Google re-direct virus

Status
Not open for further replies.

voxkill

Posts: 6   +0
I have the Google re-direct virus (I think?) and am having a hard time following directions on removing it, as it keeps automatically closing pages related to virus removal. Symptoms: redirected from Google links, slow performance, web pages related to virus removal cause window to automatically close, cannot run or download antivirus software. I've read and re-tried all of the "8-step virus remover" suggestions to no avail. Any help is very much appreciated, as I would like to avoid re-formatting.

Edit: I got Super Anti Spyware to install and run, but after scanning for roughly a minute it automatically restarts my computer so that the scan cannot progress. It found a few files which, after pausing the scan right away, I could remove, but that's as far as I can get. Both the logs from those files are attached here. Nothing else will open or run except CCleaner.

Second edit: I got hijack this to run, log is attached. Still can't get Super Anti Spyware or Malwarebytes to run regularly.
 

Attachments

  • hijackthis.log
    6.8 KB · Views: 5
Update

After some fiddling, I got Avira to run, log is attached. I think it's worse than I thought hah...still holding onto hope for this PC.
 
Hello voxkill

Please download combofix here -> https://www.techspot.com/downloads/5587-combofix.html

Before Saving it to Desktop, please rename it to something like 123.exe to stop malware from disabling it.

Now, please make sure no other programs are running, close all other windows.

Please double click on the file you downloaded. Follow the onscreen prompts to start the scan.
Once the scanning process has started please DO NOT click on the Combofix window or attempt to use your computer as this can cause the scanning process to stall.
It may take a while to complete scanning and this is normal.

You will be disconnected from the internet and your desktop icons/toolbars will disappear during scanning, do not worry, this is normal and it will be restored after
scanning has completed.

Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please attach it to your next post

NB. If you can´t run combofix from normal mode, reboot to safe mode, and run combofix.
 
Ok, we´ll remove it then.

Open notepad and copy/paste the text in the quotebox below into it:
Name the file as CFScript
and Save it on the desktop

Killall::
Snapshot::
File::
c:\windows\VDM8C3.tmp
c:\windows\VDM8C2.tmp
c:\windows\VDM8BF.tmp
c:\windows\VDM8BE.tmp
c:\windows\VDM8BB.tmp
c:\windows\VDM8BA.tmp
c:\windows\VDM5B8.tmp
c:\windows\VDM5B7.tmp
c:\windows\VDM505.tmp
c:\windows\VDM504.tmp
c:\windows\VDM501.tmp
c:\windows\VDM500.tmp
c:\windows\VDM4FD.tmp
c:\windows\VDM4FC.tmp
c:\windows\VDM4F9.tmp
c:\windows\VDM4F8.tmp
c:\windows\VDM4F5.tmp
c:\windows\VDM4F4.tmp
c:\windows\VDM218E.tmp
c:\windows\VDM218D.tmp
c:\windows\VDM218A.tmp
c:\windows\VDM2189.tmp
c:\windows\VDM20B4.tmp
c:\windows\VDM20B3.tmp
c:\windows\VDM20B0.tmp
c:\windows\VDM20AF.tmp
c:\windows\VDM20AC.tmp
c:\windows\VDM20AB.tmp
c:\windows\VDM20A8.tmp
c:\windows\VDM20A7.tmp
c:\windows\VDM20A4.tmp
c:\windows\VDM20A3.tmp
c:\windows\VDM1CE7.tmp
c:\windows\VDM1CE6.tmp
c:\windows\system32\kusers.dll
c:\windows\system32\82a94dbb6d4b3e132423262ec19f9842.sys
c:\windows\system32\_82a94dbb6d4b3e132423262ec19f9842.sys_.vir
Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\82a94dbb6d4b3e132423262ec19f9842]

http://www.fromsej.saknet.dk/billeder/cfscript.gif

Once saved, refering to the picture above, drag CFScript.txt into ComboFix.exe.

Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please attach it to your next post

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
 
Status
Not open for further replies.
Back