Google re-directing. 8 Steps

Status
Not open for further replies.
I

iHateviruses

Posts: 11   +0
Basically if i go to google and click a link or even search for a thread on these forums it will open up another page of fake virus sites like cyberdefender etc. I scanned my computer plenty of times with SuperAntiSpyware and Malwarebytes but it still did not remove the problem.

I have followed the 8 steps and here's my results.

You will find my attachments below: HijackThis, Malwarebytes, and SuperAntiSpyware.
 
Fix entries using HiJackThis

  • Launch HiJackThis
  • Click the Do a system scan only button
  • Put a check next to the entries listed below


O1 - Hosts: 195.245.119.131 browser-security.microsoft.com
O3 - Toolbar: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O18 - Filter hijack: text/html - {c5056033-ad75-463d-a71f-f043c0583298} - (no file)
O20 - AppInit_DLLs: karina.dat rsyjvc.dll
O21 - SSODL: aAmAq - {3C464B98-96EC-E132-A151-32B067B9289E} - (no file)


  • IMPORTANT: Do NOT click fix until you exit all browser sessions including the one you are reading in right now
  • Click the Fix checked button and close HiJackThis
  • Reboot HijackThis if necessary

Hosts File Corrupted



Download HostsXpert v4.1 and unzip it to your computer, somewhere where you can find it.
  • Double click on HostsXpert.exe to launch the program.
  • Click on Restore MS Hosts File to restore your Hosts file to its default condition.
  • Click on Make ReadOnly to secure it against further infection.
  • Exit the program.

Visit the Website for more information.

avatar62338_9.gif
Download and Run ComboFix

  • Download this file to your desktop from either of the two below listed places :



    HERE or HERE


  • Then double click combofix.exe & follow the prompts.
  • When finished, it shall produce a log for you. Attach that log in your next reply

WARNING: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
 
Until kritius gets back to you!

Update then run MBAM (Quick scan) again as it had found/removed items and may now find more on a 2nd run!

Optional run SAS and select to remove the tracking cookies!

Run the ComboFix! Post log!

Did the bug.txt you posted come from the HostExpert?

EDIT: If the bug.txt came from ComboFix then reboot to Safe mode and run ComboFix again.

Only after the above post a new HJT log!

Mike
 
I cannot use combofix it doesnt seem to work on my computer. it gives a small loading bar and these random files appear i dont know what to do now.


I REdownloaded combofix but i cannot click it. do i have to change the name of it?

i cannot delete this file from my HijackThis: O18 - Filter hijack: text/html - {c5056033-ad75-463d-a71f-f043c0583298} - (no file)

HELPPP.
 
OK we are here to HELPPP calm down!:)

Yes rename Combofix.exe to 12cbf34.exe and run that!

If it does not work then try 12cbf34 from Safe Mode networking and if it works do install the Recovery console.

Mike
 
yeah i figured it out then lol i was doing it right i didnt know i wasnt supposed to close that "run" box.


heres my new attachments
 
oowee!

You are doing a great job!


Update then run MBAM again Quick scan, we need to see a clean log!

ComboFix was loaded run it again hopefully a clean log.

Since ComboFix found so much SAS may now find something that was hidden by the issues ComboFix removed so another SAS.

Then..

Download SDFix to Desktop.

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

On Desktop run SDdFix It will run (install) then close.

Then reboot into Safe Mode

As the computer starts up, tap the F8 key several times.

On the Boot menu Choose Safe Mode.

Click thu all the prompts to get to desktop.

At Desktop
My Computer C: drive. Double-click to open.

Look for a folder called SD Fix. Double-click to enter SD Fix.

Double-click to RunThis.bat. Type Y to begin.

SD Fix does its job.

When prompted hit the enter key to restart the computer

Your computer will reboot.

On normal restart the Fixtool will run again and complete the removal process then say Finished,
Hit the Enter key to end the script and load your desktop icons.

Once the desktop is up, the SDFix report will open on screen and also be saved to the SDFix folder as Report.txt.
Attach the Report.txt file to your next post.

Mike
 
OK we still have found/repaired baddies in MBAM and ComboFix.

Another run of each to see a clean log hopefully!

MBAM first, then Combofix.

last a new HJT log!

Mike
 
No no more SDFix.

But MBAM and ComboFix!

ComboFix had some especially bad issues that it said it cleaned. It is very important that these issues really were cleaned or you will be reinfected quickly.

Mike
 
Sharp eye kritius

No it is not! Running from: C:\RAWRRR.exe and C:\GRRR.exe

IHateViruses are you familiar with these names?

If not do this.

Start-Run
type
combofix /u
click OK

This uninstalls Combofix
Now redownload combofix to the DeskTop again ( do not run) before running it rename ComboFix.exe to 12cbf34.exe and run that.

Mike
 
OK so did it run?

If so where is log?

And the answer to this question from my post above!
No it is not! Running from: C:\RAWRRR.exe and C:\GRRR.exe

IHateViruses are you familiar with these names?
Click to expand...

I already have another poster in trouble because they did not follow instructions!

Mike
 
Uninstall Norton Antivirus
Then run the Norton Removal tool

Install Avira free AntiVirus, and run a full scan

Seeming you iHateviruses you may as well have a much better Antivirus program ;)

Oh and uninstall LimeWire too, otherwise you are just going to be re-infected again and again
 
I totally agree with Kim! About Norton and Avira. But!

I highly advise not installing anything until these 4 Super critical files in red below are fixed! At the very least Aviri will instantly be infected!

And at least you have some protection now. But to uninstall you will be naked for the time it takes to install the new Virus scanner. Long enough for the Pit Bulls to run wild and kill somebody!

From ComboFix log!
c:\windows\system32\lsass.exe . . . is infected!!
c:\windows\system32\winlogon.exe . . . is infected!!
c:\windows\system32\services.exe . . . is infected!!
c:\windows\system32\svchost.exe . . . is infected!!


And again I ask!
And the answer to this question from my post above!
No it is not! Running from: C:\RAWRRR.exe and C:\GRRR.exe

IHateViruses are you familiar with these names?
Click to expand...

By all means when these are clear remove Norton and install Avira!

Mike
 
yeah but im k following mike so ill do that if he checks me off. hes been helping out perfectly so far because im seeing improvement so im just waiting.
 
kimsland said:
Then run the Norton Removal tool...
Oh and uninstall LimeWire too, otherwise you are just going to be re-infected again and again
Click to expand...
That's my recommendation
Also note when I saw "Limewire" I thought no use until that's gone! We can't help if more viruses are being downloaded on your system ;)
I'd suggest use the free Ubuntu boot CD to run these file sharing programs, not Windows. ;)
 
Status
Not open for further replies.

Similar threads

D
Google is changing how it shows search results to European users
Replies
1
Views
166
Mr Majestyk
M
A
Google updates Search to fight low-quality spammy content, doesn't mention "AI" at all
Replies
5
Views
148
UdyrL
UdyrL
Cal Jeffrey
Hackers are using Punycode to create authentic-looking URLs in Google ads
Replies
8
Views
391
FF222
F

Latest posts

Back