8 Step Help Google Redirect

By JMarc
Dec 10, 2009
  1. I was searching yesterday then all of a sudden it kept redirecting me when I would click on a link. So I followed the 8-step Viruses/Spyware/Malware Preliminary Removal Instructions that you guys have and here are my logs.
    What do I need to do now?
  2. kritius

    kritius TS Guru Posts: 2,084

    Download ComboFix from one of these locations:

    Link 1
    Link 2

    * IMPORTANT !!! Save ComboFix.exe to your Desktop

    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

    • Double click on ComboFix.exe & follow the prompts.

    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
  3. JMarc

    JMarc TS Rookie Topic Starter

    I ran ComboFix and got this log....

    Attached Files:

  4. kritius

    kritius TS Guru Posts: 2,084

    Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
    • The application window will appear
    • Click the Disable button to disable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger will now ask to reboot the machine - click OK
    IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

    Do not re-enable these drivers until otherwise instructed.

    Please download GMER from one of the following locations and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zipped Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
    • Disconnect from the Internet and close all running programs.
    • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
    • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
    • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
    • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your NO.
    • Now click the Scan button. If you see a rootkit warning window, click OK.
    • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
    • Click the Copy button and paste the results into your next reply.
    • Exit GMER and re-enable all active protection when done.
    -- If you encounter any problems, try running GMER in Safe Mode.
  5. JMarc

    JMarc TS Rookie Topic Starter

    I have done as you directed and got this log.
    What should I do now?

    I appreciate all your help! :)
  6. kritius

    kritius TS Guru Posts: 2,084

    Go to start and then run and type cmd to bring up a command prompt window.


    cd C:\windows
    mbr.exe -t

    Copy and paste the contents of what is produced in here for me.
  7. JMarc

    JMarc TS Rookie Topic Starter

    I did as directed and copied and bolded below is what I got. Also, when should I re-enable the CD Emulation Drivers?

    C:\Windows>mbr.exe -t
    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer,

    device: opened successfully
    user: error reading MBR
    kernel: error reading MBR
  8. kritius

    kritius TS Guru Posts: 2,084

    Can you run it from an elevated command promt, in the search bar type cmd and then right click and run as admin.
  9. JMarc

    JMarc TS Rookie Topic Starter

    I couldn't figure out how to do it as admin but I believe I already am admin on this computer.
    I'm no longer being redirected from google. Can I re-enable the CD Emulation Driver?
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...