --- removed few trojans.2. VIPRE Anti virus removed few malware.3. Trend Micro Online Anti-Virus removed few.But the problem didnt go away.Then I used COMBOFIX & it went though 50 Stages & now its a lot better.Here is LOG from COMBOFIX. Please help me to remove any leftover malware.Thanks again.ComboFix 10-05-29.05 - Dell 05/30/2010 15:03:02.1.2 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2592 [GMT -4:00]Running from: c:\documents and settings\Dell\My Documents\Software\ComboFix.exeAV: Sunbelt VIPRE *On-access scanning enabled* (Updated) {964FCE60-0B18-4D30-ADD6-EB178909041C}FW: ZoneAlarm Pro Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))C:\sc:\windows\AegisP.infc:\windows\is-GPKL6.exec:\windows\is-LGTJR.exec:\windows\system\oeminfo.inic:\windows\system32\st325602.dllc:\windows\wiaserviv.logInfected copy of c:\windows\system32\drivers\mouclass.sys was found and disinfected Restored copy from - Kitty had a snack .((((((((((((((((((((((((( Files Created from 2010-04-28 to 2010-05-30 ))))))))))))))))))))))))))))... Read more

Answer:Yahoo/MSN Redirect **Virus/Malware ----- Help Needed !!

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you let... Read more

10 more replies
Relevance 79.95%

Hello! I just bought a new Acer Aspire M5 last week, and have really enjoyed the experience except for a particularly stubborn piece of redirect malware. I've read the Preparation and READ ME FIRST posts, so here I go:

Running Windows 8.1, my Google Chrome browser is regularly subject to a piece of redirect Malware that--instead of the omnibox sending my search queries to Google.com--sends queries to a Yahoo derivative site. I intended to post the exact URL for this redirect, but of course my browser isn't exhibiting symptoms right now. The URL is something like us.yhs4.search.yahoo.com

I've noticed the redirect issue tends to crop up after I've performed a Chrome "reset browser settings" action and also after I turn on my Chrome extensions:

AdBlock
Downloads
Google Dictionary (by Google)
Google Docs
Hangouts
Instant Translate
LastPass
SiteAdvisor (disabled, but I can't uninstall)

I've read countless DIY articles to remove this malware and have even seen solutions offered in this forum, but I'm unable to create a permanent solution on my own. Here's hoping someone around here can help me out. Attached are my first two FRST logs. Please let me know if any additional information is needed.
 

Answer:Windows 8--Chrome--Yahoo Redirect Malware

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

7 more replies
Relevance 79.54%

I am infected with a version of the Google Redirect malware problem:- When I click on one of the results from a search on any major search engine, I am redirected to other websites, usually commercial websites such as monstermarketplace.com. I can reach any website if I copy the address in the address bar; I only get redirected when I click directly on the link in the search results page.- Occasionally, a new tab pops up when I am in iGoogle, Gmail, or a Google search page. The new tab's address is www.google.com/webhp. In two occasions a new tab has opened with a commercial website. I always close the windows and have never searched on the google.com/webhp page.Some history:- I was originally infected with the AV Security Suite virus this weekend while downloading the platform for the online game "Battlefield Heroes" (www.battlefieldheroes.com). I tried going online while this virus was active and clicked on some of the pop-ups and alerts, sometimes saying "Yes" and sometimes "No" when it would ask if I wanted to allow access to the home page website. I believe this may have enabled the current redirect malware.- I removed the AV Security Suite virus (at least partly) by renaming and deleting the folder from which it was acting within my Local Settings folder. The current infection must therefore be a leftover of that initial infection.- I ran SpyBot and Ad-Aware, both of which found and removed cookies. I uninstalled both programs a... Read more

Answer:Infected with Google Redirect / Search Engine Redirect Malware

Hello I Would like you to do the following.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/combofix/how-to-use-combofixPlease ensure you read this guide carefully and install the Recovery Console first. The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.Once installed, you should see a blue screen prompt that says:The Recovery Console was successfully installed.Please continue as follows:Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Click Yes to allow ComboFix to continue scanning for malware.When the tool is finished, it will produce a report for you. Please include the report in your next post:C:\ComboFix.txt"information and logs"In your next post I need the followingLog from Combofixlet me know of any problems you may have hadHow is the computer doing now?Gringo

13 more replies
Relevance 79.54%

Apologies, but i'm a bit of a novice. my computer did a scan when i started it and came up with some trojans. when i tried to delete them, a malware removal programme tried to install itself so i closed the download dialog box. unfortunately, i cannot remember the name of the software that was trying to install itself. please would you review my log below and help me clean my computer?

many thanks
---------------------------------------------------------------

DDS (Ver_09-12-01.01) - NTFSx86
Run by 0 at 19:57:35.67 on 02/01/2010
Internet Explorer: 7.0.6001.18000
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.44.1033.18.3000.1826 [GMT 0:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows&... Read more

Answer:attempted removal of trojans try to install "malware removal software

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 79.13%

Ok so as my username should lead you to believe I am completely inept with computers, which is not to say I don't use them a lot. I'm not one of the elderly I'm just not very good at the super technical and currently this forum is my last option.

So a brief overview of both my problem and my computer.

I run Windows XP SP3 on a boot camp equipped Imac and aside from the occasional brush in with malware etc I'm really quite happy with this set up.

This is not my first infection, previously I had a similar run in with the whole fraudulent program pop up spam classical (from my perspective) malware. A quick call to India and a new friend named Kumar was all this required. Kumar ended up using screen share to download a trial version of AVG anti virus and after a long scan and a few laughs at the results my problem was solved.

I was ecstatic and gave this guy every sort of recommendation to his superiors possible. I actually stayed on hold for hours just to sing his praises.

Now about a year or so after that I?m told my hard drive gave out and my only existing back up was ages old so after a lot of rebuilding here I am just finally settling into the same position I was before the hard drive being destroyed. Procrastination and some errors during the backup process that confound me to no end have prevented me from a more recent back up being made.
In short If I can?t remedy this now I?m screwed.

So what sets this malware so apart from my last run in is that ... Read more

Answer:Malware infection unable to launch anything including anti virus software

Bump

Sorry, but I really need a reply. Help please.

12 more replies
Relevance 79.13%

Hello! , as you can see I've been trying everything with my computer except beating it to death!Yesterday around this time, I caught a trojan by stupidly downloading a file from a suspicious mp3 site (Allfreemp3.net???). I shoulda known something was up when I clicked on it cause it started to download as A PROGRAM instead of an individual file! By the time I tried to uninstall, it only took a few seconds for my computer to act up, and I turned off my WiFi for awhile out of fear of "Backdoor" stuff happening!Between now and yesterday, I have had quite a few "blue screen crash dumps", I lost my "fancy" Vista Home Basic (32 bit) themes from tampering with my Services (though they are corrected now!), and now everytime I do a search through internet explorer, my Yahoo! search engine results will either lead me to some more suspicious sites, or lead me to a legit site that had absolutely nothing to do with my search! The biggest thing I've noticed, though, is that when I ran McAfee (I uninstalled it later), Norton, and Windows Live OneCare Safety Scanner, they all froze up on this one file path: D:\Windows\System32\config\security.log1, and now my computer won't let me do a performance indexing test!Please help!

Answer:Yahoo Redirect Trojan and Malware Removers Stalling!

The process of cleaning your computer may require you to temporarily disable some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".C... Read more

10 more replies
Relevance 78.72%

Quote:
March 22, 2010 12:57 PM PDT

Malware delivered by Yahoo, Fox, Google ads

by Elinor Mills


These charts show incidences of malware distributed by a number of ad delivery platforms over a six-day period last month that were detected by Avast. Yahoo and Fox have the highest counts.
(Credit: Avast)

Malware that exploits holes in popular applications is being delivered by big ad delivery platforms including those run by Yahoo, Fox, and Google, according to Prague-based antivirus firm Avast.

Viruses and other malware were found to be lurking in ads last year on high-profile sites like The New York Times and conservative news aggregator Drudge Report.com, and this year on Drudge, TechCrunch and WhitePages.com. The practice has been dubbed "malvertising."

Now, researchers at Avast are pointing fingers at some large ad delivery platforms including Yahoo's Yield Manager and Fox Audience Network's Fimserve.com, which together cover more than 50 percent of online ads, and to a much smaller degree Google's DoubleClick. In addition, some of the malicious ads ended up on Yahoo and Google sites, Avast claims.


More at: Malware delivered by Yahoo, Fox, Google ads | InSecurity Complex - CNET News

Answer:Malware delivered by Yahoo, Fox, Google ads

Part of the reason that i maintain that you cannot simply rely on "common sense" to protect you these days.

4 more replies
Relevance 78.72%

Recently I was infected with some fake anti virus software called anti virus pro 2009 and it disabled all my stuff so I had to have help removing it here, http://www.bleepingcomputer.com/forums/t/271130/malware/, and after all that all the symptons were gone but when I started using IE again I kept getting pop ups on trustworthy sites that try to install malware, especially on google or yahoo whenever I click a search result. Also when I restart and log in I get a window called RUNDLL that says,Error loading C:\DOCUM~1\devin\locals~1\Temp\odbc_inc.dllThe specified module could not be found. malware bytes, super antispyware, eset scan all show nothing now. Here are DDs and root repeal logs,
 rootrepeal_log.txt   2.94KB
  6 downloads
 DDS.txt   7.48KB
  5 downloads
 Attach.txt   9.61KB
  2 downloadsDDS (Ver_09-10-26.01) - NTFSx86 Run by Devin at 8:53:04.18 on Wed 11/18/2009Internet Explorer: 7.0.5730.13Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.550 [GMT -6:00]AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exeC:\WINDOWS\system32\Ati2evxx.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Avira\AntiVir Desktop\sched.exeC:\WINDOWS\Ex... Read more

Answer:Pop ups on google/yahoo exc that try to install malware

Hello,We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up.My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if youwould let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)Then please post back here with the following: log.txt info.txtThanks

35 more replies
Relevance 78.72%

Hello Thank you in advance for your help!Here is my situation...Other than the known Google redirect problem (google results aren't what they seem to be) that I've been experiencing in the past few days, I also seem to have a problem with loading google products/services such as Gmail, google maps, google reader, iGoogle, and google translate in Firefox. I don't know if the Google redirect virus is somehow related to this problem. These Google services I've mentioned simply won't load for me. In Gmail, the login screen appears fine but when I enter my username and password, it takes me to the "Loading [email protected]" and just tries to load it for a very long time until finally it says that I have a network problem. Also, I noticed that when I click the "Sign In" button on the Gmail login screen, the status bar on the bottom says: "Transferring data from secariadna.com..." which looks very suspicious to me (I can provide a screenshot of this if requested). The other services (maps, reader, translate) just won't load. For example, when I open a new tab and click on my google maps bookmark (for example) the window remains white and it keeps displaying: "Transferring data from maps.google.com" in the status bar. Sometimes after a long time of loading, the map would eventually manage to load. I also have to note that picasaweb loads without a problem in FF, although it also displays "Transferring dat... Read more

Answer:Google redirect virus + possible additional malware that prevents from Google services to load

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEmsconfigsafebootminimalactivexdrivers32netsvcs%SYSTEMDRIVE%\*.exe/md5st... Read more

19 more replies
Relevance 78.72%

I've already scanned using the steps in the removal forum &
now need someone to see if there's anything left that needs to be removed
from the logs attached.

Also, when I click on a link of a topic I search in google, it redirects me to another site like yellowpages etc... This only happens in Firefox.

Help !

Thanks.
 

Answer:Malware Removal & WebPage Redirect Help

You should only be running one Anti-virus program. Please uninstall one of these:
ParetoLogic Anti-Virus PLUS
AVG

Now lets do a little clean up:

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:




O2 - BHO: (no name) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)Click to expand...

After clicking Fix, exit HJT.

Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.





REGEDIT4

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]

Click to expand...

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.

Now use windows explorer to find and delete:
C:\-795295435
c:\windows\S5A699AF3.tmp
C:\Program Files\M... Read more

2 more replies
Relevance 78.72%

Almost everytime I do a search on Google, I get redirected to another search engine. I tried using other malware removal tools, Spybot, Avira, Malwarebytes, but they don't work.Finally I found myself on your Preparation Guide. Hopefully you will be able to help. When I run Gmer however my computer crashes. So here is the data I'm able to send you. Please help. Thanks.DDS (Ver_10-03-17.01) - FAT32x86 Run by Gateway User at 11:23:43.19 on Mon 06/14/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.575.119 [GMT -7:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchSVCHOST.EXEC:\WINDOWS\System32\svchost.exe -k netsvcsSVCHOST.EXESVCHOST.EXEC:\WINDOWS\system32\spoolsv.exeSVCHOST.EXEC:\Program Files\Microsoft LifeCam\MSCamS32.exeC:\Program Files\Soluto\SolutoService.exeC:\WINDOWS\System32\svchost.exe -k imgsvcC:\Program Files\Soluto\soluto.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\svchost.exe -k HTTPFilterC:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exeC:\WINDOWS\system32\InetCntrl\InetCntrl.exeC:\Documents and Settings\Gateway User\Application Data\Google\Update\GoogleUpdate.exeC:\Program Files\System Explorer\SystemExplo... Read more

Answer:Redirect (?) Malware Removal Request

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Do not Attach logs unless I ask you to.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.Note** If you are having problems posting the complete log into this thread upload them here http://www.rapidshare.com/ and post the links in this thread Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Gmer is the best but can be hard to get a log lets try this and see what we get.Scan With RKUnHookerPlease Download Rootkit Unhooker Save it to your desktop.Now double-click on RKUnhookerLE.exe to run it.Click the Report tab, then click Scan.Check (Tick) Drivers, Stealth. Uncheck the rest. then Click OK.Wait till the scanner has finished and then click File, Sa... Read more

15 more replies
Relevance 78.72%

Hi!

First of all, thank you for taking the time to try to solve my extremely annoying issue.
The issues started about a week ago, Im not sure if I downloaded something I was suppose to or it came to me in some other ways, but I cant seem to get rid of it.
Every 10-15 click I do on various websites redirects me to
Code:
http://api.recomme.me/widgets/PromoManager/HJjOZY6KF6lVhsJNEoLm.html?usa=true&countdown=false&ptID=169&cID=1015&rt=linkreplace&ascID=null&ascGuid=f9bf59e9-0ea0-43ee-abf2-6d1dda054d6a&mid=7A22526691392D5A4ED2A01EC9CF6336&pid=18&umid=B4D03E16-E000-45AD-9655-2F69CFDC7583&rv=64&pmUrl=WEBSITEURLindex
I read another post here on malwaretips and follow the step to do a ZOEK scan, al though that didnt help. I have the log if needed.

I cant find any addons of it nor software installed. And from here Im lost.

Someone who is familiar with the issue and how to get rid of it?

Greatful for everyhelp.

Thanks
 

Answer:Api.recomme.me redirect. Malware Removal Help Need it!

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

3 more replies
Relevance 78.72%

My poor PC is on the brink, whenever I select a link in google it redirects me to another website called 'bit-find' and sometimes ebay, I have seen other people with similar problems to this on this forum so I'm pretty certain that it is malware. I had a crude attempt at trying to fix this using instructions in someone elses thread but didn't have much luck so I have created a new topic. Hopefully I have created this topic in the correct place this time, here are my logs, if some friendly person could help me i would be much obliged.

I have attached my 'DDS' and 'attach' file

Cheers chaps/chapets

Answer:Malware- Google links redirect me to 'bit-find', google maps don't work

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 78.31%

The problem I seem to be having is related to running auto-removal tools. I can't run malwarebytes for instance. The program will start scanning and then abruptly close. When I try to reopen it says I may not have appropriate permissions to access this item. This is also true for HijackThis!. I was also unable to run GMER and dds. DDS would run, but it wouldn't produce any logs. I would close the window, but no logs would open up. I also have a problem of something redirecting my google searches.

I'm running Windows Vista 32-bit.

Any help would be appreciated.

Justin
 

Answer:Can't run any virus removal software/Google redirect

15 more replies
Relevance 77.9%

Some of the web's bigger websites were flooded with a torrent of malicious banner ads after cyber crooks managed to sneak them onto syndication services operated by Google, Yahoo, and a third company, according to a security firm.
The ads - which attacked previously-patched vulnerabilities in Adobe's PDF Reader and Microsoft's DirectShow - starting appearing on sites such as the DrudgeReport, horoscope.com and lyrics.com last Friday, ScanSafe researcher Mary Landesman told The Register. They were delivered over networks belonging to Google's DoubleClick; Right Media'sYield Manager (owned by Yahoo); and Fastclick, owned by an outfit called ValueClick.
End users visiting sites that used the ad syndication services often saw nothing more than a brief flash as the malware-laced ads caused their browsers to open - and then close - a booby-trapped PDF file. But behind the scenes, the payload installed Win32/Alureon, a trojan that drops a backdoor on infected machines.

The malicious ads, which also appeared on slacker.com, ended on Monday, when the website used by the malware purveyors abruptly vanished. During their three-day stint, the attacks accounted for 11 percent of pages blocked by ScanSafe, a service used by businesses to prevent employees from visiting malicious sites.
The report, issued Wednesday, came the same day a Google executive called on internet service providers, website operators, and others to do more to combat malicious ads. Over the past few years, so-calle... Read more

More replies
Relevance 77.9%

Hi Guys,I'm battling a stubborn infection that has so far resisted attempts to clean it. I've tried Malwarebytes, SuperAntiSpyware, and Combofix, all to no avail. I've just run Hijackthis and the log is shown below. Can you see if you can find out what I've been infected with and post instructions on how to clean it? It may be a rootkit but I've run the Mcafee RootKitDetective to clean whatever rootkits it discovers and the redirection from google and yahoo search results keeps coming back. The Hijackthis log is shown below. Thanks for your help.Logfile of Trend Micro HijackThis v2.0.4Scan saved at 11:55:14 AM, on 08/02/2010Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exec:\windows\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exeC:\Program Files\McAfee\Common Framework\FrameworkService.exeC:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system3... Read more

Answer:Stubborn malware - google and yahoo redirects

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEmsconfigsafebootminimalactivexdrivers32netsvcs%SYSTEMDRIVE%\*.exe/md5st... Read more

2 more replies
Relevance 77.9%

My previous is posted through this link http://www.techsupportforum.com/f108...e-241631.html?. I've completely taken all the steps before posting here and used all of the suggested virus scanners suggested in my previous thread, lso change to firefox instead of IE. as of today: The crunchy noise from my computer has stopped. Pages began loading slowly off and on, a few froze on me. Passwords are not being saved even with the save option checked. I downloaded eset smart security but, it can't connect online or update virus guards because my internet isn't running on proxy settings (it runs on a sim card). So, I'm wide open for viruses but, don't know of a virus protector that doesn't connect through proxy settings. The main problem is the Google and yahoo are blocking me from searching and entering my own e-mail account. Yahoo keeps making me confirm my password and info, after maybe 10 tries it eventually lets me in. However, if I pick anything like my account info it starts over again. my messenger just refuses to accept my correct info and also begins the confirmation process again but, never lets me in. Here are the warning that I am getting from both:

If you continue to experience this error, it may be caused by one of the following:

* You may want to scan your system for spyware and viruses, as they may interfere with your ability to connect to Yahoo!. For detailed information on spyware and virus protection, please visit the Yahoo! Security Center.
* This problem... Read more

More replies
Relevance 77.9%

I had a Trojan virus that was redirecting my google searches. I thought I removed it but I keep getting this security alert for every single website. I am not computer saavy. I'm sure I messed something up when I installed the trojan removal software. Can someone look and see? I am not able to access my bank info or my work email because of the security changes I made.

Nevermind, after running combofix, everything has been great. Thanks!

Answer:Website Redirect, Malware Removal Installed

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:

msconfig
safebootminimal
activex
drivers32
netsvcs
%SYSTEMDRIVE%\*.exe
/m... Read more

2 more replies
Relevance 77.9%

Hi everyone, great site you have here, i cant believe the amount of people asking for help....just goes to show how bad this problem is and the amount of people that dont know how to control the infections (myself included)
Hopefully now ive found this site i can learn how to avoid them infecting my system again once theyve been removed.

I'd be grateful if anyone could help me remove the spyware/malware thats on here now, info needed below (as per your easy to follow instructions)


DDS (Ver_09-03-16.01) - NTFSx86
Run by Mark&Kelly at 16:28:39.93 on Sat 05/09/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.510.89 [GMT 1:00]

AV: avast! antivirus 4.8.1335 [VPS 090508-0] *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Sony\VAIO Event Service\VESMgr.e... Read more

Answer:clickcheck.ru redirect....malware removal help needed

Hello and welcome to TSF

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

========

Please follow all instructions and in which order they come, if you have any questions, please ask before proceeding. Its important that you follow this through until i give you the all clear.

Please DO NOT Attach logs to your posts unless you are advised to do so.

=========

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Place combofix.exe on your Desktop
[*]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
[*]Double click on combofix.exe & follow the prompts.
[*]As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.

With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malw... Read more

2 more replies
Relevance 77.9%

I have a computer that has some malware that shut down the computer. The computer did not have antivirus software until I loaded Avast on it after the issue. I ran the antivirus software after the problem and it removed some items but the computer still has problems. When the computer comes up the Avast gives a warning that a web site has been blocked that starts with "renewanadiaper" in the URL address. I have gone through the "Fixing Google Redirection/hijacking and other redirection problems" http://forums.majorgeeks.com/showthread.php?t=230267 thread. I am posting this after following the instructions in the "Windows XP Malware Removal/Cleaning Procedure" http://forums.majorgeeks.com/showthread.php?t=139313 thread. I am attaching the logs from the process. When I ran the "ComboFix" process the computer did a system dump when it was processing the step to prepare the report.

Do I need to attach any of the log files from processing the "Google redirect" process?
 

Answer:Have malware cause web redirect and desktop icon removal

This is a message to add the MGlogs.zip attachment.
 

14 more replies
Relevance 77.9%

Hello,

I use Windows XP SP3 and recently had an infection of a rogue malware removal virus variant. I don't know exactly which one. I run Microsoft Security Essentials. I killed the rogue program over and over while I downloaded and ran MalwareBytes Anti-Malware which found and removed some malware. Between Security Essentials and MalwareBytes actions I thought it was over. Then I realized I was experiencing browser redirects still. Since then the computer has been unplugged from the network and nothing further significant done to it. I have another clean computer I am using to post this and download tools like MalwareBytes, etc.

From the mbam log (let me know if I should post the log file), it looks like it found and removed Rootkit.0Access. Security Essentials lists several java exploits that were removed around the same time I first got hit. Exploit:Java/CVE-2009-3869.R, Exploit:Java/CVE-2010-0842.AN, and a second Exploit:Java/CVE-2010-0842.AN.

It appears I may still be infected with part of this or something else which is causing browser redirects, but neither MalwareBytes nor SecurityEssentials scans reveal anything. I looked at the hosts file and DNS settings on network connections which seem normal. I had sysinternals RootKit revealer installed from a prior infection last year, but haven't tried using it.

Am I still infected? What should I do?

Please help.

Thanks.

Answer:Browser redirect lingering after malware removal

Welcome aboard Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform quick scan, then click Scan. * When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected. * When completed, a log will open in Notepad. * Post the log back here.Be sure to restart th... Read more

2 more replies
Relevance 77.9%

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:15:48 AM, on 3/16/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Mike\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 ... Read more

Answer:Search redirect malware removal needed

DDS (Ver_11-03-05.01) - NTFSx86
Run by Mike at 11:55:34.68 on Wed 03/16/2011
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_24
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.956 [GMT -7:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\rundll32.exe
C... Read more

2 more replies
Relevance 77.9%

I have getting a lot of browser redirects; ask for yahoo and end up in a lot of "Timbuktu" sites. I have run a Hyjack this file several times, and then just stare a them, afraid to do anythig. Help
 

Answer:Browser Redirect problem + malware removal

Welcome to Major Geeks!

Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

READ & RUN ME FIRST. Malware Removal Guide

If something does not run, write down the info to explain to us later but keep on going.

Do not assume that because one step does not work that they all will not.
Notes:
If you run into problems trying to run theREAD & RUN ME or any of the scans in normal boot mode. You can running steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools on another PC and burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.

 

19 more replies
Relevance 77.49%

Hi

I got infected by using Frostwire back on the 23rd/24th March, needless to say that is already removed!

Suspected something was wrong straight away scanned my laptop running windows 7 with the free anti virus that I had installed: Malwarebytes Anti-Malware

It found various problems and removed them, detailed in the log attached.

All problems are gone apart from when searching using Google Chrome (don't use any other browser so only IE installed in addition), in IE doesn't happen, it redirects me all the time as per other threads in this area.

I then realised I coudl have installed a copy of Norton 360 on here as have 3 licenses, 2 to use still. So un-installed Malwarebytes Anti-Malware and installed 360. Scanned etc and still have this one lingering problem.

I have gone through and completed the following before posting:

General house cleaning:
http://forums.majorgeeks.com/showthread.php?t=230267

Run & Read me First:
http://forums.majorgeeks.com/showthread.php?t=35407

Even tried using the points in this thread but no luck either
http://forums.majorgeeks.com/showthread.php?t=221915

Only program I can't run is RootRepeal errors out.

1st 4 uploaded files:
2 x Malware scans with infection finds all other subsequent ones ran found nothing
1 x Rootrepeal crash text
1 x SuperAntiSpyware log

Will attach the other next
Please help!
Thanks
 

Answer:Google Redirect malware in Google Chrome browser only

Combofix.txt
MGlogs.zip

Attached as well

Also ran Norton 360 full scan twice and found 16 tracking cookies in total nothing serious would attached logs but can't find them to attach. Doesn't say name or anything within Norton.

Everytime the redirect takes me to a 'bad' page Norton detects and attack and popups telling me its blocked it.

Let me know what else I can try
Many thanks in advance for your time
Z
 

10 more replies
Relevance 77.08%

This is a windows 7.laptop  Every time I use firefox it goes to yahoo, my broser is google.  When i type in google it goes to some strange yahoo site. If I go to the bank the address ends up with some long  yahoo addrss.  It doees look like the bank site, but it's yahoo  not safe  If i keep typing Google and serching it may finely go to the real site, but it ends up going back to yahoo.
Also, all my securty is shut off. 
I have installed, ultra Virous killer, super anty spyware,I do scands and they find malware and fix it/  I went to safe mode and ran rkill, it looked like it may have fixed it, but it came back.
I have done every thing I know to do thanks.  Can you help?  Liz
 
 
 

Answer:help with virus,malware? Yahoo is changing my google browser

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Download Malwarebytes' Anti-Malware from HereDouble-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).The scan may take some time to finish,so please be patient.If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Log... Read more

30 more replies
Relevance 77.08%

I'm having trouble with my browsers, both firefox and internet explorer. I apparently contracted some malware last night and can't figure out how to get rid of it. All my links in google searches are redirected to ad sites, and after hours of trying to fix it, I'm out of ideas. My virus scanner doesn't even detect it, and I'm at a loss of what to do. I've read several posts about this link redirecting problem already, and tried to follow their intructions. The tools ComboFix.exe and Malwarebytes' Anti-Malware refuse to even run properly. I can see it in process explorer when I try to run them.. they just hangs there and nothing happens. Here is my hijack log... requesting any assistance that can be provided..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:34:48 AM, on 1/26/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\... Read more

More replies
Relevance 77.08%

Some of the web's bigger websites were flooded with a torrent of malicious banner ads after cyber crooks managed to sneak them onto syndication services operated by Google, Yahoo, and a third company, according to a security firm.
The ads - which attacked previously-patched vulnerabilities in Adobe's PDF Reader and Microsoft's DirectShow - starting appearing on sites such as the DrudgeReport, horoscope.com and lyrics.com last Friday, ScanSafe researcher Mary Landesman told The Register. They were delivered over networks belonging to Google's DoubleClick; Right Media'sYield Manager (owned by Yahoo); and Fastclick, owned by an outfit called ValueClick.



Link -
Malware torrent delivered over Google, Yahoo! ad services ? The Register

More replies
Relevance 77.08%

I have picked up a malware that redirects me to strange sites when I click on a google link. I have SpywareDoctor and it has detected and quarantined three malwares, trojan.tdserv, rootkit.podnuha and adware.agent!ct. But it does not seem able to eradicate the redirect malware. I have followed the instructions and await your direction. Thank you for your help.


DDS (Ver_09-05-14.01) - NTFSx86
Run by Compaq_Administrator at 21:03:00.48 on Wed 05/27/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.392 [GMT -4:00]

AV: Norton AntiVirus *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton AntiVirus *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\DISC\DISCo... Read more

Answer:Google Redirect Malware - Please help

Hello, and welcome to TSF.

I am currently reviewing your log. I will be back with a fix for your problem as soon as possible.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread.
Make sure it is set to Instant Notification, then click Subscribe.

Please be patient with me during this time.

17 more replies
Relevance 77.08%

I started getting google search redirects a couple of weeks ago. Mcafee found nothing so I downloaded Malwarebytes which did find several hits. I continued to get redirects though. I have been throough the steps in your guide at http://malwaretips.com/blogs/malware-removal-guide-for-windows/ several times to no avail. I also tried Mcafee Stinger, and root kit tool...no help.

Thanks so much for any help you can give....I'm whipped.

John
 

Answer:Can't get rid of google redirect malware

Download attached fixlist.txt on the same location as FRST (otherwise the fix won't work)

Open FRST, and click Fix. Attach me that report after it is finished.


Please download zoek.zip or zoek.rar by smeenk () from here or here and save it to your Desktop.
Unpack the archive...

Close any open browsers
Temporarily disable your AntiVirus program. (If necessary)
If you are unsure how to do this please read this or this Instruction.

Double click on zoek.exe to run the tool .
Please wait while the tool does not start...

Copy the text present inside the code box below and paste it into the large window in the zoek tool:
Code:
autoclean;
emptyclsid;
emptyalltemp;

Click on button.
Please wait until a logreport will open (this can be after reboot)

Save notepad to your Desktop and attach here zoek-results.log
Note: It will also create a log in the C:\ directory named "zoek-results.log"

 

6 more replies
Relevance 77.08%

Like several others here, I've got some sort of malware that's redirecting my browser from my search result in google to an unrelated site (e.g. infomash).I'm running Windows XP pro and using Firefox. I've run computer scans using AVG Free, SuperAntiSpyware and Malwarebytes.Here is my DDS Log:DDS (Ver_10-03-17.01) - NTFSx86 Run by at 20:48:42.90 on Mon 09/06/2010Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_07Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1078 [GMT -7:00]AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}FW: ActiveArmor Firewall *enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exesvchost.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Common Files\Acronis\Schedule2\schedul2.exeC:\Program Files\AVG\AVG9\avgwdsvc.exeC:\WINDOWS\Explorer.EXEC:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exeC: ... Read more

Answer:Google redirect malware

Hello t586 and welcome to the forums here at BleepingComputer.Sorry for the delay in getting to your post here, as you can probably see the forums are very busy. Please read carefully and follow these steps. Download TDSSKiller and save it to your Desktop.Extract its contents to your desktop.Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.If an infected file is detected, the default action will be Cure, click on Continue.If a suspicious file is detected, the default action will be Skip, click on Continue.It may ask you to reboot the computer to complete the process. Click on Reboot Now.If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

14 more replies
Relevance 77.08%

i'm having trouble with google redirecting to random websites when i click on the links. I think i've removed most of it with malwarebytes, but i'm not sure. I had also had trouble with awareantivirus2009 as well.
DDS (Ver_09-10-26.01) - NTFSx86
Run by jvfurr at 8:42:56.70 on Thu 11/12/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.196 [GMT -5:00]

AV: Trend Micro OfficeScan Antivirus *On-access scanning enabled* (Updated) {4CA5B9AB-4295-4D4C-9664-0EBE85AE0525}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\... Read more

Answer:google redirect malware

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No inp... Read more

10 more replies
Relevance 77.08%

Hello,I am new to Bleeping Computer, and I don't really know much about computers.I have had a malware issue for the past few weeks. I was able to eliminate some problems with Malwarebytes, but still have some lingering issues. I get various redirects after searching with Google. In addition, I have numerous unwanted pop-up browsers. At the present time, I am also experiencing some difficulty restarting my computer and changing my homepage.I have included my DDS log and attached my Attach log. Unfortunately, I am unable to attach my GMER log because my computer will either crash, give a blue screen, or automatically restart when I run the GMER program. I have run this program at least 7 times.Any help would be greatly appreciated (with my malware issues and/or my problems with GMER). Thanks,jed cooperDDS (Ver_10-03-17.01) - NTFSx86 Run by Adam Sibley at 9:39:08.95 on Thu 08/12/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1087 [GMT -4:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchC:\WINDOWS\system32\svchost -k rpcssC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k NetworkServiceC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9&... Read more

Answer:Google Redirect Malware

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other... Read more

8 more replies
Relevance 77.08%

Ok, I have been diligently working away at removing likely malware which was rendering my computer buggy (Google redirect, AV programs not working, etc.) I luckily have the help of these forums and have been working with rigel to get everything clean. I am now in this forum due to DDS not being able to run properly (I followed the prep guide but to no avail). I ran RSIT instead and am posting the log here for someone to peruse it and finally give me some really good news on my computer's health. http://www.bleepingcomputer.com/forums/t/244217/google-redirect-malware-issues-moved/
 log.txt   24.29KB
  2 downloads

Answer:Malware, Google redirect, HJT Log

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 77.08%

Hello,

I am infected with some strain of google-redirect. I have tried downloading numerous anti-spyware/malware programs but they would not let me update. I have tried online scanners like Panda, Kaspersky and Trendmicro Housecall, all the same result - can not update, check internet connection. I'm not able to visit sites like malwarebytes.org or other antivirus sites, it pretty looks like the virus is preventing me from helping myself.

Here is my DDS log:

DDS (Ver_10-12-12.02) - NTFSx86
Run by Elaine at 17:54:38.29 on Wed 02/02/2011
Internet Explorer: 8.0.6001.18999 BrowserJavaVersion: 1.6.0_21
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.2046.1181 [GMT -8:00]

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
C:\Windows\system32\Dwm.exe
c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch B... Read more

Answer:Google Redirect and other malware

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Do not Attach logs unless I ask you to.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Scan With RKUnHookerPlease Download Rootkit Unhooker Save it to your desktop.Now double-click on RKUnhookerLE.exe to run it.Click the Report tab, then click Scan.Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.Wait till the scanner has finished and then click File, Save Report.Save the report somewhere where you can find it. Click Close.Copy the entire contents of the report and paste it in a reply here.Note** you may get this warning it is ok, just ignore"Rootkit Unhooker has detected a parasite inside itself!It is recommended to remove parasite, okay?""just click on Cancel, then Accept".Gringo

3 more replies
Relevance 77.08%

I recently caught the search engine redirect virus and I'm concerned that there may be other rootkits/malware from a suspicious flash drive I used. I have already run malwarebytes and combofix (prior to finding this site) as well as spybot s&d. Malwarebytes frequently pops up blocked ips while using firefox. System is windows 7, 64 bit. any help is greatly appreciated

Below is the requested log

.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_26
Run by Ian at 10:05:08 on 2011-06-24
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.6141.3918 [GMT -7:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k Local... Read more

Answer:Google Redirect Malware

Hello, Welcome to TSF.
I'm nasdaq and will be helping you.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

Please do not install or uninstall any programs, or run any other scanners or software, unless I specifically ask you to do so. Also please copy and paste logs into the thread, rather than add them as attachments.
===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.Click on the Start Scan button and wait for the scan and disinfection process to be over.
If an infected file is detected, the default action will be Cure, click on Continue

If a suspicious file is detected, the default action will be Skip, click on Continue

If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System d... Read more

2 more replies
Relevance 77.08%

HI, I've got myself a google redirect problem thingy, i've already did the following scans seen in this link:http://www.bleepingcomputer.com/forums/topic413707.html/page__gopid__2371288#entry2371288but google still redirects.i'm using windows 7 ultimate, and it redirects on firefoxi'm a com. noob, and i need help. thnx.Pasting in GMER log from topic in AII. ~ OBGMER 1.0.15.15641 - http://www.gmer.netRootkit scan 2011-08-12 16:11:24Windows 6.1.7600Running: cco9p9fl.exe---- Registry - GMER 1.0.15 ----Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076bf50dfReg HKLM\SYSTEM\CurrentControlSet\services\sptd\[email protected] 771343423Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\[email protected] 285507792Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\[email protected] 2Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\[email protected] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\[email protected] 0Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\[email protected] 0x24 0x71 0xFE 0x6C ...Reg HKLM\SYSTEM\CurrentControlSet&... Read more

Answer:GOOGLE REDIRECT MALWARE

Hello. Please go here....Preparation Guide ,do steps 6 & 7.Create a DDS log and post it in this topic,thanks.

29 more replies
Relevance 77.08%

Hi i'm constantly getting redirects after clicking on search results withing Google or yahoo under firefox and explorer to various bogus sites including k directory, Gormeo, qandca.com, search.pro, if i use an existing favourites all is fine and if i type in an address all is ok too, my main pc on the home workgroup is also infected so i have closed the workgroup down and once this malware has been eliminated we can work on the other. I have been reading these forums for awile and have tried sooooooo many virus removal tools and software including Malware bytes, smitfraud, norman malware cleaner, hitman pro, emisoft, ccleaner, rkill, fsbl and more, and although initially some viruses and or spyware was detected, all scans seem to now come up totally clean, but my redirects persist and i'm going loopy with frustration. Please can you help. regards
 hijackthis.log   12.07KB
  2 downloads

Answer:google redirect malware

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The ... Read more

12 more replies
Relevance 77.08%

Hello all. I have been trying to get rid of a malware, which redirects my google searches and produces pop-up tabs, with no success. Malwarebytes comes up clean, though it did find one trojan recently. I ran hijackthis, and googled each file on my droid to see if I should get rid of it. I thought I had the problem fixed, but realized, within a half hour, it was not. I ran combofix and thought that did it, but no luck. While Combofix was running, McAfee quarantined a virus (I think it said a virus, maybe just malware, if that means anything to you). I ran Hijackthis again, here is the log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:43:37 PM, on 5/17/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17096)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtp... Read more

Answer:google redirect malware

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

3 more replies
Relevance 77.08%

Hi,I am trying to fix my sisters laptop, which seems to have had a variety of Malware on it.I have been reading this forum and others and so I have run CCleaner, Superantispyware Free Edition, Malwarebytes AntiMalware and Spybot.I have also installed Kaspersky Internet Security 2009 (I am counting this as my Antivirus and Firewall software.) as it was a free download from Barclays Bank.In my opinion, I seem to have removed quite a few trojans but I still have the problem of redirected Google results. I can search for things OK but when I click the result I get sent to other websites (from memory these were traffdrive.net and clickforclicks.com).I also cannot download onto this laptop, when I try, I get a no internet connection message. I believe this malware redirects me to myself. I am therefore currently using another computer and transferring the .exe/download files by usb stick.I have tried to follow your instuctions for this post, so the DDS.txt file is as follows:DDS (Ver_09-07-30.01) - NTFSx86 Run by Carly at 20:43:04.12 on 26/08/2009Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.374 [GMT 1:00]AV: Kaspersky Internet Security *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}FW: Kaspersky Internet Security *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\Program Files&... Read more

Answer:Google Redirect Malware

I have been working on this and seem to have solved the problem.

I followed some advice from the pctools.com forum and downloaded HostsXpert.

This found that the hosts file in windows/i386 was read only so couldnt revert it to the original file.

I bravely (!!!) moved the file to my desktop and then HostsXpert installed a new template of the hosts file.

All the redirections have stopped since then!

I guess you can close this thread now.

Thanks

Ross

2 more replies
Relevance 77.08%

Hello

I have a malware problem. It's the google redirect one that I see many people have. I tried using Malwarebytes as an advice from a friend, but the program won't run even in safe mode. Hijackthis also does not install for some reason. Getting some error when I try it. I can elaborate more on it if required.

Here is my DDS log.

DDS (Ver_09-03-16.01) - NTFSx86 MINIMAL
Run by Administrator at 20:17:40.85 on Tue 04/14/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1786 [GMT -7:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\taskmgr.exe
G:\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\acrobat\activex\AcroIEHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live... Read more

Answer:Google redirect malware

Hello -

Is there some reason DDS was run in Safe Mode? Will normal mode load for you? If so, I'd like new logs from Normal Mode, as Safe Mode logs won't always show everything we need to see.

2 more replies
Relevance 77.08%

Hello,

I received excellent service from this site before so I am hoping I could get some computer help again. I don't know all the symptoms because this is not my computer, but I do know that it has some search engine redirect malware. I'll edit if any more problems come up.

Answer:Google Redirect Malware

Hello Celestial,I moved this to Am I Infected... Lets look at these logs.Are you on a router? Are other machines on it,if so are they redirecting?Do you use Firefox?Please download MiniToolBox, save it to your desktop and run it. Checkmark the following checkboxes: Flush DNS Report IE Proxy Settings Reset IE Proxy Settings Report FF Proxy Settings Reset FF Proxy Settings List content of Hosts List IP configuration List Winsock Entries List last 10 Event Viewer log List Installed Programs List Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.Please download TDSSKiller.zip and and extract it.Run TDSSKiller.exe. Click Start scan.When it is finished the utility outputs a list of detected objects with description.
The utility automatically selects an action (Cure or Delete) for malicious objects.
The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click ContinueLet reboot if needed and tell me if the tool needed a reboot.Click on Report and post the contents of the text file that will open.

Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log has a name like: TDSSKiller.Version_Date_Time_log.txt.If TDSSKiller does not run... Read more

7 more replies
Relevance 77.08%

I have been infected by a Google redirect malware bug. I am on Windows 7 and using Firefox as my browser.

When I run Google search and click on a link, it will often (but not always) redirect me to an ad site such as "63.209.69.107".

So far I have:
Tried running my anti-virus (VIPRE), which didn't detect the bug.
Downloaded and tried Malwarebytes (free version), which found a bug and gave me the following message:
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.
This reduced the number of redirects but did not eliminate them.

Could you please help me find a way to get rid of this bug?
Thanks,
Judy

Answer:Google redirect malware

Hello Judy,I would suggest you run this first in normal mode.Please follow our Removal Guide here How to remove Google Redirects. You will move to the Automated Removal InstructionsIf it finds something make sure Cure is selectedNext click Continue then Reboot nowA log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.Please post your MBAM log.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.>>>As you are not seeing scare or ransomware skip RKill.Then run SAS in Safe mode.>>>>Please download MiniToolBox, save it to your desktop and run it. Checkmark the following checkboxes: Flush DNS Report IE Proxy Settings Reset IE Proxy Settings Report FF Proxy Settings Reset FF Proxy Settings List content of Hosts List IP configuration List Winsock Entries List last 10 Event Viewer log List Installed Programs List Users, Partitions and Memory size. List Minidump FilesClick Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.Post back all logs.

16 more replies
Relevance 77.08%

Hello all,

I have tried to do many many things before having to ask for help and I'm just at a dead end now. I managed to download a very corrupt file and it has really jacked my computer up. I fixed many of the issues and my computer was running fine with the exception of a very slow desktop load and google links redirecting me to advertisement sites. Recently my computer has completely stopped loading the desktop in normal boot mode. It will load my background wallpaper and that is all. I can bring up task manager and it shows explorer.exe running along with 20 or so other processes (each which I checked individually and appear to be legit). I am currently running in safe mode and have done several MBAM/Super Anti-spyware/avast anti-virus/CClearner/Spybot scans and I can't seem to get things working. I'm fairly sure it is some kind of registry issue. Before this problem started, avast kept telling me there was a problem with user.32.dll or something along those lines and it could not repair it or anything. This error came up every time I opened any type of app or even a txt file. My power kicked off (from weather conditions) and when I loaded my computer back up (first reboot since I was getting the avast user32.dll virus detected type errors) I encountered the desktop not loading in normal boot. I am trying to fix this issue without having to do a Windows XP repair with the boot disc mainly because, in my infinite wisdom, I didn't create the... Read more

Answer:Google Redirect - possible malware?

Hi are your MBAM scans coming back all 0's?Let's try part 1 of S!Ri's SmitfraudFix Please download SmitfraudFixDouble-click SmitfraudFix.exeSelect option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).Please copy/paste the content of that report into your next reply.Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.http://www.beyondlogic.org/consulting/proc...processutil.htm

9 more replies
Relevance 77.08%

I browse in FF5 and with Malwarebytes as my antivirus. Through some admittedly careless browsing I recently caught and defeated a trojan that made itself look like a Java update but now I'm getting google redirects to random sites/spam sites. I've researched this topic on the forums, downloaded all the tools and I'm now posting logs here to determine what exactly they mean and what should be done.SecurityCheck.exe: did not return a logMiniToolBox Log:Proxy is not enabled.No Proxy Server is set.========================= End of IE Proxy Settings ======================== =============== Hosts content: ============================================ # Copyright © 1993-2009 Microsoft Corp.## This is a sample HOSTS file used by Microsoft TCP/IP for Windows.## This file contains the mappings of IP addresses to host names. Each# entry should be kept on an individual line. The IP address should# be placed in the first column followed by the corresponding host name.# The IP address and the host name should be separated by at least one# space.## Additionally, comments (such as these) may be inserted on individual# lines or following the machine name denoted by a '#' symbol.## For example:## 102.54.94.97 rhino.acme.com # source server# 38.25.63.10 x.acme.com # x client host# localhost name resolution is handled within DNS itself.# 127.0.0.1 localhost# ::1 localhost=============== End of Hosts ==============... Read more

Answer:Google Redirect Malware from FF5

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.To avoid confusion, I am closing this topic.

1 more replies
Relevance 77.08%

I believe that I have fully removed a google redirect virus. I am having various problems with my computer not associated with this virus, however, a BC advisor suggested I make sure the problem is gone by presenting the following information. I need to post this before they will address my other problems.This is a response to a previous topic: http://www.bleepingcomputer.com/forums/topic356053.html/page__p__1987717__fromsearch__1#entry1987717DDS Log:DDS (Ver_10-11-03.01) - NTFS_AMD64 Run by Alex at 18:22:11.87 on Thu 11/04/2010Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8183.6994 [GMT -4:00]============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Program Files\Dell\DellDock\DockLogin.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:... Read more

Answer:Possible Google Redirect Malware

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

2 more replies
Relevance 77.08%

I seem to have picked up some malware - I think it was when Windows media player installed a bogus codec file a few days ago. Since then, it is redirecting google links about half the time to what seems like random sites.

I ran avira antivirus, which identified a number of files.

C:\Documents and Settings\Tony\Local Settings\Temp\HDExtrem.exe
[DETECTION] Is the TR/Obfuscated.agpy Trojan
C:\Documents and Settings\Tony\Local Settings\Temp\tmp32.tmp
[DETECTION] Is the TR/PCK.Tdss.V.2 Trojan
C:\Documents and Settings\Tony\Local Settings\Temp\tmp33.tmp
[DETECTION] Is the TR/Patched.GE Trojan
C:\RECYCLER\S-1-5-21-1540629380-1631975662-1204238677-1005\Dc313.exe [0] Archive type: NSIS
[DETECTION] Contains recognition pattern of the DR/Obfuscated.agpy.8 dropper
--> ProgramFilesDir/HDExtrem.exe
[DETECTION] Is the TR/Obfuscated.agpy Trojan
C:\WINDOWS\Temp\tempo-2477484.tmp
[DETECTION] Is the TR/Spy.Router.A Trojan
C:\WINDOWS\Temp\tempo-2477593.tmp
[DETECTION] Is the TR/Clicker.GN Trojan

These were all quarantined by avira. I also ran adaware, which didnt find anything. However, the malware has proved resistant, and continues to redirect to odd places.

Any assistance would be gratefully received!

DDS.txt

DDS (Ver_09-06-26.01) - NTFSx86
Run by xxxx at 18:39:22.65 on 07/07/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2825 [GMT 1:00]

AV: AntiVir Desktop *On-ac... Read more

Answer:Google redirect malware - please help

Hello and welcome to TSF.

Please note that the fix may require more than one round to properly eradicate. Stay with me until you're given the "all clear", even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions in the order they are presented, and please do no self-fixing or running of scanners unless requested by me or another helper at this forum.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

======================

One or more of the identified infections is a backdoor trojan.

This type of infection allows hackers to remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Please read this: How Do I Handle Possible Identity Theft, Internet Fraud, and CC Fraud?

============================

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may ot... Read more

18 more replies
Relevance 77.08%

Hi Bleepingcomputer,

My firefox and internet explorer has been infected with some malware whereby searching items through google and then clicking on a seach results redirects me which i'm guessing through a proxy to another search engine selling me stuff among other things. Usually when i click on a search result it will change the web address to www.com.au or something along those lines before the redirect. I've inadvertently relized i can by pass this mechanism by clicking on the cached version of sites before clicking on the actual site i wanted but i know that this workable solution isn't really dealing with the underlying problem.

After scouring half the internet and trying to go about with make shift solutions and tried to do it myself, I've decided to bite the bullet and ask for some much needed expert assistance (much to the dismay of my manhood). Jokes aside, I've been running several malware cleaners (Malwarebytes' Anti-Malware, TDSS killer, Hitman Pro 3.5) all with varying levels of progress.

rkill run first then Malwarebytes doesn't find anything
tdss killer found the file sptd.sys file but couldn't not fix/clean it accordingly and i was too afraid to delete it for fear of it bricking my computer
Hitman pro 3.5 got rid of a few of the cookies and caches and made it clear to me that a proxy was in place
i've gone into the windows/system32/drivers/etc and change the host files because i know it was redirecting me but it keeps ... Read more

Answer:Google Redirect Malware

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/415409 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

2 more replies
Relevance 77.08%

Hello, I'm new here and I was wondering if anyone could help me. My google searches will occasionally be redirected to adsites, It doesn't seem to be affecting anything else on the computer, but it's extremely annoying. I've tried a couple antivirus programs, avg and avira, and no luck.

I'm running windows 7.

I would apprectiate any help. Thanks.

Answer:Google REdirect malware

Please follow this Guide Perparation GideDo Step 6-9 If GMER doesn't work just skip it and move on Post it in Vius,Trojan,Spywareand Malware Removal Logs Once you post it a Moderater will come and close this topic

2 more replies
Relevance 77.08%

Within the last couple months, if I click on a search in google, it will redirect me to other websites, the one I can remember specifically is happili.com. I have run Avast anti-virus, Ad-Aware, and HitmanPro35 and nothing comes up as bad on the computer but clearly there is. How do I get rid of this? Please help!

Below is my HijackThis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:38:07 PM, on 11/23/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18975)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\WLTRAY.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Users\Neil and Jess\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iex... Read more

Answer:Google redirect malware

Hello, Jessika.My name is aommaster and I will be helping you with your log.I apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.If you have since resolved the original problem you were having, I would appreciate you letting us know. If not please perform the following below so I can have a look at the current condition of your machine.ThanksShould you still require assistance, please take note of the points below:Please track this topic by either adding it to your favourites or clicking the Options button at the top of this thread and then Track this topic.Please disable word-wrap before posting logs. This can be done by clicking Format and un-ticking the word-wrap feature in notepad. The logs that you post should be copied and pasted directly into the reply. Only attach them if requested or if they do not fit into the post.If you do not reply within 5 days, I will have to close your topic. Should you not be able to meet this, please notify me so that I will leave the topic open.Please do not install, update, or run any programs for the duration of the fix.If you do not understand the instructions I provide, please don't hesitate to ask. That's what I'm here for Please continue to reply to this topic until I give you the all clean. Just because there are no symptoms of infection doesn't mean that the computer is clean.If you are running Vista or Windows 7, please run all the fixes as an administrator. This i... Read more

24 more replies
Relevance 77.08%

My current OS is XP, i have ran malwarebytes as well as McAfee with no luck in removing the infection. I'm new to the forums and would greatly appreciate any help in solving my problem.

Thank you

Edit: This started happening right after "System Defender" found its way onto my machine. The popup stated i had lots of viruses and said i needed the program, (i had seen this popup before) so i clicked the red "x" in the right corner of the window to close it and it still installed. Malwarebytes removed System Defender but i think its having problems with the other malware that came with it.

When i try to go to google.com i'm instantly redirected to google.nl.....any searches i make bring up real results but the links do now work. I have never run a hijackthis log either so not really sure what to do with that.

More replies
Relevance 77.08%

My father has not been able to use his laptop for some time as it has numerous viruses. I think I have been able to clean up most using Malwarebytes, Spybot etc, but I am unable to find or remove this one.

When using IE any search results using Google are redirecting to various sites ranging from ebay to porn sites.

I have installed Chrome, which seems to be unaffected by it.

Any help would be gratefully received.

Logs below and attached.
===

DDS (Ver_10-11-27.01) - NTFSx86
Run by Barrie Wills at 16:11:59.14 on 29/11/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.322 [GMT 0:00]

AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program... Read more

Answer:Google Redirect Malware

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

4 more replies
Relevance 77.08%

Hi all,I seem to have picked up the Google redirect virus through my ignorance of the .Net Assistant's addition into my Firefox extensions and unfortunately was unable to find much in terms of commonly effected files and registry keys to manually clean it. I've now run a gauntlet of programs. Ad-Aware, Malwarebytes, SpyBot S&D, and SAV10 were unable to find the issue, as I've read is common, so I moved onto using Hitman Pro 3.5 which seems to have cleared up the issue. I just wanted some reassurance today, though, so I ran the ComboFix utility provided at this site. It looks like the results were fairly clean, but I'd just like any other opinions on the results from the logfile. Please let me know if you see any red-flags or have any other suggestions on further steps I should take (beyond reformatting) to further ensure that this threat was eliminated. Thanks in advance ComboFix 10-02-21.02 - Jere 02/21/2010 17:30:22.1.1 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.615 [GMT -6:00]Running from: c:\documents and settings\Jere\Desktop\ComboFix.exeAV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\documents and settings\Jere\Application Data\Microsoft\Internet Explorer\Quick Launch\xp-AntiSpy.lnkC:&#... Read more

Answer:Google Redirect Malware

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

14 more replies
Relevance 77.08%

Anytime I click a search result from google, I'm redirected to a variety of spam sites (ie. wantangel.com).

Malware Bytes, SBS&D, and AVG all find nothing, except a few times I've plugged my phone in (T-mobile HD2) it says that autorun.inf (I could be wrong on the exact file name) has been detected as a virus and moved to the vault.

I've attached my hijack this log.
Thank you very much in advance!
 

Answer:Google Redirect Malware

10 more replies
Relevance 77.08%

We've picked up the dreaded go.google.com (or something like it) Browser Redirect illness. Using Google to search is now useless. And, I am so tired of reading about the lady making $5463 per month from home! I've tried Ad-Aware (fresh download of latest version), Spybot S&D (with latest updates, and running in background), and Malwarebytes (fresh download). None of these finds any problems - but google seraches still redirect. Below are the latest mbam and hijackthis scans. Thanks in advance for the help.mjgariepyMalwarebytes' Anti-Malware 1.42Database version: 3409Windows 5.1.2600 Service Pack 3Internet Explorer 8.0.6001.1870212/22/2009 11:39:09 AMmbam-log-2009-12-22 (11-39-09).txtScan type: Full Scan (C:\|D:\|)Objects scanned: 257071Time elapsed: 1 hour(s), 16 minute(s), 12 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:41:41 AM, on 12/22/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Ex... Read more

Answer:Google Redirect Malware

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand corner ... Read more

2 more replies
Relevance 77.08%

I have had this problem in the past when using google as a search I get redirected to multiple different search sites. I had a computer shop clean out 219 pieces of malware a few weeks ago, it lasted for about 2 days and now it's back, i'm at wits end!.....Al

Answer:Google redirect malware

Please follow the instructions in ==>This Guide<== starting at Step 6.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Orange Blossom

1 more replies
Relevance 77.08%

Hey there, I've noticed recently when I click links on Google they will take me to other websites of advertising and other rubbish that I didn't actually click on. I also had a pop-up the other day (I'm on Vista) asking me to Allow a programme to be installed and it wouldn't stop asking me to install it and I had to push cancel for a good 10 mins before it went away, my antivirus said it was a trojan, I've just turned my PC on and it says I have malware (according to AVG...).Please could you direct me with any help, I should be okay following instructions I've done these a few times before I'm not sure what I'm infected with but I feel something is there, any help would be a great help!ThanksFRISC0EDIT: Here is my DDS Log:.DDS (Ver_11-03-05.01) - NTFSx86 Run by Jamie at 15:50:34.28 on 01/04/2011Internet Explorer: 8.0.6001.19019 BrowserJavaVersion: 1.6.0_22Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2047.579 [GMT 1:00].AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\PROGRA~1 ... Read more

Answer:Google Redirect & Malware

Hello,Apologize for the delay as the forum is extremely busy and short of volunteers.Multiple AntiVirus RunningI see you have more than one Anti-Virus program installed, ( AVG 10 ) and ( Avast! ).While this may seem like greater protection, it can cause problems including slowdowns, system hangs or even crashes. This can happen if both AntiVirus applications attempt to access the same file at the same time. This may cause the applications to interfere with each other, or cause the system to lock up. It can also be a drain on system resources, making a machine run slower than it should.You are strongly advised to uninstall AVG because it has flagged one of the Combofix's component as dangerous. If you still have difficulty running CF, please refer at the beginning of CF speech for alternative solution.Any antivirus program must be removed via add/remove program.For any program that doesn't have an add/remove entry, you will have to do this: Re-install the program -> Reboot -> UninstallAVG has a removal tool which should also be run if you choose to uninstall ithttp://www.avg.com/download-toolsChoose the 32bit removerRun it according to the instructions.===================================================Please read through these instructions to familarize yourself with what to expect when this tool runsDownload ComboFix from one of these locations:Link 1Link 2* IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware... Read more

15 more replies
Relevance 77.08%

Hello to All, I have a redirect issue which intermitingly but reguarly redirects my web pages to a ad site called mynewswheel.com only when I browse from google (my home page) does this occur, If I browse directly from the taskbar (IE 9) I never have this issue only when using the Google search engine.It also mutes the audio on my flash player when watching you tube etc if I have a window open in Internet Explorer at the same time.if no Internet Explorer windows are open and I open say ABC Iview (internet TV) which uses flash Player from the task bar
(no Google involved) AUDIO IS FINE!!! as soon as I open another window in Internet explorer in the background the audio stops working on the flash player (arrrrrg!!!).Any help from a guru on this type of issue would be greatly appreciated, Thanks again

Jazza

Answer:Google Redirect Malware

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

17 more replies
Relevance 77.08%

Not sure where it came from but maybe someone here can help.DDS log belowDDS (Ver_10-03-17.01) - NTFSx86 Run by carrivas at 15:25:57.30 on Mon 07/19/2010Internet Explorer: 8.0.6001.18928 BrowserJavaVersion: 1.6.0_20Microsoft? Windows Vista? Business 6.0.6002.2.1252.1.1033.18.3453.1949 [GMT -7:00]SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Program Files\Microsoft Security Essentials\MsMpEng.exeC:\Windows\system32\Ati2evxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\SLsvc.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\Ati2evxx.exeC:\Windows\System32\WLTRYSVC.EXEC:\Windows\system32\WLANExt.exeC:\Windows\System32\bcmwltry.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\Windows\System32\spoolsv.exeC:&#... Read more

Answer:Google redirect malware

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

2 more replies