Google been redirected

Status
Not open for further replies.
A

AgentGustavo007

Posts: 11   +0
I been trying to fix my computer for the last 24 hours, I haven't even sleep. I already format the Hard Drive and reinstalled Windows XP again.

My probem was that the computer kept shutting down by itself, but after all I did, that problem is fixed. however my results from Google are still been redirected to other websites, so I decided to install Avira.



I ran into the 8 steps you guys provided to solve this problem here: techspot com/vb/topic58138.

I already downloaded the CCleaner, the Hijackthis and the SuperAntiSpyware Home Edition Free Version, but for some reason Internet Explorer will not let me download the Malwarebytes' Anti-Malware. I'm about to run the CCleaner.
 
You might want to use killdisk to make sure you get anything that might be on the hard drive. I had a very persistent virus once, using killdisk was the only way to get rid of it. (After formatting a dozen time and throwing every antivirus and anti malware program I could think of at it.)
 
Yes good idea :/

Although I've never used that - ever
And I've fixed, I'd say Hmm. A few thousand Malware computer faults

But thanks for your input :grinthumb :D
 
kimsland said:
Yes good idea :/

Although I've never used that - ever
And I've fixed, I'd say Hmm. A few thousand Malware computer faults

But thanks for your input :grinthumb :D
Click to expand...


Thank you the link worked I finnally was be able to download the program. Sorry for the attachment, I didn't know about it, I'm new here, hope I don't get in trouble with hackers.

I already ran CCleaner (I attached the log file of it). I'm about to go to the other steps.


Moderator Edit:
We don't need the CCleaner log
I'm not even going to look at it !

kimsland said:
Try this for Malwarebytes


It's a direct link to the Malwarebytes home site
Click to expand...

I already disable Avira and I already installed Malwarebytes' Anti-Malware, however the program will not open, I click the shortcut many times and it doesn't do anything.
 
This link has a small fixit.zip file attached to the end of the post
When saving (or after) you must change the extension to Fixit.exe
Then run it
 
Thanks I already downloaded a few times. This is what happens:

1. When I unziped it says that it is empty.
2. When I change the extension after been saved, it remains as a zip
3. When I change the extension while saving it saves with the extension ".exe", but when I run it, the only tthing that does is open the the comman pront prgram really quick, and then it closes inmediately.
 
Hmm

I have another idea, leave it as a Zip, and then extract it normally
Then open the extracted folder and double click on: Fixit.cmd

Basically I didn't design this small command, but I know it works

Anyway once done, then run the new Malwarebytes shortcut on your Desktop
 
Thanks. I downloaded the file again, when I unzip the zip file it says that there is not files to extract so there is not any extracted folder to open after.
 
It worked for me

By the way, these posts trying to get your logs at normally Post #1, are subject to be removed

Anyway try running CCleaner, delete the file too
And then download it again
 
I deleted the files, ran the CCleaner again, use the same link to download the file call "fixit.zip" and still the zip is empty.

By the way thank you for fixing my first post, and thank you for trying to help me, I haven't sleep because of this.
 
Actually I have fixed every post of yours
The last two you quoted me, which is just not required - therefore removed
Am I quoting you right now? No I'm not
Therefore just click Reply in future, quotes are meant when you're quoting someone

ie:

AgentGustavo007 said:
thank you for trying to help me
Click to expand...
No problem


Anyway, lets try a whole new approach ;)

Combofix Instructions

  • Download Combofix to your desktop.
  • Double click Combofix & follow the prompts.
  • A window will open with a warning.
  • When the scan completes it will open a text window. Please attach that log back here together with a fresh HJT log.
Caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Combofix is a very powerful tool so please do NOT do anything without instruction

Combofix will automatically save the log file to C:\combofix.txt
Make sure to Attach the log to a new reply
 
I won't do Quote again

Thanks for the program. So what I did is that I disabled avira before running combofix, the system restared and avira was enable again, avira said

D:/ComboFix/N_1894
Contains code of the Erica-Test-Signature virus

once, and

D:/ComboFix/psexec.cfexe
Contains recognition pattern of the APPL/PsExec.E application

twice, so Avira denied the access 3 times

However ComboFix ran totally fine, the only problem is that once everything was done, everytime I would do right click on a ".txt" file, the mouse pointer will freeze up, so I had to restart the computer twice until I learned not to use right click.

After that I ran HJT. I have both log files attached here.

By the way Combofix told me to write these on paper before running:

D:/WINDOWS/System32/drivers/gaopdxjppekinawunlmwalippetniwlqotoupr.sys

and

D:/WINDOWS/System32/drivers/gaopdxmumicipsnevroaldnxrlwtarckeoxxyk.dll

Sorry about the slash: "/", but I couldn't find the key were the slash is going the other way. Also I was trying to install SuperAntySpyware before running Combofix and it said that the program needed to be close, so it didn't let me. However I haven't touch anything after the Combofix and HJT actions.
 

Attachments

  • ComboFix.txt
    11.6 KB · Views: 5
Wow this one was a beauty :D
d:\windows\system32\drivers\gaopdxjppekinawunlmwalippetniwlqotoupr.sys

Yep it's all good

It runs for 10 mins (as you know)
But the 2nd time around it's real quick ;)
ie Pls run one more time

Allow restart (as per normal)
Save the log to your Desktop

Then finally at last run Malwarebytes (pls keep Avira activated and obviously updated, during the Malwarebytes scan
 
WOW dude the Internet is not redirecting anymore, and Malwarebytes is finally working. SHould I still run Combofix agan? I'm scaning the computer with Malwarebytes' right now as you told me to do.

ANyway thank you so much for your patience, I don't know how to thank you.
 
hey bro, when you told me to run the comobfix again I ran it, first I aborted the malwarabytes' and then I ran combofix again and it seem that everything went fine.

after that I ran again malwarabytes', while i was running it, Antivir was enable as you told me to leave it on, so it actually popped up a few times during the malwarabytes', the first time it said:

D:/Qoobox/Quarantine/D/.../gaopdxmumicipsnevroaldnxrlwtarckeoxxyk.dll.vir

is the TR/Crypt.ZPACK.Gen Trojan

I choosed the delete option, and the other pop up was:

D:/System Volume Information/.../A0005617.dll

Is the TR/Crypt.ZPACK.Gen Trojan

I choosed delete with that too and Avira didn't pop again.

Then I finally was be able to isntall SUPERAntiSpyware, I ran it, but it didn't gave me a log file at the end.

However both scan said that there were not any files infected. After I went to bed 'cause I was about to faint.

I just woke up, made the users, etc. I just ran HJT. I'm attaching here the results as you told me.

Thank you very much again for your help, the pc is working fine again, if it is a little slower than the morning is because yesterday was on all day, and I only gave it a six hour break :), but it seems to be fine.
 
It's actually more difficult without the Superantispyware log, even if clean

Anyway,

Remove HJT entries
Run HJT scan only and check the following entries, then select fix
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
Click to expand...

Un-install Combofix
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK
  • CF_Cleanup.png
  • When shown the disclaimer, Select "2"
(Note: 1 space after ComboFix in that uninstall command)

Clear system restore points

Go to Start >> Run - type or copy/paste control sysdm.cpl,,4 and then press Enter
* Tick on the checkbox - Turn off System Restore on all drives
* Click Apply
Turn it back 'On' by unticking the same checkbox & click Apply, and then OK

Update Java
Run JavaRa
This will remove all your old Java stuff (that is not required)
It will also help you check for new Java updates

Restart
Report how everything is running well :)
 
Yeah my Java was up to date the whole time, I checked it again and is still fine.

Combofix iwas already unistalled, so when I typed Combofix /u it said that nothing was found, I did it with the panel of contol before I saw your reply, and the same with the previous HJT logs, everything is pretty clean. I also deleted the other superantispyware stuff 'cause it was already unistalled too. Avira is the only one currently installed, I for sure will not unistall that one :)

I already attached the new HJT log file, I just barely ran it.

I was going to ask you if it is OK to delete the following folders, the first one is empty and the other only has a bunch of virus logs:

D:/32788R22FWJFW

D:/Qoobox

I just turned off System Restore on all drives and them and turned on as you told me, so that is done. The computer is running awesome, thank you many times.

Sorry I just realize that the HJT log file was not attached in my previous post for some reason, here it is.
 
Well the following entry in HJT scan can also be safely removed:
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
Click to expand...

But your Java still seems to be incorrect :confused: Unless you were still in the process of updating it and still hadn't restarted? I suppose that was all.
It may be a good idea to run JavaRa once more to remove old versions of Java just in case ;)

Yes both those folders can be removed
If they do not remove normally (ie due to being in use) Then you may need to do this in Safe Mode (pressing F8 before Windows starts)

I wanted to ask you, once all was done (ie now) why is everything D drive? Instead of C drive. Have you re-installed in the past or moved your Harddrive to a new location, or done something along those lines?
Because what it means is that you may have issues one day, with things like Office and even some standard programs usually first look for C Drive (note: they are suppose to look for %systemdrive% or %windir%) and in your case everything is D ?

Anyway other than that, how's it all seem now?

Edit:

Oh and if you feel the need to add to your last reply (if it is the last reply in the thread) Just use EDIT
 
Thanks for fixing my posts, that way other people can read it for help better.


Yeah, I downloaded this DVD Tool program to burn DVDs, and when I installed it, the PC restared, I thought that was part of the installation, but no, I realized was a virus that was shutting down my computer before I can even open anything, it was restared a million times until I finally manage to install Windows Live OneCare free trial somehow. The antivirus wouldn't load on time because the virus was getting worse and the PC kept restaring, so I went into a new user and finally One Care loaded on time to stop the PC from been restared, so I wanted to get to Kaspersky page, I knew that it was going to be better than One Care, but the Internet kept redirecting me until I noticed that if I let one new tab to be redirected while this tab is been redirected I can open another tab that will open before the one being redirected and I would manage to get to the right place, I finally managed to get to the Kaspersky free scan, but Java was not installed so it asked me to updated, then I tried again and it wouldn't let me run it because of OneCare and the Phishing Firewall, and the trojan, so I had to also download the Kaspersky free trial, but then I realized that it was going to be impossible to install it because in order to do so I probably had to uninstall OneCare and if I do so, the PC was going to be restared again, because OneCare was popping every minute deleting the virus over and over again, I tried to install it anyway but it didn't work, so I figured that I had to format Drive C:/, but OneCare kept saying that the virus was in D:/ so I formatted D:/ first, and when I wanted to format C:/ it wouldn't let me, so I restared and quickly press "Esc" to see if I can format C:/ from there, but the option was not there, so I figure that my only option was to do it with the Windows XP disc, but the disc wouldn't run, because windows wouldn't start because D:/ was formated and some how it had some important files there, so I had to go to the Esc thing again and put CD-Rom as the primary drive (believe it or not my PC still has Drive A:/) and finally I was be able to ran the disc. Then basically I wanted to format the Drive C:/ to clean the virus, but instead I deleted C:/ by mystake as I didn't understand what Windows XP disc wanted to do, so Windows started to be installed in Drive D:/, but the space was too little, so it couldn't, it automatically restared and then asked me to make another partiture (because I delete C:/ the first time by mystake, and it seems that the program needed this partiture for some reason). So I say OK to it, let's do the partiture, and because D:/ was already there, Windows XP did C:/ as a partiture, so now D:/ had all the space that was deleted in the first C:/ and the new C:/ had the little space of the old D:/ drive. So when the option came of where should I install the Sytem, D:/ was my only option, as C:/ didn't have enough space, and it woulded happen just as the first time that after WIndows XP disc noticing that it couldn't be installed in C:/ because of the little space it was going to be restarted again and eventually I woulded have to choose D:/ because it was too late to change the partitue D:/ to be partiture C:/. So once i started installing Windows XP on D:/ it asked me if I wanted to delete everything I had there, and I say yeah, because I wanted the virus to be deleted too and start everything new, but I'm guessing that because of all these partitures crap the virus survived somehow. So after that XP was already installed and the PC was not restarting anymore, but Googles pages were still been redirected, so with the same trick I used before to get Kaspersky, I managed to find your site, and then you know the rest. :)
 
Oh, wow that was a good story :) (although the big paragraph formatting may have required a bit more work ;))

Anyway, because you will likely re-install again one day (I would)
Then here's the exact steps:

Microsoft's Windows XP Professional Repair Install step by step (* Including Delete Partition)
http://www.windowsxpprofessional.windowsreinstall.com/sp2sp3installxpcdoldhdd/indexfullpage.htm

Microsoft's Windows XP Home Repair Install step by step (* Including Delete Partition)
http://www.windowsxphome.windowsreinstall.com/sp2sp3installxpcdoldhdd/indexfullpage.htm

* Warning deleting the Partition will remove all User data and Windows system files
 
Yeah that was something I will remember :haha:

Thank you for the steps, I totally lack the energy of going to the whole process again, but I already added the link to my favourites 'casue you never know when you gonna need it. :slurp:

Thank you again :grinthumb
 
Status
Not open for further replies.

Similar threads

D
The Google Pay app is shutting down in the US, to be replaced by Google Wallet
Replies
3
Views
194
GreyOmega
G
E
I have been taken over by a software called Astanda using XML to Log everything and roaming to an SQL server.
Replies
0
Views
514
eriksnyman1
E
A
Google updates Search to fight low-quality spammy content, doesn't mention "AI" at all
Replies
5
Views
162
UdyrL
UdyrL

Latest posts

Back