TechSpot

Google Redirect and Avast not updating

By Zucye
Mar 31, 2009
  1. My google search results page, are redirecting me to different sites, after FireFox was abruptly restarted. This started happening in all my user accounts. First FireFox restarts and then all searches are redirected. I downloaded Ad-Aware and didn't find anything but a few tracking cookies that got deleted. I also run the Avast antivirus (which is been running for a couple of years) and I notice 2 thing; the Avast icon in the task bar is gone and I can't longer update Avast.(Ad-Aware can't be updated either) Never the least I runned avast at boot and while in the administrator account and it didn't find any viruses.

    I Downloaded 7770finder. Which found a problem and I delete it. After that I was able to use google without being redirected for a few minutes, but then FireFox abruptly restarted again and the symptoms started right back.

    I also downloades and run: Malwarebytes, SuperantySpyware (found: gec_logging[1]. htm and gpl_lp[1]. js - were removed) and unistalled and re-intalled Avast. I tried ComboFix but I can't make it run. It does not even let me acces the download site: bleepingcomputer (I had to download the program to a usb drive to put it in the laptop)

    In Advance thanks for your Time!
    Zucye

    LATEST LOGS IN POST #4
     
  2. Zucye

    Zucye TS Rookie Topic Starter

    I responded to my own topic, not to bump it, but because I have made some progress. I think the problem is partially solved. But I still might be infected and I need someone to look at my log. Please Help!

    I uninstalled all my virus and spyware removal tools and ran once again "7770finder" with following parameters "7770FINDER.exe /r /p c:\" for a full drive scan. As before it found "csfici.lgy" in the windows file. Which I had previously deleted. I renamed it to “csficiZucye.lgy” and Even though another one re-appeared shortly after, the new “csfici.lgy” is only 1 kb. And the redirection has stopped. Also, after uninstalling the virus and spyare tools. I was able to run "ComboFix", but I am kind of scare to use it without guidance. So far I have only re-installed AVAST (the anti virus). I don't know if my computer is clean now, but at least the redirection is gone.

    Any suggestions as to what to next to see if there is still a virus in the computer. Avast is not picking anything (but it didn't before either). As for the icon for Avast not appearing in the task bar and not updating, I think it was a conflict between Avast and Ad-Aware.
     
  3. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

  4. Zucye

    Zucye TS Rookie Topic Starter

    8 Steps Completed

    I Completed the 8 Steps as suggested. Logs are attached
     
  5. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Download Combofix
    Lots of info on its use h e r e
    Direct download h e r e

    Locate the downloaded Combofix. Double click on it to run, answering any prompts along the way
    Note: during Combofix scan (lasting up to 10mins) your Desktop and clock may reset (all normal)
    ComboFix will also restart your computer (eventually) and then (eventually) create a log

    Save this log file to be attached to a new reply

    Restart

    Then do another scan with HJT (scan and log file) and attach this to a new reply as well
     
  6. Zucye

    Zucye TS Rookie Topic Starter

    After step #4 ran Avast for another full scan with the following results.
    4/3/2009 3:07:34 AM Admin 1032 Sign of "Win32:KillAV-KS [Trj]" has been found in "C:\Documents and Settings\SUSY\Local Settings\Temporary Internet Files\Content.IE5\X8JEI0BJ\g6[1].exe\[UPX]" file. - It was successfully removed.

    Ran Combofix and after it restarted. I got the following message:
    Windows cannot find 'NIRCMD.COM'

    I restarted the computer manually again and everything seems to be working fine.
     
  7. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Looks to be resolved

    Can you now update Avast and run a full scan?


    Clear & Reset System Restore's Cache

    Go to Start >> Run - type or copy/paste control sysdm.cpl,,4 and then press Enter
    * Tick on the checkbox - Turn off System Restore on all drives
    * Click Apply
    Turn it back 'On' by unticking the same checkbox & click Apply, and then OK

    Fix System Restore
    http://www.techspot.com/vb/topic123379.html


    Un-install Combofix
    • Click START then RUN
    • Now type Combofix /u in the runbox and click OK
    • [​IMG]
    • When shown the disclaimer, Select "2"
    (Note: 1 space after ComboFix in that uninstall command)
     
  8. Zucye

    Zucye TS Rookie Topic Starter

    Yes I am able to update Avast now and google is not redirecting so far.

    I uninstalled combofix and did the Clear Reset System Restore

    Do the logs look ok? Nothing weird going on?

    Which spyware should I keep? or should I install something else besides Avast. I don't want to install Ad-Aware again as I feel that was part of the problem. Any suggestion are appreciated.

    Please Advice!
     
  9. riley17

    riley17 TS Rookie

    Alright mate, ive got the exact same problem as you. Could you just sum up how you solved it as i got a little lost reading through here!

    Thanks
     
  10. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

  11. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Zucye, yes your logs look ok

    I use free Avira Antivirus, but Avast! is just as good ;)

    As for programs to keep, there have been other threads on this
    Personally I see no reason to have all these bundles of programs starting with Windows

    I believe a scan with updated Malwarebytes and SuperAntispyware every now and then is good
    It all comes down to your browsing habits, ie I don't get Malware ;)

    Edit: And stop quoting yourself :D
     
  12. Zucye

    Zucye TS Rookie Topic Starter

    Thanks Kimsland! And sorry about that!
    Have a great weekend!

    Thanks againg for the Help :wave:
     
  13. glitter99

    glitter99 TS Rookie

    same problem with google redirect and avast not updating

    Hi,
    I'm new to these boards and very new at trying to fix my own computer. A few weeks ago google started to redirect me whenever I clicked on a result in the web search. It was usually to another search site. If I back clicked I could sometimes get to the page I wanted. Antivir found a trojan called TR/ATRAPS.Gen located in documents and settings\amanda\local settings\ncfl.hvx. If I deleted it or quarantined it, it kept reappearing and I was getting notices all the time. Then I got blocked from checking computer help website as all my web browsers would crash. So I took my computer in to a computer shop to be "cleaned". The removed Antivir and my computer was better for a week. I replaced Antivir and it wouldn't update so I removed it and added avast and it wouldn't update. I could go to the website and download updates manually though. Google started redirecting me again yesterday and avast found the same ncfl.hvx files times 3 and quarantined them. With avast running in the background my computer seems to be ok.

    I followed all the instructions in the updates 8 step malware removal and here are the logs. Can someone please make sure my computer is finally fixed? Thanks, I greatly appreciate your help and skill.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...