Computer Support Forum

malware: google yahoo redirect and can't launch malware removal software

Question: malware: google yahoo redirect and can't launch malware removal software

Hi,

I am the IT manager in my company.

I have a co-worker, his computer has search redirect issue. That means most likely it has malware.
Then i installed some major malware removal: Spybot Search & Destroy, SUPERAntiSpyware, Malwarebytes

After i installed them, i cannot launch them(That definitely means it has some kind of malwares)
I needed to rename their .exe files, after i can run them and scan my computer.

SUPERAntiSpyware, Malwarebytes found something, but didn't solve the problem, search redirect and
blocking malware removal software are still there. Now i am running Spybot Search & Destroy will see what happened.

By the way, i run them in safe mode because when i logon window to normal mode, it is slow (like it takes a long time to explore hard drive, etc). I suspect the malware slow down my pc. hopefully not registry corrupted or something, but works smoothly in safe mode.

So you guys have any suggestions? or you need a log file from combofix?

Please advise,
Tommy

Relevance 100%
Preferred Solution: malware: google yahoo redirect and can't launch malware removal software

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: malware: google yahoo redirect and can't launch malware removal software

Try this:http://www.bleepingcomputer.com/virus-remo...sing-tdsskiller

5 more replies
Relevance 100.04%

I need help removing a yahoo search redirect/hijack malware from my computer. When I enter search terms, appropriate results appear, but upon clicking the links, junk/spam search sites appear instead of the correct link.McAfee Security has issued warnings about an Artemis trojan, though I don't know if this is the same virus/malware that it causing the problem.As instructed by the preparation guide, here is the DDS log and attached are attach.txt and ark.txt.DDS log:DDS (Ver_10-03-17.01) - NTFSx86 Run by Admin at 14:32:14.42 on Wed 07/21/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1450 [GMT -7:00]AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exesvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exeC:\WINDOWS\system32\CTsvcCDA.exeC:&... Read more

Answer:yahoo search redirect/hijack malware removal

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEmsconfigsafebootminimalactivexdrivers32netsvcs%SYSTEMDRIVE%\*.exe/md5st... Read more

14 more replies
Relevance 99.63%

I have been fighting with this one for 3 days now. Searched and tried all the following.

Symptons:

1. Antivirus programs disabled.
2. System restore disabled.
3. redirects from all search engines.

I did a manual system restore from recovery console to the last date I was not infected. Now I was able to install AVG, and norton and Malwarebytes. Ran all but still the redirects. Replaced apati.sys, from another computer, and a few other files that I have read maybe infected from other forums.

I have used the following programs to no avail

1. Avg 9.0
2. Norton anti virus 2010
3. Malwarebytes
4. combofix
5. MGtools


I am attaching logs.

Thank you in advance for your help.
 

Answer:google, yahoo,... redirect malware

I also went into recovery console and did a fixmbr, but still redirects
 

3 more replies
Relevance 99.63%

Hi there,I am a new user. I am running Windows 7 Home (64 bit) on my laptop and I have an issue where any link I click on either Google/Yahoo takes me somewhere else. I have done various scans with McAfee and Malwarebytes but nothing is found. I have checked my hosts file and cannot see anything wrong with it. Please help! My HijackThis log is pasted. Please Help!Logfile of Trend Micro HijackThis v2.0.4Scan saved at 12:59:43, on 06/10/2011Platform: Windows 7 SP1 (WinNT 6.00.3505)MSIE: Internet Explorer v9.00 (9.00.8112.16421)Boot mode: NormalRunning processes:C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exeC:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exeC:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Windows\SysWOW64\RunDll32.exeC:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exeC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files\Sony\VAIO Care\listener.exeC:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exeC:\Windows\SysWOW64\DllHost.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.eu/vaioportalR1 - HKCU\Software&... Read more

Answer:Google/Yahoo Redirect malware

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the r... Read more

3 more replies
Relevance 98.81%

Hello, when I search with Yahoo the links I click on take me to result.yahoo.ca and then redirects. If I click back and then try again I get my destination fine. Google is also bad. I have run Malwarebytes and a host of others,..all to no end.I have run these programs with log files and was told to post here.Thanks you for your help in advance.GooredFix by jpshortstuff (08.01.10.1)Log created at 06:26 on 10/06/2010 (Grigo68)Firefox version [Unable to determine]========== GooredScan ==================== GooredLog ==========C:\Program Files\Mozilla Firefox\extensions\(none)[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions](none)-=E.O.F=-GMER 1.0.15.15281 - http://www.gmer.netRootkit scan 2010-06-10 06:33:59Windows 6.1.7600 Running: 2gqvgqfd.exe; Driver: C:\Users\Grigo68\AppData\Local\Temp\ugroqpod.sys---- System - GMER 1.0.15 ----INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E2AAF8INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E2A104INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E2A3F4INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E132D8INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft ... Read more

Answer:Google Yahoo redirect malware/virus - please help!

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you let... Read more

14 more replies
Relevance 98.81%

like many others here i seem to have the redirect virus from yahoo, google, etc. additionally, i am unable to make any updates to windows or malwarebytes. if i run malwarebytes it will usually scan to about 21,000 files and then goes to a blues screen, saying DRIVER IRQL NOT LESS OR EQUAL, upon restart everything appears to work normally but continues to redirect. when i attempt to update malwarebytes i get the 732 error message. i have followed the instructions to fix this from another thread but it did not work. i also have access to another uninfected computer and downloaded a "clean" version of malwarebytes, installed it to the infected computer but it will still not update and the computer goes to blue screen after scanning for several minutes. after examining another related thread i also looked into the device manager for a suspect file but going through control panel>system>hardware>device manager>view>show hidden devices. within that there is an exclamation mark in yellow next to the entry DS1410D. i disabled this, rebooted, and tried to update malwarebytes but it did nothing. i have only tried these things in an attempt to solve this problem on my own and save some time for all the helpful people here and not to circumvent the rules of this community. but it seems that i do not have the skills to do this. thanks so much and i hope to speak with someone soon.i use the following programs that might pertain to this issu... Read more

Answer:redirect from yahoo/google can't update or run malware

could anyone help me with this? i aplogize for bumping but i gotten no responses after 7days. thanks again.

28 more replies
Relevance 97.58%

Hello,

I would appreciate you guys if you can take a look at this logs from malwarebytes and hijackthis. I keep scanning with malware bytes and keep getting the same infections after removing and restarting.

Thanks for all your help.

Answer:Search engines (google, yahoo etc.) redirect - possible malware

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 97.17%

Hello,

I'm dealing with heavy search redirect symptoms, I have no idea how to deal with this, and I would really appreciate any help I can get.

Thanks in advance!
DDS (Ver_10-12-12.02) - NTFSx86
Run by user at 18:06:05.34 on Mon 02/14/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1431 [GMT -5:00]

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\... Read more

Answer:google redirect malware removal

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!These instru... Read more

16 more replies
Relevance 97.17%

I am having trouble removing what i believe is a malware issue. Every link i click on in google and a couple other search sites redirect me to shopping sites. Anti-malware bites cannot seem to locate it. also running vipre and that also cannot seem to find it. Any suggestions? Thank you in advance for help with my first post.

Answer:google redirect malware removal

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic and do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for postin... Read more

2 more replies
Relevance 97.17%

I know this is a super common thread, but i really need someone to work with me 1 on 1 to rid this malware from my pc once and for all!
The usual description here... Searching anything in google is hijacked to an other site.
Any help would be appreciated

Mitch barker

More replies
Relevance 97.17%

GreetingsThe darn Google redirect virus has infected one of my computers! Just capping off a good week when I had a catastrophic card failure fried that a cpu! My son is the primary user of this computer so it has games AOL and lots of other junk.I did find the TSSD virus and removed it from the start up menu but the virus is still live. Typing incomplete addresses (missing .net, .com etc) into Firefox or Explorer results in Yahoo search engine starting, I though this was a function of the AVG toolbar configuration but it may not be. I also get an apparent false AVG trojan virus's found pop up. AVG is used along with SpyBot. I've since added superAntiSpyware and MalwareBytes and cleaned out a lot of adware features.If there wasn't a lot of kids stuff I'd probably just blow it away and reinstall.ThanksTonyAnyway, the DDS.txt and GMER results followDDS (Ver_10-03-17.01) - NTFSx86 Run by Anthony at 17:37:40.12 on Wed 05/26/2010Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_16Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1146 [GMT -4:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exe... Read more

Answer:Malware Removal - Google redirect? and others?

Hi Tony I know how you feel......it's maddening. Please disable Spybot and leave it disabled until we're finished, as it tends to interfere with the necessary changes we're going to make.Go to this page and Download TDSSKiller.zip to your Desktop.Extract its contents to your desktop and drag TDSSKiller.exe on the desktop, not in the folder.Vista Start logo >All Programs> Accessories> RIGHT-click on Command Prompt and Select Run As Administrator. Copy/paste the following bolded command and hit Enter."%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -vIf TDSSKiller alerts you that the system needs to reboot, please consent.When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.Thanks,teaI'm going to close your other thread.

2 more replies
Relevance 97.17%

Hi,

I've recently been having a lot of trouble with various google redirect malware. I tried to use Malwarebytes Anti-Malware but it is to no avail. I was just wondering if anyone could please help me sort of this issue.

Thanks

Answer:Removal of Google Redirect Malware

Please follow these instructions:

http://www.bleepingcomputer.com/forums/topic34773.html

1 more replies
Relevance 97.17%

For the last couple of days, clicking a google search result usually displays an unrelated page. I've read about this malady on numerous forums and tried many remedies. Malwarebytes seems to have removed a few items, but it didn't fix the problem. The last thing i tried was combofix. Following directions I found at xdelbox.com, I used a CFScript.txt file with the following lines (which I think only eliminates the advanced virus remover virus anyway)

File::
c:\windows\system32\winupdate.exe
c:\windows\system32\winhelper.dll
c:\windows\system32\AVR09.exe
c:\Program Files\AdvancedVirusRemover\PAVRM.exe

I really hope the experts here can help me, or I'll have to learn how to use bing instead of google. Here's my DDS.txt (and many thanks in advance):
DDS (Ver_09-10-26.01) - NTFSx86
Run by Me at 21:05:37.10 on Thu 11/12/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.350 [GMT -10:00]

AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\EvtE... Read more

Answer:Google redirect malware -- need removal help

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.??If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine.??Please perform the following scan:Download DDS by sUBs from one of the following links.??Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool.??No input is needed, the scan is running.Notepad will open with the results.Follo... Read more

3 more replies
Relevance 97.17%

I've already tried Avira AntiVir Scanning, Malware Anti-Bytes, Ad-Aware, Windows Defender, CCleaner and SUPERAntiSpyware. All programs have removed some stuff but I still have the OVERCLICK.CN redirect whenever I do a GOOGLE search. So here is my last plead for help otherwise I'll have to reformatHere is my HIJACK LOG:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:33:58 AM, on 6/24/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Avira\AntiVir Desktop\sched.exeC:\Program Files\Avira\AntiVir Desktop\avguard.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Java ... Read more

Answer:Google Redirect Malware Removal - HELP!

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 97.17%

Hi guys, Any help with this would be greatly appreciated. My work computer has a case of the google redirect malware/adware that is cropping up all over lately. The "virus" will cause google searches to be redirected to alternate pages or search engines. Another thing I have noticed is that most pages that run 'Ads by google' are also replaced with malware links, like "STOPZILLA" etc. I also have about 50+ processes running, not sure how many are malicious. Another odd thing is that the computer seems to be stalling Malwarebytes antumalware (eg. click it and it wont run).I have run hijackthis and here is the log from that: Logfile of Trend Micro HijackThis v2.0.4Scan saved at 12:49:29 PM, on 9/23/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Symantec Client Security\Symantec AntiVirus\Smc.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\hkcmd.exeC:\Program Files\Common Files\Apple\Mobile Device Suppor... Read more

Answer:Help with Malware Removal - Google Redirect

Hello systemtool,Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Since this is a work computer, do you have a IT dept? ************Download Security Check by screen317 from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt.Please post the contents of that document. ************We need to run GMER for rootkits. If you having trouble running GMER, try running it in the Safe Mode. QUOTEHow to Reboot into Safe Mode tap F8 key during reboot, until the boot menu appears...use the arrow keys to choose "Safe Mode" from the menu......,then press the "Enter" key.Please download GMER from one of the following locations, and save it to your desktop: Main Mirror This version will download a randomly named file (Recommended) Zip Mirror This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop. Close any and all open programs, as this process may crash your computer. Double click or on your desktop. Allow the gmer.sys driver to load if asked. You may see this window. If you do, click No. Click on and wait for the scan to finish. **********Please download RKill by Grinler from one of the 4 links below and save it to your desktopLink #1Link #2Link #3L... Read more

2 more replies
Relevance 97.17%

Hi, this is my 1st time on this site so apologies if I don't follow the correct protocol. I was hit by the Google redirect malware and followed the full procedure listed in the Malware removal support forum.
I no longer get the redirects to various search websites, but I want to be sure the various software I installed and ran has now fully solved the problem.
I attach 4 of my files and hope someone can analyse them and confirm this is the case. I guess I just send the 5th file in a reply to this post?
Regards, Ric
 

Answer:Malware Removal - Google Redirect

And here is the 5th log
 

8 more replies
Relevance 97.17%

I am getting redirected from google to unwanted sites.. my computer has gotten sluggish also. I have uploaded logs, hope you can see the problem.. I have had no luck

Answer:google redirect malware removal help

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

3 more replies
Relevance 96.35%

Error 404 Redirect on Google.com after malware removalProblem:When attempting to access Google.com, the following error appears: Actual redirection does not occur and the issue can be intermittent. Discussion:This issue can occur when URL search hooks remain after malware removal that contains a hijacker payload has been removed. This can affect any browser, including Chrome, Firefox, Safari, etc. NOTE: If actual webpage redirection occurs, the system is still active and malware removal should continue instead of this process. Resolution:Remove the remaining URL search hook in Windows Registry. NOTE: Make a backup of the registry by clicking Filex, Export, and save the backup to whereever you wish. 1. Click Start. In the Search\Run box, type regedit and press <Enter>. Click Yes to the UAC prompt.2. Navigate to the following key: HKEY_LOCAL_MACHINE\Software\Microsoft\ Internet Explorer. Click on the URLSearchHooks key.3. In the right pane, right click each entry and choose Delete. The only entry that should remain is the Default value. 4. Close the Registry Editor. Restart the system.If the issue continues, then the system still has an active infection. Continue with malware removal processes.I see this one all the time, unfortunately. Thought I would share.

More replies
Relevance 96.35%

I am having an issue of being constantly redirected when trying to reach links in Google. This is from both Firefox (latest) and Chrome. Below is my DDS log file as well as the attached files as requested. Please help!!.DDS (Ver_11-03-05.01) - NTFSx86 Run by CAL at 11:14:23.62 on Tue 05/17/2011Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_25Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.3068.1996 [GMT -4:00].SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exeC:\Windows\system32\Ati2evxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\SLsvc.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\Ati2evxx.exeC:\Windows\RtkAudioService.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Program Files\Protector Suite QL\upeksvr.exeC:\Windows\System32\spoolsv.exeC:... Read more

Answer:Google Redirect Virus - Malware Removal

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator&#... Read more

2 more replies
Relevance 95.53%

Hello,

I am having a problem with being redirected in google and yahoo.

I also am unable to check for updates on Malware "Update failed. Make sure you are connected to the internet and your firewall is set to allow malwarebytes anti-malware to access the internt".
- My internet works.
- My firewall has Malwarebytes anti-malware on the exception list
I can run the quick scan and full scan and it shows no problems.
I CAN NOT update at all before I run them.

Some web pages will not connect at all.
- I cant get on any Microsoft page. I get the error page "Internet Explorer Cannot Display the Web Page"
- I can get on Malwarebytes web page. I get the error page "Internet Explorer Cannot Display the Web Page"
I am connected to the internet. It is as if this virus does NOT want me to get help!!!
- I also tried to download run the AVG Internet Security Free Version. It wont let me download it either. I get an error message.

HELP!!
Thanks so much,

Answer:Redirect Google & Yahoo, cant update windows or Malware. Cant open some web pages.

Hello, let's try to run either or both of theseIf you cannot use the Internet,you will need access to another computer that has a connection.From there save mbam-setup.exe to a flash,usb,jump drive or CD. Now transfer it to the infected machine, then install and run the program. If you cannot transfer to or install on the infected machine, try running the setup (installation) file directly from the flash drive or CD by double-clicking on mbam-setup.exe so it will install on the hard drive.***Manually Downloading Updates: Manually download them from HERE and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.DownloadFixExe.reg FixExe.reg Download RKill...., Some times several attempts are needed to kill the malwares before running MBAM.Please download Rkill by Grinler and save it to your desktop.Link 2Link 3Link 4Double-click on the Rkill desktop icon to run the tool.If using Vista, right-click on it and Run As Administrator.A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.If not, delete the file, then download and use the one provided in Link 2.If it does not work, repeat the process and attemp... Read more

13 more replies
Relevance 95.12%

i'm having increasing problems with my computer and am now sure i have some form of malware or viruses. i've had a constant popup where MSWord tries to install itself repeatedly, and i have to manually cancel multiple times when i start the computer. i was worried this was a virus, but when i searched about it i found this was related to windows installer. if i disable windows installer, it goes away.

however, for the past week i've started getting repeated popups saying that google update has encountered a problem and needs to close. i read on some forums that this was related to a google chrome installation. i don't remember if i've even installed google chrome-- but i can't find it on my computer to uninstall it. in the past few days i've started to be redirected to various ad sites when i search for things on google in firefox. i have avira antivirus, windows defender, have used windows malicious software removal tool, lavasoft adaware, and windows defender. all were coming up with no malicious software when scanned, but the problem persists. windows malicious software removal tool just finished a full scan and removed one infection, for an ad program it said would cause random popups, which i haven't had a problem with. i have tried repeatedly to install MBAM and hijack this, along with other tools. even after renaming, i had a lot of problems. MBAM would not open at first, then would partially install, then finally said it completed its installation, started to update... Read more

Answer:google update problem, google search redirect, can't install malware removal tools, stopzilla(?) reported infected by UACd,...

i might've misunderstood the DDS instructions on the tutorial on how to post about these things. i looked at a couple of other posts where people have posted their hijackthis logs. here's mine:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:57:42 PM, on 4/1/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16791)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\ctfmon.exeC:\Program Files\SiteAdvisor\6261\SiteAdv.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exeC:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\program files\common files\mcafee\mna\mcnasvc.... Read more

5 more replies
Relevance 95.12%

After I followed some instructions to remove the system diagnosis malware, some others remained and I don't know how to remove them.
I followed the instructions on pasting the DDS log, but had a problem with gmer.exe. When I opened gmer.exe, I was only allowed to check some of the settings, I can only check services, registry, files and ADS.

DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.3.1
Run by Yongbin at 17:58:05 on 2012-09-14
Microsoft Windows 7 Home Premium 6.1.7601.1.936.86.1033.18.3835.2614 [GMT -7:00]
.
AV: 360杀毒 *Disabled/Updated* {A0FD413B-F662-C08C-7B21-F57CED225A55}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Program Files (x86)\360\360Safe\deepscan\Zh... Read more

Answer:Malware removal leftover (google redirect and sound ads)

I forgot to mention, there are some chinese programs in that DDS list. I looked over it and the programs with Chinese characters are virus scan, firewall protection, Chinese character input, and video player.

46 more replies
Relevance 95.12%

Hello,Today my computer was affected by a malware which redirects me to a search website which makes me install malicious programs, I manager to get rid of those programs by Spybot. But google searching sometimes redirect me to those website (about 1 out of 5 clicks). I scan my computer with Malwarebyte/Spybot in Safe Mode but I couldn't find anything. In addition, I cannot do windows updates, it keeps lagging and it doesn't response. Please help me fix this, I really need my computer to be safe soon before my school project presentation. I only have DDS report, GMER doesn't work for me (keep crashing with blue screen). Thanks in advance. UPDATE 1: I get redirected even not using google! Sometimes I browse around websites and then bring me to those malicious sites!Update 2: Here's what I got from AVG virus scan:"C:\Windows\System32\wuauclt.exe (5388):\memory_00010000";"Trojan horse Agent_r.XJ";"Object is inaccessible.""C:\Windows\System32\wuauclt.exe (5388)";"Trojan horse Agent_r.XJ";"""C:\Windows\explorer.exe (1060):\memory_00010000";"Trojan horse Agent_r.XJ";"Object is inaccessible.""C:\Windows\explorer.exe (1060)";"Trojan horse Agent_r.XJ";""DDS (Ver_11-03-05.01) - NTFSx86 Run by Kenny Tang at 14:41:17.71 on 22/03/2011Internet Explorer: 8.0.6001.18999 BrowserJavaVersion: ... Read more

Answer:Google redirect malware residual after Spybot removal

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
Do not d... Read more

17 more replies
Relevance 95.12%

I had a Google redirect problem that I employed Avast, Avira, Malwarebytes, Adaware, and Hack(something)500.exe that finally seemed to fix the problem. I also downloaded HJT and found some other issues that I tried to clean up as best I could. The only issues I can see from the log is two entries for missing files. Can someone take a look at my log and tell me if they see any other issues I need to address. The removal process and research about what went wrong has taken me most of the day and I would just like to make sure I haven't missed anything. Thanks for your time.

I am running fully updated XP Pro SP3 and Avira AntiVir Personal.
 

Answer:Post Google redirect malware removal check

Welcome to Major Geeks!

Please read ALL of this message including the notes before doing anything.

Pleases follow the instructions in the below link:

READ & RUN ME FIRST. Malware Removal Guide
and attach the requested logs when you finish these instructions.
**** If something does not run, write down the info to explain to us later but keep on going. ****
Do not assume that because one step does not work that they all will not. MGtools will frequently run even when all other tools will not.

After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
Helpful Notes:

If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware and Malwarebytes ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
If you cannot seem to login to an infected user account, try using a differe... Read more

1 more replies
Relevance 95.12%

Like many of the other users on these forums, I too am having problems with my browser being redirected to a web page other than that which I had originally clicked (most often through google search links). I have attempted to diagnose a specific problem that is wrong with my pc, but I just don't know what it is. These pop ups seem to be more annoying than malicious, but I have a strong feeling that if I don't do anything soon the problem will get worse. The reason that I say this is because I tried to start my computer in safe mode and Windows refuses to boot properly (I was given an error message that told me that Windows failed to initialize in safe mode). I know that the problem is not SmitFraud because I have had experience with that before. As I stated, these pop-ups are the result of redirected google searches and are not happening when I am not browsing the web.

Some of the websites that I have been getting redirected to include:

green-insulation.net
zanuga.com
freewareplus.com
searchfindsite.com
innatpenn.com
search27.info.com
iwa-spain.com
mylocalhero.com
online-scaner-software.net
nyas.com

...and many, MANY more.

The only other clue that I have which might help to lead to a solution is that almost every single redirect site uses the same exact logo on the browser tab next to the name of the website. I have attached a small .jpg file which shows the logo that I am speaking about. (a second logo of a wire frame green sphere appears less often but still of... Read more

Answer:malware removal request : google redirect problem

hi dgwozdz,

Sorry for the delay. If you still need help with the redirects simply reply to my post.

11 more replies
Relevance 94.71%

Good Day,

My sister in laws laptop got a program called Live Security Platinum and she took it to a computer shop. They removed the program but the system keeps redirecting to random websites when searching on Yahoo, Google and MSN(Bing). The operating system is Windows Vista with Service Pack 2. The redirects are occuring in both Chrome and Internet Explorer. The browser will travel to the website in the search links but then forwards on to a random website. When I got it I figured it was a exploit of Java 6 so I removed older versions and install the lastest version from Sun/Oracle. Below is the DSS.com log and attached are the Attach and Gmer logs. When running GMER it did not provide me with the options to select from System all the way downs to Libraries. The only options were for Services, Registry, Files(with C drive, and ADS. There is a copy of ComboFix on the machine so I believe that was ran on this machine by the computer shop. I will await instructions on what to do next.

DDS (Ver_2012-10-14.05) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
Run by Owner at 9:25:53 on 2012-10-14
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.3934.1125 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
=======... Read more

Answer:Malware Live Security Platinum removed but now Google, Yahoo, Bing redirect

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top o... Read more

16 more replies
Relevance 94.3%

Hi,

I have been encountering some problems with my PC over the last few days. I am running eset NOD32 and it is blocking attempts to go to websites when i visit google, select google links, when using hotmail and using other search engines. Eset is doing its job, and preventing the redirect so i am able to continue on normally, but it has become consistent therefore i assume there must be a problem somewhere.

A couple of days ago eset quarantined a pdf exploit virus, and then the issues started.

The only other issue i am having is that the computer is unable to enter hibernation mode.

I am running XP and using Firefox, although same problems are occurring in IE.

I have updated my adobe acrobat and flash player to the most recent versions, however i was using acrobat 7 before infection.

I have read many posts on this website and other to try and rectify the problem including
Malwarebytes
Combofix
gmer
mbr.exe
gooredfix
and others i have forgoten.
I have ran a hijackthis scan and posted below is the log::

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:03:39 PM, on 13/04/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wi... Read more

More replies
Relevance 93.48%

I'm having trouble with my browsers, both firefox and internet explorer. I apparently contracted some malware last night and can't figure out how to get rid of it. All my links in google searches are redirected to ad sites, and after hours of trying to fix it, I'm out of ideas. My virus scanner doesn't even detect it, and I'm at a loss of what to do. I've read several posts about this link redirecting problem already, and tried to follow their intructions. The tools ComboFix.exe and Malwarebytes' Anti-Malware refuse to even run properly. I can see it in process explorer when I try to run them.. they just hangs there and nothing happens. Here is my hijack log... requesting any assistance that can be provided..
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:34:48 AM, on 1/26/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files�... Read more

Answer:google + yahoo links redirect to ad sites, can't get combofix or Malwarebytes' Anti-Malware running

Hi

If you still need help with this post a fresh hjt log, please.

2 more replies
Relevance 92.25%

Hi everyone,Long time lurker first time poster (usually cos other people's malware logs help me diagnose problems on the PCs I fix), but I've really run into a dead end on this one!The machine in question had all sorts of malware on it, including the new "Security Suite" infection that seems to be doing the rounds, I managed to remove the bulk of it, however there's still something a bit fishy up there as avast keeps complaining that explorer.exe and winlogon.exe are infected with "Bamital-X".If I restart the PC, the avast on access scanner does something to explorer.exe and I have to delete the explorer to allow Windows to replace it with a working version, however then after a few more minutes avast pops up an infected warning again!For the moment by the way, I do not have physical access to the computer, I'm connecting to it remotely, however I could probably guide the user through anything that needs to be done in the recovery console if needs be.Hopefully I've done the rest of this right, here's the DDS log and attached are the Attach.txt and GMER logs.Regards,JamesDDS (Ver_10-03-17.01) - NTFSx86 Run by Administrator at 9:51:32.45 on 20/08/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3063.2348 [GMT 1:00]AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}============== Running Processes ===============C:\WINDO... Read more

Answer:PC still claiming explorer.exe is infected after removal of all sorts of malware (including Google redirect)

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the ... Read more

2 more replies
Relevance 89.38%

I recently got a new client who needed help with his computer. It was silly of me to think it would be simple. I was up all night working on it.

His initial problem was that windows would hang on "Loading personal preferences" and would only boot in safe mode. It wasn't the page file, or any of the usual things... though I did start to notice that normal Windows functions didn't work properly, from MsPaint to IExplorer. I tried to run Autoruns.exe and Hijackthis and they shutdown as soon as they were opened. IExplorer wouldn't load pages and firefox would pop up and load the pages instead.

I thought I should just repair windows, which I tried to do and accidentally installed a second copy of windows on the same partition... I then deleted the second windows installation (windows.0), but after that windows would boot fine without safe mode. That was only the beginning though. I found the google redirect on there, a bunch of old adware and a mess of a disorganized computer.

The system also booted and gave a tapi.nfo error, I searched for this and got nowhere. So I went to regedit and deleted the line causing it. It doesn't pop up anymore, but that didn't solve anything.

I looked further into the situation and found that many others are having trouble with rootkit malware that shuts down anti-malware software.

I tried loading malwarebytes, etc, and even renaming the files and the extensions. It still all shuts down immediately when its loaded.
... Read more

Answer:Rootkit, Malware, Tapi.nfo, Google Redirect, Can't open anit-malware

have you tried root repeal? it sounds to me like you've read that post.




Rerun Rootrepeal. After the scan completes, go to the files tab and find this file:

C:\WINDOWS\system32\drivers\UACxpqhxbvttn.sys

Then use your mouse to highlight it in the Rootrepeal window.
Next right mouse click on it and select *wipe file* option only.
Then immediately reboot the computer.

Then run a quick-scan with Malwarebytes. Keep rebooting and running quick-scans with Malwarebytes until it shows zero infections. If after 3 scans it is still not clean post the final log.

this isn't my post so I can't take credit for it but apparently it works
good luck either way. the entire post is called AntiSpy Protector 2009 you should check it out before trying this, good luck

38 more replies
Relevance 84.05%

I have a serious computer problem I have read numerous posts to self diagnose and correct the problem. When I think it's good it comes back to haunt me, I am stuck with a computer that constantly freezes, Google redirects me to malicious sites and mostly everytime I try to run the control panel it freezes up on me. I also have this error messege that pops up and says "Generic Host process for Win32 services has encountered a problem and needs to close." Some additional info for that error message:SzAppname: svchost.exeSzAppVersion: 5.1.2600.5512SzModname: ntdll.dllSzModVersion: 5.1.2600.5755I have run Malware bytes numerous times quick scan, full scan it will detect then I will remove and when I restart the computer and run it again it's back on there! I am getting to my witsends over this I don't know what to do and need some help please! here is my HiJackthis log:Logfile of Trend Micro HijackThis v2.0.4Scan saved at 2:52:09 AM, on 11/30/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.17091)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WI... Read more

Answer:Google redirect virus, generic host process win32 error messege, constant virus removal with malware bytes

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the ... Read more

2 more replies
Relevance 80.77%

I have some sort of malware that redirects webpages and searches. The url shows yahoo.search as it sends me to some other random website. This malware affects, IE, Safari, Chrome and Firefox. Thanks for the help!JeffRan DDS and GMER:DDS (Ver_10-03-17.01) - NTFSx86 Run by Administrator at 21:38:05.97 on Tue 07/20/2010Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_17Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1527.499 [GMT -5:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}============== Running Processes ===============C:\WINXP\system32\svchost -k DcomLaunchsvchost.exeC:\WINXP\System32\svchost.exe -k netsvcsC:\WINXP\system32\svchost.exe -k WudfServiceGroupsvchost.exesvchost.exeC:\WINXP\system32\spoolsv.exesvchost.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINXP\system32\svchost.exe -k imgsvcC:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exec:\WINXP\system32\ZuneBusEnum.exeC:\WINXP\system32\SearchIndexer.exeC:\WINXP\Explorer.EXEC:\WINXP\system32\igfxtray.exeC:\WINXP\SOUNDMAN.EXEC:\Program Files\Brother\Brmfcmon\BrMfcWnd.exeC:\Program Files\Brother\ControlCenter3\brccMCtl... Read more

Answer:Yahoo.search redirect malware

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEmsconfigsafebootminimalactivexdrivers32netsvcs%SYSTEMDRIVE%\*.exe/md5st... Read more

11 more replies
Relevance 80.77%

My sister's computer is an HP Pavilion dv5t-2200 notebook PC running its native OS, Windows 7 Home Premium x64. In the last 24 hours, Avast found and attempted to remove some sort of malware. After the reboot, it recommended a full scan. After the scan was completed, the computer rebooted again. This is where the real problems began.

With the exception of core programs and services, no other program will launch. Not Chrome, not AIM, not even Avast!. The only HP program still installed on the system, HP Support Assistant, will not start. Attempting to use Windows System Restore results in a BSOD as the computer is shutting down to begin the restore process. Upon returning to the desktop, a dialog box recommends that we run chkdsk, but of course that won't even launch.

Internet Explorer will launch, but the campus network requires a third-party client software install. Unfortunately, that's another program that will not launch.

The computer has a recovery partition, but HP Recovery Manager is not installed or cannot be found, and attempts to download and install it have failed because 1) we cannot access the Internet to download it to the hard drive, and 2) it could not be installed from a flash drive containing the softpaq from HP.

UAC is turned on. Maybe this is part of the issue?

I'm on the phone with HP Support right now, but I'd like some feedback from your end.

Answer:Need to restore Windows, but some malware is blocking software launch

Pressing the f11 key during startup on a computer with an HP factory image will start the system recovery process even if the prompt is not displayed.
Recover Windows 7 Operating System Using HP Recovery - HP Customer Care (United States - English)
Performing an HP System Recovery in Windows 7 - HP Customer Care (United States - English)

How to make HP Recovery DVD disks:
Recover Windows Vista Operating System Using HP Recovery - HP Customer Care (United States - English)

How to make HP Recovery USB disk:
Creating a Recovery Disk on a USB Flash Disk HP Pavilion dv6700z CTO Entertainment Notebook PC - HP Customer Care (United States - English)

or
You can Order HP Recovery Disks from here:
Compaq Mini CQ10-500 PC series*-* HP Notebook PCs - Order Recovery Discs for Windows 7, Vista, or XP - c00810334 - HP Business Support Center

2 more replies
Relevance 79.95%

Hello,Well got some virus/malware. I dont know which one.It is redirecting my yahoo/msn search. Computer is slow.I went through few steps to get rid of it. Disabled System Restore.1. Malwarebytes --- removed few trojans.2. VIPRE Anti virus removed few malware.3. Trend Micro Online Anti-Virus removed few.But the problem didnt go away.Then I used COMBOFIX & it went though 50 Stages & now its a lot better.Here is LOG from COMBOFIX. Please help me to remove any leftover malware.Thanks again.ComboFix 10-05-29.05 - Dell 05/30/2010 15:03:02.1.2 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2592 [GMT -4:00]Running from: c:\documents and settings\Dell\My Documents\Software\ComboFix.exeAV: Sunbelt VIPRE *On-access scanning enabled* (Updated) {964FCE60-0B18-4D30-ADD6-EB178909041C}FW: ZoneAlarm Pro Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))C:\sc:\windows\AegisP.infc:\windows\is-GPKL6.exec:\windows\is-LGTJR.exec:\windows\system\oeminfo.inic:\windows\system32\st325602.dllc:\windows\wiaserviv.logInfected copy of c:\windows\system32\drivers\mouclass.sys was found and disinfected Restored copy from - Kitty had a snack .((((((((((((((((((((((((( Files Created from 2010-04-28 to 2010-05-30 ))))))))))))))))))))))))))))... Read more

Answer:Yahoo/MSN Redirect **Virus/Malware ----- Help Needed !!

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you let... Read more

10 more replies
Relevance 79.95%

Hello! I just bought a new Acer Aspire M5 last week, and have really enjoyed the experience except for a particularly stubborn piece of redirect malware. I've read the Preparation and READ ME FIRST posts, so here I go:

Running Windows 8.1, my Google Chrome browser is regularly subject to a piece of redirect Malware that--instead of the omnibox sending my search queries to Google.com--sends queries to a Yahoo derivative site. I intended to post the exact URL for this redirect, but of course my browser isn't exhibiting symptoms right now. The URL is something like us.yhs4.search.yahoo.com

I've noticed the redirect issue tends to crop up after I've performed a Chrome "reset browser settings" action and also after I turn on my Chrome extensions:

AdBlock
Downloads
Google Dictionary (by Google)
Google Docs
Hangouts
Instant Translate
LastPass
SiteAdvisor (disabled, but I can't uninstall)

I've read countless DIY articles to remove this malware and have even seen solutions offered in this forum, but I'm unable to create a permanent solution on my own. Here's hoping someone around here can help me out. Attached are my first two FRST logs. Please let me know if any additional information is needed.
 

Answer:Windows 8--Chrome--Yahoo Redirect Malware

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

7 more replies
Relevance 79.54%

I am infected with a version of the Google Redirect malware problem:- When I click on one of the results from a search on any major search engine, I am redirected to other websites, usually commercial websites such as monstermarketplace.com. I can reach any website if I copy the address in the address bar; I only get redirected when I click directly on the link in the search results page.- Occasionally, a new tab pops up when I am in iGoogle, Gmail, or a Google search page. The new tab's address is www.google.com/webhp. In two occasions a new tab has opened with a commercial website. I always close the windows and have never searched on the google.com/webhp page.Some history:- I was originally infected with the AV Security Suite virus this weekend while downloading the platform for the online game "Battlefield Heroes" (www.battlefieldheroes.com). I tried going online while this virus was active and clicked on some of the pop-ups and alerts, sometimes saying "Yes" and sometimes "No" when it would ask if I wanted to allow access to the home page website. I believe this may have enabled the current redirect malware.- I removed the AV Security Suite virus (at least partly) by renaming and deleting the folder from which it was acting within my Local Settings folder. The current infection must therefore be a leftover of that initial infection.- I ran SpyBot and Ad-Aware, both of which found and removed cookies. I uninstalled both programs a... Read more

Answer:Infected with Google Redirect / Search Engine Redirect Malware

Hello I Would like you to do the following.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/combofix/how-to-use-combofixPlease ensure you read this guide carefully and install the Recovery Console first. The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.Once installed, you should see a blue screen prompt that says:The Recovery Console was successfully installed.Please continue as follows:Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Click Yes to allow ComboFix to continue scanning for malware.When the tool is finished, it will produce a report for you. Please include the report in your next post:C:\ComboFix.txt"information and logs"In your next post I need the followingLog from Combofixlet me know of any problems you may have hadHow is the computer doing now?Gringo

13 more replies
Relevance 79.54%

Apologies, but i'm a bit of a novice. my computer did a scan when i started it and came up with some trojans. when i tried to delete them, a malware removal programme tried to install itself so i closed the download dialog box. unfortunately, i cannot remember the name of the software that was trying to install itself. please would you review my log below and help me clean my computer?

many thanks
---------------------------------------------------------------

DDS (Ver_09-12-01.01) - NTFSx86
Run by 0 at 19:57:35.67 on 02/01/2010
Internet Explorer: 7.0.6001.18000
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.44.1033.18.3000.1826 [GMT 0:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows&... Read more

Answer:attempted removal of trojans try to install "malware removal software

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 79.13%

Ok so as my username should lead you to believe I am completely inept with computers, which is not to say I don't use them a lot. I'm not one of the elderly I'm just not very good at the super technical and currently this forum is my last option.

So a brief overview of both my problem and my computer.

I run Windows XP SP3 on a boot camp equipped Imac and aside from the occasional brush in with malware etc I'm really quite happy with this set up.

This is not my first infection, previously I had a similar run in with the whole fraudulent program pop up spam classical (from my perspective) malware. A quick call to India and a new friend named Kumar was all this required. Kumar ended up using screen share to download a trial version of AVG anti virus and after a long scan and a few laughs at the results my problem was solved.

I was ecstatic and gave this guy every sort of recommendation to his superiors possible. I actually stayed on hold for hours just to sing his praises.

Now about a year or so after that I?m told my hard drive gave out and my only existing back up was ages old so after a lot of rebuilding here I am just finally settling into the same position I was before the hard drive being destroyed. Procrastination and some errors during the backup process that confound me to no end have prevented me from a more recent back up being made.
In short If I can?t remedy this now I?m screwed.

So what sets this malware so apart from my last run in is that ... Read more

Answer:Malware infection unable to launch anything including anti virus software

Bump

Sorry, but I really need a reply. Help please.

12 more replies
Relevance 79.13%

Hello! , as you can see I've been trying everything with my computer except beating it to death!Yesterday around this time, I caught a trojan by stupidly downloading a file from a suspicious mp3 site (Allfreemp3.net???). I shoulda known something was up when I clicked on it cause it started to download as A PROGRAM instead of an individual file! By the time I tried to uninstall, it only took a few seconds for my computer to act up, and I turned off my WiFi for awhile out of fear of "Backdoor" stuff happening!Between now and yesterday, I have had quite a few "blue screen crash dumps", I lost my "fancy" Vista Home Basic (32 bit) themes from tampering with my Services (though they are corrected now!), and now everytime I do a search through internet explorer, my Yahoo! search engine results will either lead me to some more suspicious sites, or lead me to a legit site that had absolutely nothing to do with my search! The biggest thing I've noticed, though, is that when I ran McAfee (I uninstalled it later), Norton, and Windows Live OneCare Safety Scanner, they all froze up on this one file path: D:\Windows\System32\config\security.log1, and now my computer won't let me do a performance indexing test!Please help!

Answer:Yahoo Redirect Trojan and Malware Removers Stalling!

The process of cleaning your computer may require you to temporarily disable some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".C... Read more

10 more replies
Relevance 78.72%

Quote:
March 22, 2010 12:57 PM PDT

Malware delivered by Yahoo, Fox, Google ads

by Elinor Mills


These charts show incidences of malware distributed by a number of ad delivery platforms over a six-day period last month that were detected by Avast. Yahoo and Fox have the highest counts.
(Credit: Avast)

Malware that exploits holes in popular applications is being delivered by big ad delivery platforms including those run by Yahoo, Fox, and Google, according to Prague-based antivirus firm Avast.

Viruses and other malware were found to be lurking in ads last year on high-profile sites like The New York Times and conservative news aggregator Drudge Report.com, and this year on Drudge, TechCrunch and WhitePages.com. The practice has been dubbed "malvertising."

Now, researchers at Avast are pointing fingers at some large ad delivery platforms including Yahoo's Yield Manager and Fox Audience Network's Fimserve.com, which together cover more than 50 percent of online ads, and to a much smaller degree Google's DoubleClick. In addition, some of the malicious ads ended up on Yahoo and Google sites, Avast claims.


More at: Malware delivered by Yahoo, Fox, Google ads | InSecurity Complex - CNET News

Answer:Malware delivered by Yahoo, Fox, Google ads

Part of the reason that i maintain that you cannot simply rely on "common sense" to protect you these days.

4 more replies
Relevance 78.72%

Recently I was infected with some fake anti virus software called anti virus pro 2009 and it disabled all my stuff so I had to have help removing it here, http://www.bleepingcomputer.com/forums/t/271130/malware/, and after all that all the symptons were gone but when I started using IE again I kept getting pop ups on trustworthy sites that try to install malware, especially on google or yahoo whenever I click a search result. Also when I restart and log in I get a window called RUNDLL that says,Error loading C:\DOCUM~1\devin\locals~1\Temp\odbc_inc.dllThe specified module could not be found. malware bytes, super antispyware, eset scan all show nothing now. Here are DDs and root repeal logs,
 rootrepeal_log.txt   2.94KB
  6 downloads
 DDS.txt   7.48KB
  5 downloads
 Attach.txt   9.61KB
  2 downloadsDDS (Ver_09-10-26.01) - NTFSx86 Run by Devin at 8:53:04.18 on Wed 11/18/2009Internet Explorer: 7.0.5730.13Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.550 [GMT -6:00]AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exeC:\WINDOWS\system32\Ati2evxx.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Avira\AntiVir Desktop\sched.exeC:\WINDOWS\Ex... Read more

Answer:Pop ups on google/yahoo exc that try to install malware

Hello,We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up.My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if youwould let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)Then please post back here with the following: log.txt info.txtThanks

35 more replies
Relevance 78.72%

Hello Thank you in advance for your help!Here is my situation...Other than the known Google redirect problem (google results aren't what they seem to be) that I've been experiencing in the past few days, I also seem to have a problem with loading google products/services such as Gmail, google maps, google reader, iGoogle, and google translate in Firefox. I don't know if the Google redirect virus is somehow related to this problem. These Google services I've mentioned simply won't load for me. In Gmail, the login screen appears fine but when I enter my username and password, it takes me to the "Loading [email protected]" and just tries to load it for a very long time until finally it says that I have a network problem. Also, I noticed that when I click the "Sign In" button on the Gmail login screen, the status bar on the bottom says: "Transferring data from secariadna.com..." which looks very suspicious to me (I can provide a screenshot of this if requested). The other services (maps, reader, translate) just won't load. For example, when I open a new tab and click on my google maps bookmark (for example) the window remains white and it keeps displaying: "Transferring data from maps.google.com" in the status bar. Sometimes after a long time of loading, the map would eventually manage to load. I also have to note that picasaweb loads without a problem in FF, although it also displays "Transferring dat... Read more

Answer:Google redirect virus + possible additional malware that prevents from Google services to load

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEmsconfigsafebootminimalactivexdrivers32netsvcs%SYSTEMDRIVE%\*.exe/md5st... Read more

19 more replies
Relevance 78.72%

Almost everytime I do a search on Google, I get redirected to another search engine. I tried using other malware removal tools, Spybot, Avira, Malwarebytes, but they don't work.Finally I found myself on your Preparation Guide. Hopefully you will be able to help. When I run Gmer however my computer crashes. So here is the data I'm able to send you. Please help. Thanks.DDS (Ver_10-03-17.01) - FAT32x86 Run by Gateway User at 11:23:43.19 on Mon 06/14/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.575.119 [GMT -7:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchSVCHOST.EXEC:\WINDOWS\System32\svchost.exe -k netsvcsSVCHOST.EXESVCHOST.EXEC:\WINDOWS\system32\spoolsv.exeSVCHOST.EXEC:\Program Files\Microsoft LifeCam\MSCamS32.exeC:\Program Files\Soluto\SolutoService.exeC:\WINDOWS\System32\svchost.exe -k imgsvcC:\Program Files\Soluto\soluto.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\svchost.exe -k HTTPFilterC:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exeC:\WINDOWS\system32\InetCntrl\InetCntrl.exeC:\Documents and Settings\Gateway User\Application Data\Google\Update\GoogleUpdate.exeC:\Program Files\System Explorer\SystemExplo... Read more

Answer:Redirect (?) Malware Removal Request

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Do not Attach logs unless I ask you to.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.Note** If you are having problems posting the complete log into this thread upload them here http://www.rapidshare.com/ and post the links in this thread Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Gmer is the best but can be hard to get a log lets try this and see what we get.Scan With RKUnHookerPlease Download Rootkit Unhooker Save it to your desktop.Now double-click on RKUnhookerLE.exe to run it.Click the Report tab, then click Scan.Check (Tick) Drivers, Stealth. Uncheck the rest. then Click OK.Wait till the scanner has finished and then click File, Sa... Read more

15 more replies
Relevance 78.72%

I've already scanned using the steps in the removal forum &
now need someone to see if there's anything left that needs to be removed
from the logs attached.

Also, when I click on a link of a topic I search in google, it redirects me to another site like yellowpages etc... This only happens in Firefox.

Help !

Thanks.
 

Answer:Malware Removal & WebPage Redirect Help

You should only be running one Anti-virus program. Please uninstall one of these:
ParetoLogic Anti-Virus PLUS
AVG

Now lets do a little clean up:

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:




O2 - BHO: (no name) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)Click to expand...

After clicking Fix, exit HJT.

Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.





REGEDIT4

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]

Click to expand...

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.

Now use windows explorer to find and delete:
C:\-795295435
c:\windows\S5A699AF3.tmp
C:\Program Files\M... Read more

2 more replies
Relevance 78.72%

Hi!

First of all, thank you for taking the time to try to solve my extremely annoying issue.
The issues started about a week ago, Im not sure if I downloaded something I was suppose to or it came to me in some other ways, but I cant seem to get rid of it.
Every 10-15 click I do on various websites redirects me to
Code:
http://api.recomme.me/widgets/PromoManager/HJjOZY6KF6lVhsJNEoLm.html?usa=true&countdown=false&ptID=169&cID=1015&rt=linkreplace&ascID=null&ascGuid=f9bf59e9-0ea0-43ee-abf2-6d1dda054d6a&mid=7A22526691392D5A4ED2A01EC9CF6336&pid=18&umid=B4D03E16-E000-45AD-9655-2F69CFDC7583&rv=64&pmUrl=WEBSITEURLindex
I read another post here on malwaretips and follow the step to do a ZOEK scan, al though that didnt help. I have the log if needed.

I cant find any addons of it nor software installed. And from here Im lost.

Someone who is familiar with the issue and how to get rid of it?

Greatful for everyhelp.

Thanks
 

Answer:Api.recomme.me redirect. Malware Removal Help Need it!

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

3 more replies
Relevance 78.31%

My poor PC is on the brink, whenever I select a link in google it redirects me to another website called 'bit-find' and sometimes ebay, I have seen other people with similar problems to this on this forum so I'm pretty certain that it is malware. I had a crude attempt at trying to fix this using instructions in someone elses thread but didn't have much luck so I have created a new topic. Hopefully I have created this topic in the correct place this time, here are my logs, if some friendly person could help me i would be much obliged.

I have attached my 'DDS' and 'attach' file

Cheers chaps/chapets

Answer:Malware- Google links redirect me to 'bit-find', google maps don't work

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 78.31%

The problem I seem to be having is related to running auto-removal tools. I can't run malwarebytes for instance. The program will start scanning and then abruptly close. When I try to reopen it says I may not have appropriate permissions to access this item. This is also true for HijackThis!. I was also unable to run GMER and dds. DDS would run, but it wouldn't produce any logs. I would close the window, but no logs would open up. I also have a problem of something redirecting my google searches.

I'm running Windows Vista 32-bit.

Any help would be appreciated.

Justin
 

Answer:Can't run any virus removal software/Google redirect

15 more replies
Relevance 77.9%

My previous is posted through this link http://www.techsupportforum.com/f108...e-241631.html?. I've completely taken all the steps before posting here and used all of the suggested virus scanners suggested in my previous thread, lso change to firefox instead of IE. as of today: The crunchy noise from my computer has stopped. Pages began loading slowly off and on, a few froze on me. Passwords are not being saved even with the save option checked. I downloaded eset smart security but, it can't connect online or update virus guards because my internet isn't running on proxy settings (it runs on a sim card). So, I'm wide open for viruses but, don't know of a virus protector that doesn't connect through proxy settings. The main problem is the Google and yahoo are blocking me from searching and entering my own e-mail account. Yahoo keeps making me confirm my password and info, after maybe 10 tries it eventually lets me in. However, if I pick anything like my account info it starts over again. my messenger just refuses to accept my correct info and also begins the confirmation process again but, never lets me in. Here are the warning that I am getting from both:

If you continue to experience this error, it may be caused by one of the following:

* You may want to scan your system for spyware and viruses, as they may interfere with your ability to connect to Yahoo!. For detailed information on spyware and virus protection, please visit the Yahoo! Security Center.
* This problem... Read more

More replies
Relevance 77.9%

Some of the web's bigger websites were flooded with a torrent of malicious banner ads after cyber crooks managed to sneak them onto syndication services operated by Google, Yahoo, and a third company, according to a security firm.
The ads - which attacked previously-patched vulnerabilities in Adobe's PDF Reader and Microsoft's DirectShow - starting appearing on sites such as the DrudgeReport, horoscope.com and lyrics.com last Friday, ScanSafe researcher Mary Landesman told The Register. They were delivered over networks belonging to Google's DoubleClick; Right Media'sYield Manager (owned by Yahoo); and Fastclick, owned by an outfit called ValueClick.
End users visiting sites that used the ad syndication services often saw nothing more than a brief flash as the malware-laced ads caused their browsers to open - and then close - a booby-trapped PDF file. But behind the scenes, the payload installed Win32/Alureon, a trojan that drops a backdoor on infected machines.

The malicious ads, which also appeared on slacker.com, ended on Monday, when the website used by the malware purveyors abruptly vanished. During their three-day stint, the attacks accounted for 11 percent of pages blocked by ScanSafe, a service used by businesses to prevent employees from visiting malicious sites.
The report, issued Wednesday, came the same day a Google executive called on internet service providers, website operators, and others to do more to combat malicious ads. Over the past few years, so-calle... Read more

More replies
Relevance 77.9%

Hi Guys,I'm battling a stubborn infection that has so far resisted attempts to clean it. I've tried Malwarebytes, SuperAntiSpyware, and Combofix, all to no avail. I've just run Hijackthis and the log is shown below. Can you see if you can find out what I've been infected with and post instructions on how to clean it? It may be a rootkit but I've run the Mcafee RootKitDetective to clean whatever rootkits it discovers and the redirection from google and yahoo search results keeps coming back. The Hijackthis log is shown below. Thanks for your help.Logfile of Trend Micro HijackThis v2.0.4Scan saved at 11:55:14 AM, on 08/02/2010Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exec:\windows\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exeC:\Program Files\McAfee\Common Framework\FrameworkService.exeC:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system3... Read more

Answer:Stubborn malware - google and yahoo redirects

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEmsconfigsafebootminimalactivexdrivers32netsvcs%SYSTEMDRIVE%\*.exe/md5st... Read more

2 more replies
Relevance 77.49%

Hello,

I use Windows XP SP3 and recently had an infection of a rogue malware removal virus variant. I don't know exactly which one. I run Microsoft Security Essentials. I killed the rogue program over and over while I downloaded and ran MalwareBytes Anti-Malware which found and removed some malware. Between Security Essentials and MalwareBytes actions I thought it was over. Then I realized I was experiencing browser redirects still. Since then the computer has been unplugged from the network and nothing further significant done to it. I have another clean computer I am using to post this and download tools like MalwareBytes, etc.

From the mbam log (let me know if I should post the log file), it looks like it found and removed Rootkit.0Access. Security Essentials lists several java exploits that were removed around the same time I first got hit. Exploit:Java/CVE-2009-3869.R, Exploit:Java/CVE-2010-0842.AN, and a second Exploit:Java/CVE-2010-0842.AN.

It appears I may still be infected with part of this or something else which is causing browser redirects, but neither MalwareBytes nor SecurityEssentials scans reveal anything. I looked at the hosts file and DNS settings on network connections which seem normal. I had sysinternals RootKit revealer installed from a prior infection last year, but haven't tried using it.

Am I still infected? What should I do?

Please help.

Thanks.

Answer:Browser redirect lingering after malware removal

Welcome aboard Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform quick scan, then click Scan. * When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected. * When completed, a log will open in Notepad. * Post the log back here.Be sure to restart th... Read more

2 more replies
Relevance 77.49%

Hi everyone, great site you have here, i cant believe the amount of people asking for help....just goes to show how bad this problem is and the amount of people that dont know how to control the infections (myself included)
Hopefully now ive found this site i can learn how to avoid them infecting my system again once theyve been removed.

I'd be grateful if anyone could help me remove the spyware/malware thats on here now, info needed below (as per your easy to follow instructions)


DDS (Ver_09-03-16.01) - NTFSx86
Run by Mark&Kelly at 16:28:39.93 on Sat 05/09/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.510.89 [GMT 1:00]

AV: avast! antivirus 4.8.1335 [VPS 090508-0] *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Sony\VAIO Event Service\VESMgr.e... Read more

Answer:clickcheck.ru redirect....malware removal help needed

Hello and welcome to TSF

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

========

Please follow all instructions and in which order they come, if you have any questions, please ask before proceeding. Its important that you follow this through until i give you the all clear.

Please DO NOT Attach logs to your posts unless you are advised to do so.

=========

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Place combofix.exe on your Desktop
[*]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
[*]Double click on combofix.exe & follow the prompts.
[*]As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.

With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malw... Read more

2 more replies
Relevance 77.49%

I had a Trojan virus that was redirecting my google searches. I thought I removed it but I keep getting this security alert for every single website. I am not computer saavy. I'm sure I messed something up when I installed the trojan removal software. Can someone look and see? I am not able to access my bank info or my work email because of the security changes I made.

Nevermind, after running combofix, everything has been great. Thanks!

Answer:Website Redirect, Malware Removal Installed

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:

msconfig
safebootminimal
activex
drivers32
netsvcs
%SYSTEMDRIVE%\*.exe
/m... Read more

2 more replies
Relevance 77.49%

I have a computer that has some malware that shut down the computer. The computer did not have antivirus software until I loaded Avast on it after the issue. I ran the antivirus software after the problem and it removed some items but the computer still has problems. When the computer comes up the Avast gives a warning that a web site has been blocked that starts with "renewanadiaper" in the URL address. I have gone through the "Fixing Google Redirection/hijacking and other redirection problems" http://forums.majorgeeks.com/showthread.php?t=230267 thread. I am posting this after following the instructions in the "Windows XP Malware Removal/Cleaning Procedure" http://forums.majorgeeks.com/showthread.php?t=139313 thread. I am attaching the logs from the process. When I ran the "ComboFix" process the computer did a system dump when it was processing the step to prepare the report.

Do I need to attach any of the log files from processing the "Google redirect" process?
 

Answer:Have malware cause web redirect and desktop icon removal

This is a message to add the MGlogs.zip attachment.
 

14 more replies
Relevance 77.49%

I have getting a lot of browser redirects; ask for yahoo and end up in a lot of "Timbuktu" sites. I have run a Hyjack this file several times, and then just stare a them, afraid to do anythig. Help
 

Answer:Browser Redirect problem + malware removal

Welcome to Major Geeks!

Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

READ & RUN ME FIRST. Malware Removal Guide

If something does not run, write down the info to explain to us later but keep on going.

Do not assume that because one step does not work that they all will not.
Notes:
If you run into problems trying to run theREAD & RUN ME or any of the scans in normal boot mode. You can running steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools on another PC and burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.

 

19 more replies
Relevance 77.49%

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:15:48 AM, on 3/16/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Mike\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 ... Read more

Answer:Search redirect malware removal needed

DDS (Ver_11-03-05.01) - NTFSx86
Run by Mike at 11:55:34.68 on Wed 03/16/2011
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_24
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.956 [GMT -7:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\rundll32.exe
C... Read more

2 more replies
Relevance 77.49%

Hi

I got infected by using Frostwire back on the 23rd/24th March, needless to say that is already removed!

Suspected something was wrong straight away scanned my laptop running windows 7 with the free anti virus that I had installed: Malwarebytes Anti-Malware

It found various problems and removed them, detailed in the log attached.

All problems are gone apart from when searching using Google Chrome (don't use any other browser so only IE installed in addition), in IE doesn't happen, it redirects me all the time as per other threads in this area.

I then realised I coudl have installed a copy of Norton 360 on here as have 3 licenses, 2 to use still. So un-installed Malwarebytes Anti-Malware and installed 360. Scanned etc and still have this one lingering problem.

I have gone through and completed the following before posting:

General house cleaning:
http://forums.majorgeeks.com/showthread.php?t=230267

Run & Read me First:
http://forums.majorgeeks.com/showthread.php?t=35407

Even tried using the points in this thread but no luck either
http://forums.majorgeeks.com/showthread.php?t=221915

Only program I can't run is RootRepeal errors out.

1st 4 uploaded files:
2 x Malware scans with infection finds all other subsequent ones ran found nothing
1 x Rootrepeal crash text
1 x SuperAntiSpyware log

Will attach the other next
Please help!
Thanks
 

Answer:Google Redirect malware in Google Chrome browser only

Combofix.txt
MGlogs.zip

Attached as well

Also ran Norton 360 full scan twice and found 16 tracking cookies in total nothing serious would attached logs but can't find them to attach. Doesn't say name or anything within Norton.

Everytime the redirect takes me to a 'bad' page Norton detects and attack and popups telling me its blocked it.

Let me know what else I can try
Many thanks in advance for your time
Z
 

10 more replies
Relevance 77.08%

This is a windows 7.laptop  Every time I use firefox it goes to yahoo, my broser is google.  When i type in google it goes to some strange yahoo site. If I go to the bank the address ends up with some long  yahoo addrss.  It doees look like the bank site, but it's yahoo  not safe  If i keep typing Google and serching it may finely go to the real site, but it ends up going back to yahoo.
Also, all my securty is shut off. 
I have installed, ultra Virous killer, super anty spyware,I do scands and they find malware and fix it/  I went to safe mode and ran rkill, it looked like it may have fixed it, but it came back.
I have done every thing I know to do thanks.  Can you help?  Liz
 
 
 

Answer:help with virus,malware? Yahoo is changing my google browser

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Download Malwarebytes' Anti-Malware from HereDouble-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).The scan may take some time to finish,so please be patient.If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Log... Read more

30 more replies
Relevance 77.08%

I'm having trouble with my browsers, both firefox and internet explorer. I apparently contracted some malware last night and can't figure out how to get rid of it. All my links in google searches are redirected to ad sites, and after hours of trying to fix it, I'm out of ideas. My virus scanner doesn't even detect it, and I'm at a loss of what to do. I've read several posts about this link redirecting problem already, and tried to follow their intructions. The tools ComboFix.exe and Malwarebytes' Anti-Malware refuse to even run properly. I can see it in process explorer when I try to run them.. they just hangs there and nothing happens. Here is my hijack log... requesting any assistance that can be provided..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:34:48 AM, on 1/26/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\... Read more

More replies
Relevance 77.08%

Some of the web's bigger websites were flooded with a torrent of malicious banner ads after cyber crooks managed to sneak them onto syndication services operated by Google, Yahoo, and a third company, according to a security firm.
The ads - which attacked previously-patched vulnerabilities in Adobe's PDF Reader and Microsoft's DirectShow - starting appearing on sites such as the DrudgeReport, horoscope.com and lyrics.com last Friday, ScanSafe researcher Mary Landesman told The Register. They were delivered over networks belonging to Google's DoubleClick; Right Media'sYield Manager (owned by Yahoo); and Fastclick, owned by an outfit called ValueClick.



Link -
Malware torrent delivered over Google, Yahoo! ad services ? The Register

More replies
Relevance 77.08%

Hello,I have been asked to make a new topic in this forum. My previous post is located here. (URL: http://www.bleepingcomputer.com/forums/topic349644.html)My current OS is Windows 7 Ultimate Edition, 64-bit. I have recently been infected with malware, likely caused by downloading an infected file. At first, fake warnings of a virus attack popped up, followed by attempts to delete Malwarebytes Anti-Malware. I believe I have been able to remove the majority of malware, but I am still experiencing slow performance and Google results occasionally redirect me to harmful sites.I have run Malwarebytes' Anti-Malware, Housecall, and Windows Defender. The scanners find zero harmful files, but I know there is malware.I have also run a series of tests requested in my aforementioned thread. The tests were all completed safely, but my problem persists.CODEDDS (Ver_10-03-17.01) - NTFSX64  Run by Hideyuki at 23:11:15.15 on Sat 10/02/2010Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17Microsoft Windows 7 Ultimate   6.1.7600.0.1252.1.1033.18.3326.2220 [GMT -4:00]SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.... Read more

Answer:Google Redirect Malware

Hello diamondcutWelcome to BleepingComputer ==========================Download OTL to your desktop.Double click on OTL to run it. When the window appears, underneath Output at the top change it to Minimal Output.Under the Standard Registry box change it to All.Under Custom scan's and fixes section paste in the below in boldnetsvcs%SYSTEMDRIVE%\*.*%systemroot%\system32\*.dll /lockedfiles%systemroot%\Tasks\*.job /lockedfiles%systemroot%\System32\config\*.sav %systemroot%\system32\drivers\*.sys /90%systemroot%\system32\Spool\prtprocs\w32x86\*.dllCheck the boxes beside LOP Check and Purity Check.Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.====================

3 more replies
Relevance 77.08%

Looks like I've been hit by the Google Redirect Malware. I had this issue about a week ago and ran TDSSKiller, which found the Pihar rootkit and cleaned it from my MBR. It seems to be back again, possibly because I ran an app that was already infected, except this time TDSSKiller couldn't fix the problem. It detected a rootkit and cleaned out my MBR but the redirection infection is still around. I would appreciate any help in getting my system clean, and perhaps finding the infected files that started this mess. Thank you!

Here are my DSS and GMER logs:

(GMER doesn't seem to allow me to select any options except Services, Registry, and Files in the Rootkit section)
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16443
Run by Albert at 4:29:17 on 2012-05-15
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6135.1090 [GMT -7:00]
.
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: PC Tools Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch... Read more

Answer:Yet Another Hit by Google Redirect Malware

Hello and Welcome to Bleeping Computer!!My name is Gringo and I'll be glad to help you with your computer problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At t... Read more

28 more replies
Relevance 77.08%

Hi all,

In both Firefox 3.0.11 and IE 7, all search results in Google are redirected to random sites, some of which contain the search terms originally entered in Google. None of the usual spyware removal suspects seem to remove it. I'd appreciate any help you can provide. Thanks!
DDS (Ver_09-06-26.01) - NTFSx86
Run by [user] at 0:02:48.98 on Fri 07/17/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.67 [GMT -5:00]
============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm... Read more

Answer:Google redirect malware

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

11 more replies
Relevance 77.08%

Hi,
In the past few days I've started getting redirected to various commercial websites when I try to click on something through a Google search, or even try to search in Google.
I don't know much about computers. In my foolishness - as I now read threads here - I unwisely tried to run ComboFix (as well as MBAM and a couple of others). Nothing helped, and ComboFix kept stalling at 'Stage 49'.
Can anyone help me with this? The problem is getting worse ans other programs are starting to slow down.
Thanks. You're very good to offer help on these issues.
Conn

Answer:Google redirect malware

Hello,Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Kindest Regards,SweetTech.

2 more replies
Relevance 77.08%

Hi i have a windows 7 operating system. I have run AVG 9.0, HiJack This!, windows onescan live and MBAM to try to remove this problem i have run these programs in safe mode as well as normal, I still have the poblem. It continues to redirect me and I am getting pretty frustrated in trying to handle it myself. Can anyone please help. I can post Hijack this log file. I tried to load Combo fix but it will not run.

More replies
Relevance 77.08%

Hi -

I have a nasty Google Redirect problem that I can't fix!

The problem started yesterday. Every google search link was redirected to "Emblem Health" (showing whatcarefreefeelslike.com in the address bar), and to getanswersfast.com also.

I ran Spyware Doctor, Malwarebytes' Anti-Malware, and Super AntiSpyware scans, which found the usual tracking cookies, as well as a couple of Trojans (Tracur, Scality?).

Cleaning these things up did not stop the Google Redirect, although now it takes you to ads or other random sites. Also, during the reboots after cleaning with the Antispyware tools, Windows had problems starting normally. I shut down completely to restart successfully.

If you type an address directly into the address bar, you can get where you need to go, but if you click on a link after a google search, you get swept away by the Redirect. This happens in Firefox and Chrome, both.

I ran TDSSKiller and it found nothing.

I'm using Windows XP Home Version 2002, service pack 2 on a Dell 1530 desktop.

I have McAfee AntiVirus Plus activated all the time. I usually disable Spyware Doctor and Super AntiSpyware because they suck the life out of surfing and
slow things down intolerably. I activate them to runs scans periodically.

In preparation for this problem-solving process, I followed the Bleeping Computer directions, and found the Windows Firewall was disabled (probably b/c
I had McAfee Firewall in the past). So Windows Firewall is re-enabl... Read more

Answer:Google Redirect Malware

Hello and Welcome to the forums!My name is Gringo and I'll be glad to help you with your computer problems.Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 31. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the runn... Read more

28 more replies
Relevance 77.08%

Clicking on google search results will redirect to random web pages (second rate search sites, real estate, etc) and not the intended link. Sypbot reports "Right Media" as a problem. I fix it but it returns on a subsequent scan. Also, outlook will open randomly with unfamiliar email addresses in the "to" address bar. Any help is greatly appreciated!!!

hijack this log (also attached):
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:51:43 PM, on 11/8/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:�... Read more

Answer:Google redirect malware

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/426991 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

2 more replies
Relevance 77.08%

Hello, I'm new here and I was wondering if anyone could help me. My google searches will occasionally be redirected to adsites, It doesn't seem to be affecting anything else on the computer, but it's extremely annoying. I've tried a couple antivirus programs, avg and avira, and no luck.

I'm running windows 7.

I would apprectiate any help. Thanks.

Answer:Google REdirect malware

Please follow this Guide Perparation GideDo Step 6-9 If GMER doesn't work just skip it and move on Post it in Vius,Trojan,Spywareand Malware Removal Logs Once you post it a Moderater will come and close this topic

2 more replies
Relevance 77.08%

Hi,

My computer is infected with the Google redirect malware. I have run many anti-virus/malware applications but the problem still persists after running these programs. I have read on the internet that this malware is difficult to remove. The basic symptoms are: 1) The webpages randomly redirect to other sketchy websites and I have to press the back arrow three times in order to reach the webpage that I request and 2) computer is VERY slow while on the internet, especially on websites such as Youtube. I heard that running the program ComboFix might be able to solve my problems. Should I do this? If not, what suggestions do you have for me in order to remove this malware from my computer.

Thanks for your help.

Answer:Google Redirect Malware

Please do the following:Download the appropriate version for your system of the Farbar Recovery Scan Tool and save it to a flash drive.Plug the flashdrive into the infected PC.Enter System Recovery Options. To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand Prompt[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.e... Read more

2 more replies
Relevance 77.08%

Hi all,I seem to have picked up the Google redirect virus through my ignorance of the .Net Assistant's addition into my Firefox extensions and unfortunately was unable to find much in terms of commonly effected files and registry keys to manually clean it. I've now run a gauntlet of programs. Ad-Aware, Malwarebytes, SpyBot S&D, and SAV10 were unable to find the issue, as I've read is common, so I moved onto using Hitman Pro 3.5 which seems to have cleared up the issue. I just wanted some reassurance today, though, so I ran the ComboFix utility provided at this site. It looks like the results were fairly clean, but I'd just like any other opinions on the results from the logfile. Please let me know if you see any red-flags or have any other suggestions on further steps I should take (beyond reformatting) to further ensure that this threat was eliminated. Thanks in advance ComboFix 10-02-21.02 - Jere 02/21/2010 17:30:22.1.1 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.615 [GMT -6:00]Running from: c:\documents and settings\Jere\Desktop\ComboFix.exeAV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\documents and settings\Jere\Application Data\Microsoft\Internet Explorer\Quick Launch\xp-AntiSpy.lnkC:&#... Read more

Answer:Google Redirect Malware

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

14 more replies
Relevance 77.08%

Hello. I have the google redirect malware and I am completely stumped. I have looked everywhere for a solution but cant find one still. I have run many things: hitman pro 3.5, malware bytes, ccleaner, spybot...

I have Windows 7 64-bit...

Any help would be excellent :cry

I ran hi-jack this and this is the output:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:29:17 PM, on 6/17/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Edit by chaslang: Inline HJT log removed. READ & RUN ME sticky not followed.
 

Answer:Google Redirect Malware :(

Welcome to Major Geeks!

Please read ALL of this message including the notes before doing anything.

Please follow the instructions in the below link:

READ & RUN ME FIRST. Malware Removal Guide
and attach the requested logs when you finish these instructions.

**** If something does not run, write down the info to explain to us later but keep on going. ****
Do not assume that because one step does not work that they all will not. MGtools will frequently run even when all other tools will not.
After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
Helpful Notes:

If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware and Malwarebytes ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
If you cannot seem to login to an infected user account, try using a different user... Read more

9 more replies
Relevance 77.08%

My father has not been able to use his laptop for some time as it has numerous viruses. I think I have been able to clean up most using Malwarebytes, Spybot etc, but I am unable to find or remove this one.

When using IE any search results using Google are redirecting to various sites ranging from ebay to porn sites.

I have installed Chrome, which seems to be unaffected by it.

Any help would be gratefully received.

Logs below and attached.
===

DDS (Ver_10-11-27.01) - NTFSx86
Run by Barrie Wills at 16:11:59.14 on 29/11/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.322 [GMT 0:00]

AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program... Read more

Answer:Google Redirect Malware

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

4 more replies
Relevance 77.08%

Hi all,I have a problem. What I've noticed so far is that when I'm browsing on Firefox and I've searched the google for something, if I click on one of the results, I get sent to an irrelevant site. It happens probably about 4 out of 5 times, and I can always use the back button back to the results. When I click on the desired link the second time, I go to the right place (it's polite malware?) There are three or four sites to which I am directed, regardless of the google search.I'm using XP. I've got the latest version of Firefox (3.5.8).I've got AdAware and Spybot S&D that I use occasionally. At first, when I tried to use AdAware, I couldn't reach their servers to update. After reading a lot in these forums, I used HijackThis and eventually Comodo System Cleaner. I got rid of some pretty obvious HKEY redirects in the registry (found by Comodo) and now I can update AdAware and scan stuff. AdAware will go through about 200,000 files on a full scan, then the whole system locks up. I found one file that AdAware called a worm, and when I stopped the scan myself (instead of letting it lock up) I was able to get rid of the worm.Despite all these efforts, the redirect from the google search results persist.Attached is the Hijack this log I just made.Thanks,BillEdit: Moved topic from XP to the more appropriate forum. ~ AnimalOops. GMER and DDS files.Thanks for the move, animal.Merged posts. ~ OB

Answer:Google Redirect Malware?

Hi all.Thanks to your excellent help with others with similar problems, I was able to sort out my bugs.I ran the TDSS killer and it found malware in my atapi file - I don't remember if it said exe or driver.All problems seem gone now. If y'all think I might have missed something please let me know.Thanks,Bill

3 more replies
Relevance 77.08%

Hello,

I received excellent service from this site before so I am hoping I could get some computer help again. I don't know all the symptoms because this is not my computer, but I do know that it has some search engine redirect malware. I'll edit if any more problems come up.

Answer:Google Redirect Malware

Hello Celestial,I moved this to Am I Infected... Lets look at these logs.Are you on a router? Are other machines on it,if so are they redirecting?Do you use Firefox?Please download MiniToolBox, save it to your desktop and run it. Checkmark the following checkboxes: Flush DNS Report IE Proxy Settings Reset IE Proxy Settings Report FF Proxy Settings Reset FF Proxy Settings List content of Hosts List IP configuration List Winsock Entries List last 10 Event Viewer log List Installed Programs List Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.Please download TDSSKiller.zip and and extract it.Run TDSSKiller.exe. Click Start scan.When it is finished the utility outputs a list of detected objects with description.
The utility automatically selects an action (Cure or Delete) for malicious objects.
The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click ContinueLet reboot if needed and tell me if the tool needed a reboot.Click on Report and post the contents of the text file that will open.

Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log has a name like: TDSSKiller.Version_Date_Time_log.txt.If TDSSKiller does not run... Read more

7 more replies
Relevance 77.08%

Hello, It seems that I, like a lot of people on here, have caught a nasty version of some Malware that causes all of my google searches to be redirected. I'm using the latest version of FireFox as my primary browser but I've also noticed that Google Chrome hasn't been able to load since the problem started. I've run My standard virus protection (ZoneAlarm) as well as SpyBotSD, Malwarebytes', and SuperAntiSpyware and everything has come up clean. Thanks for all of the help you guys do here hopefully this isn't a hopeless case. Below is my HijackThis log. Also, I just noticed that under ZoneAlarms it says that svchost.exe is try to launch C:\Windows\System32\verclsid.exe or use another program to gain access to privileged resources. I clicked deny for the time being. I've been suspicious of everything since this problem started occurring.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:53:13 PM, on 4/12/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32 ... Read more

Answer:Google Redirect Malware

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

27 more replies
Relevance 77.08%

When I run a search in Google and click on any of the links offered, it takes me to some random advertisement page or otherwise a page that does not correspond with the link that I clicked. Often I can hit the back button, returning to the Google search page, click the same link again and this time, the link usually brings me to the page I actually requested. Other times the link brings me to an error page in Firefox or Internet Explorer that says "server not found," but when I hit refresh or "try again" several times, eventually the page will come up. I think these two problems are related because they both started at about the same time. My brother went to one of those sites like tv.com and some sort of malware ended up infecting my system. Though I have run several scans in both McAfee and with MalWareBytes AntiMalware, which sometimes find and delete spy or malware, I am still have the strange Google search and "server not found" issues. DDS (Ver_10-10-10.03) - NTFSx86 Run by Rip Mabolzi at 22:29:17.31 on Tue 10/12/2010Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_18Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.3034.1774 [GMT -7:00]SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:�... Read more

Answer:Google Redirect Malware

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The ... Read more

47 more replies
Relevance 77.08%

Have been infected with google redirect malware. Have tried AVG scan, Mlwarebytes's scan, HitmanPro35, TDSSKiller and COMBOFIX but the redirect symptoms remain. Have copied in the contents of the DDS.txt below and attached the "Attach.txt" file, however, cannot get GMER to complete sucessfully and therefore cannot attach "Ark.txt". GMER either hangs or blue screens.
DDS (Ver_10-10-10.03) - NTFSx86
Run by Administrator at 13:42:57.96 on Thu 10/21/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1325 [GMT -6:00]

AV: AVG Anti-Virus Free Edition 2011 *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: My Security Shield *On-access scanning enabled* (Updated) {3B2FDC1E-D590-4BC9-A1C6-C3EC943A8D93}
FW: My Security Shield *enabled* {69B2E933-232C-4CBD-8C88-BF32E979F0C7}

============== Running Processes ===============

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Dell\QuickSet&... Read more

Answer:google redirect malware

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The ... Read more

12 more replies
Relevance 77.08%

Hello all. I have been trying to get rid of a malware, which redirects my google searches and produces pop-up tabs, with no success. Malwarebytes comes up clean, though it did find one trojan recently. I ran hijackthis, and googled each file on my droid to see if I should get rid of it. I thought I had the problem fixed, but realized, within a half hour, it was not. I ran combofix and thought that did it, but no luck. While Combofix was running, McAfee quarantined a virus (I think it said a virus, maybe just malware, if that means anything to you). I ran Hijackthis again, here is the log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:43:37 PM, on 5/17/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17096)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtp... Read more

Answer:google redirect malware

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

3 more replies
Relevance 77.08%

I have been having problems with google redirects to commercial sites. There seem to be about 4 or 5 different sites. I can try to get the names if they would be helpful.
I have done all preliminary steps. and ran the DDR program which produced the two logs. They are attached as per instructions.
Hope I can resolve this irritating hijack of searchs.
Any help greatly appreciated.
DDS (Ver_10-12-12.02) - NTFSx86
Run by Bernie at 10:51:43.27 on Fri 01/14/2011
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_23
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3325.1731 [GMT -6:00]

AV: Kaspersky Internet Security *Enabled/Updated* {AE1D740B-8F0F-D137-211D-873D44B3F4AE}
SP: Kaspersky Internet Security *Enabled/Updated* {157C95EF-A935-DEB9-1BAD-BC4F3F34BE13}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Enabled* {9626F52E-C560-D06F-0A42-2E08BA60B3D5}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Win... Read more

Answer:Google Redirect malware

Hello, and to the Malware Removal forum! My online alias is Blade Zephon, or Blade for short, and I will be assisting you with your malware issues!If you have since resolved the original problem you were having, we would appreciate you letting us know.In the upper right hand corner of the topic you will see a button called Watch Topic. By clicking this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.Before we begin cleaning your machine, I'd like to lay out some guidelines for us to follow while we are working together.I will be assisting you with your malware issues. This may or may not resolve other problems you are having with your computer. If you are still having problems after your machine has been determined clean, I will be glad to direct you to the proper forum for assistance.Even if things appear better, that does not mean we are finished. Please continue to follow my instructions until I give you the all clean. Absence of symptoms does not mean that all the malware has been removed. If a piece of the infection is left, it can regenerate and reinfect your machine. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.I ask that you please refrain fro... Read more

10 more replies
Relevance 77.08%

Within the last couple months, if I click on a search in google, it will redirect me to other websites, the one I can remember specifically is happili.com. I have run Avast anti-virus, Ad-Aware, and HitmanPro35 and nothing comes up as bad on the computer but clearly there is. How do I get rid of this? Please help!

Below is my HijackThis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:38:07 PM, on 11/23/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18975)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\WLTRAY.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Users\Neil and Jess\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iex... Read more

Answer:Google redirect malware

Hello, Jessika.My name is aommaster and I will be helping you with your log.I apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.If you have since resolved the original problem you were having, I would appreciate you letting us know. If not please perform the following below so I can have a look at the current condition of your machine.ThanksShould you still require assistance, please take note of the points below:Please track this topic by either adding it to your favourites or clicking the Options button at the top of this thread and then Track this topic.Please disable word-wrap before posting logs. This can be done by clicking Format and un-ticking the word-wrap feature in notepad. The logs that you post should be copied and pasted directly into the reply. Only attach them if requested or if they do not fit into the post.If you do not reply within 5 days, I will have to close your topic. Should you not be able to meet this, please notify me so that I will leave the topic open.Please do not install, update, or run any programs for the duration of the fix.If you do not understand the instructions I provide, please don't hesitate to ask. That's what I'm here for Please continue to reply to this topic until I give you the all clean. Just because there are no symptoms of infection doesn't mean that the computer is clean.If you are running Vista or Windows 7, please run all the fixes as an administrator. This i... Read more

24 more replies
Relevance 77.08%

Hello I seem to have been infected with a google redirect malware virus. Need help. Tried Avira, Malwarebytes, AVG, only malwarebytes found it; removed it; after a while it came back.

Some of the URL's its taking me to include;

scour.com
hxxp://www.find-quick-results.com/jump1/?affiliate=itcg&subid=19377_3&terms=hijackthis%20forums&sid=Z649044214%40IzXxMjM0UTMfNDOfhjMfRTNy8VMxkzM4IDOwMTM&a=vgpt&mr=1&rc=0
hxxp://click.mygeek.com/blank.html

I have downloaded DDS; and below is my log; then afterthat comes the GMER log. I did not get any attach.txt from DDS.

.
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by dmn at 21:39:34 on 2011-06-16
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3070.1370 [GMT -7:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -... Read more

Answer:Google redirect malware

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

3 more replies
Relevance 77.08%

Hello,
I found bleeping computer as my problem seems very similar to Brian105 who opened a thread yesterday. Google links are redirected to random other pages such as ebay. I have tried my AVG free scan which identifies a problem but cannot fix. Any help would be most appreciated!
Kind Regards ~ Dutch

Answer:Google redirect malware

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top o... Read more

13 more replies
Relevance 77.08%

I've been trying, with little success, to completely eradicate this annoying search engine redirect virus. In my many searches on the subject, it was suggested to post a log from HijackThis...so I was hoping someone might be able to help me out with this. Thanks in advance, TomLogfile of Trend Micro HijackThis v2.0.4Scan saved at 4:55:57 PM, on 7/19/2011Platform: Windows 7 SP1 (WinNT 6.00.3505)MSIE: Internet Explorer v8.00 (8.00.7601.17514)Boot mode: NormalRunning processes:C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exeC:\Program Files (x86)\CASIO\YouTube Uploader for CASIO\YStart.exeC:\Program Files (x86)\Windows Live\Mail\wlmail.exeC:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXEC:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exeC:\Program Files (x86)\Windows Live\Contacts\wlcomm.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\Microsoft\Office Live\OfficeLiveSignIn.exeC:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\... Read more

Answer:google redirect malware

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

12 more replies
Relevance 77.08%

Hello,
I didnt want to have to bother people with my own problems, so i trie to look at other peoples
but it seems not to be going away.
I started out with spybot and it couldnt get rid of the malware, then went to "Malwarebytes''
And still wont get rid of thing. i did the scan and quarantine twice.
Heres the log
I would greatly appreciate some help.

Malwarebytes' Anti-Malware 1.36
Database version: 2085
Windows 5.1.2600 Service Pack 3

5/6/2009 8:47:07 PM
mbam-log-2009-05-06 (20-47-07).txt

Scan type: Full Scan (A:\|C:\|D:\|E:\|)
Objects scanned: 150434
Time elapsed: 33 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\Temp\msb.dll (Worm.Autorun) -> Delete on reboot.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Worm.Autorun) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Worm.Autorun) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)
... Read more

Answer:google-redirect Malware Log

Anyone?

2 more replies
Relevance 77.08%

I recently caught the search engine redirect virus and I'm concerned that there may be other rootkits/malware from a suspicious flash drive I used. I have already run malwarebytes and combofix (prior to finding this site) as well as spybot s&d. Malwarebytes frequently pops up blocked ips while using firefox. System is windows 7, 64 bit. any help is greatly appreciated

Below is the requested log

.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_26
Run by Ian at 10:05:08 on 2011-06-24
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.6141.3918 [GMT -7:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k Local... Read more

Answer:Google Redirect Malware

Hello, Welcome to TSF.
I'm nasdaq and will be helping you.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

Please do not install or uninstall any programs, or run any other scanners or software, unless I specifically ask you to do so. Also please copy and paste logs into the thread, rather than add them as attachments.
===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.Click on the Start Scan button and wait for the scan and disinfection process to be over.
If an infected file is detected, the default action will be Cure, click on Continue

If a suspicious file is detected, the default action will be Skip, click on Continue

If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System d... Read more

2 more replies
Relevance 77.08%

Previous scans/logs and discussions here: http://www.bleepingcomputer.com/forums/top...ml#entry1534571 When click on a result in google, I am redirected to sites such as ad.com, info.com, etc. Does not happen if I right click and open topic in a new tab, or copy and paste address into address bar. Scans have detected nothing thus far. Please help. Thank you. Root Repeal Log:ROOTREPEAL ? AD, 2007-2009==================================================Scan Start Time: 2009/12/13 18:23Program Version: Version 1.3.5.0Windows Version: Windows XP Media Center Edition SP3==================================================Drivers-------------------Name: rootrepeal.sysImage Path: C:\WINDOWS\system32\drivers\rootrepeal.sysAddress: 0x998C3000 Size: 49152 File Visible: No Signed: -Status: -Hidden/Locked Files-------------------Path: C:\hiberfil.sysStatus: Locked to the Windows API!Path: c:\documents and settings\aaron schauer\local settings\temp\~df63b7.tmpStatus: Allocation size mismatch (API: 16384, Raw: 0)Path: c:\documents and settings\aaron schauer\local settings\temp\~df2f19.tmpStatus: Allocation size mismatch (API: 16384, Raw: 0)Path: c:\documents and settings\aaron schauer\local settings\application data\bvrp software\netwaiting\mohlog.txtStatus: Allocation size mismatch (API: 112, Raw: 72)SSDT-------------------#: 041 Function Name: NtCreateKeyStatus: Hooked by "" at address 0x869bcd80#: 047 Function Name: NtCreateProcessStatus: Hooked by "" at address 0x869bc280#: 048 Func... Read more

Answer:Google Redirect Malware

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

14 more replies
Relevance 77.08%

I started getting google search redirects a couple of weeks ago. Mcafee found nothing so I downloaded Malwarebytes which did find several hits. I continued to get redirects though. I have been throough the steps in your guide at http://malwaretips.com/blogs/malware-removal-guide-for-windows/ several times to no avail. I also tried Mcafee Stinger, and root kit tool...no help.

Thanks so much for any help you can give....I'm whipped.

John
 

Answer:Can't get rid of google redirect malware

Download attached fixlist.txt on the same location as FRST (otherwise the fix won't work)

Open FRST, and click Fix. Attach me that report after it is finished.


Please download zoek.zip or zoek.rar by smeenk () from here or here and save it to your Desktop.
Unpack the archive...

Close any open browsers
Temporarily disable your AntiVirus program. (If necessary)
If you are unsure how to do this please read this or this Instruction.

Double click on zoek.exe to run the tool .
Please wait while the tool does not start...

Copy the text present inside the code box below and paste it into the large window in the zoek tool:
Code:
autoclean;
emptyclsid;
emptyalltemp;

Click on button.
Please wait until a logreport will open (this can be after reboot)

Save notepad to your Desktop and attach here zoek-results.log
Note: It will also create a log in the C:\ directory named "zoek-results.log"

 

6 more replies
Relevance 77.08%

Hello all,

I have tried to do many many things before having to ask for help and I'm just at a dead end now. I managed to download a very corrupt file and it has really jacked my computer up. I fixed many of the issues and my computer was running fine with the exception of a very slow desktop load and google links redirecting me to advertisement sites. Recently my computer has completely stopped loading the desktop in normal boot mode. It will load my background wallpaper and that is all. I can bring up task manager and it shows explorer.exe running along with 20 or so other processes (each which I checked individually and appear to be legit). I am currently running in safe mode and have done several MBAM/Super Anti-spyware/avast anti-virus/CClearner/Spybot scans and I can't seem to get things working. I'm fairly sure it is some kind of registry issue. Before this problem started, avast kept telling me there was a problem with user.32.dll or something along those lines and it could not repair it or anything. This error came up every time I opened any type of app or even a txt file. My power kicked off (from weather conditions) and when I loaded my computer back up (first reboot since I was getting the avast user32.dll virus detected type errors) I encountered the desktop not loading in normal boot. I am trying to fix this issue without having to do a Windows XP repair with the boot disc mainly because, in my infinite wisdom, I didn't create the... Read more

Answer:Google Redirect - possible malware?

Hi are your MBAM scans coming back all 0's?Let's try part 1 of S!Ri's SmitfraudFix Please download SmitfraudFixDouble-click SmitfraudFix.exeSelect option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).Please copy/paste the content of that report into your next reply.Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.http://www.beyondlogic.org/consulting/proc...processutil.htm

9 more replies
Relevance 77.08%

I'm having this same problem I've been reading about on a few other threads with google/yahoo search results being redirected to advertising sites. Unfortunately I didn't ready the threads here before trying to fix it on my own. Yesterday I ran combofix and it seemed to have fixed it, however the problem is back after starting up my computer again (assuming this has to do with not turning off system restore points) and combofix will not run now, it starts but it terminates before loading all the way. I've tried running the 2 scans in the "before you post" sticky, dds wouldn't run and gmer came up empty. I'm posting my hijack this log here. Thanks for any help, I'm banging my head on my desk here....


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:19:02 AM, on 2/19/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System... Read more

Answer:Google Redirect Malware

Hello deathxbyxtaxes Welcome to TSF.

We no longer use HijackThis as our initial analysis tool.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html
After running through all the steps, you shall have a proper set of logs. Please post them in a new topic,
as this one will be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

1 more replies
Relevance 77.08%

Clicking on links in a google search keeps sending me to phoney pages, it will either send me to the actual page, or anything from a failed google search, an error 404, ebay or strange sites like "Search Britania". This can't be good. Heres a Combofix log and a HJT log, I have also run CCleaner.

ComboFix 09-05-18.06 - Luke 19/05/2009 16:05.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.440 [GMT 1:00]
Running from: c:\documents and settings\Luke\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2009-04-19 to 2009-05-19 )))))))))))))))))))))))))))))))
.

2009-04-27 12:19 . 2009-04-27 12:24 -------- d-----w c:\documents and settings\Luke\Application Data\U3

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-19 09:44 . 2005-11-07 21:04 -------- d-----w c:\program files\Steam
2009-05-12 10:07 . 2009-03-29 22:08 11952 ----a-w c:\windows\system32\avgrsstx.dll
2009-05-12 10:07 . 2009-03-29 22:08 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-04-22 11:34 . 2005-11-05 10:24 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-20 17:06 . 2009-03-01 10:07 -------- d-----w c:\program files\ScummVM
2009-04-18 09:47 . 2005-11-07 21:15 -------- d-s---w c:\program files\Xfire
2009-04-13 23:05 . 2009-04-13 23:05 -------... Read more

Answer:Google redirect malware

6 more replies
Relevance 77.08%

Anytime I click a search result from google, I'm redirected to a variety of spam sites (ie. wantangel.com).

Malware Bytes, SBS&D, and AVG all find nothing, except a few times I've plugged my phone in (T-mobile HD2) it says that autorun.inf (I could be wrong on the exact file name) has been detected as a virus and moved to the vault.

I've attached my hijack this log.
Thank you very much in advance!
 

Answer:Google Redirect Malware

10 more replies