TechSpot

Google redirect and other stuff

By djphilos
Oct 22, 2008
  1. Hello, first post so wish me luck

    Got that google redirect thing. I followed the eight step plan and have attached relevent logs.

    Basically it all started when i got xp antivrus 2009 virus and thought I had got rid of it with the software advised in the 8 step plan

    I had to download said software on another pc because google chrome stopped working all together ( and still won`t work ) and google redirected all of my searches for them

    Avira is the only one that will update and the rest will not

    I have done the renaming hjt exe to something else too

    Hope that all made sense

    Game on
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    You need to go back and run Malwarebytes again- following the directions for checking for removal. Please follow that with SuperAntispyware, then a new HijackThis log. Directions:
    http://www.techspot.com/vb/post645589-1.html

    But you need to handle the 'two AV' problem now. IT appears you may have once has the Symantec/Norton security program, but there are still processes loading for it, so we can handle some of this now. Before running HijackThis again, download the Norton Removal Tool:
    http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039
    Save to your desktop. DO NOT run yet.

    Temporarily disable these Real Time programs before the scans: See
    http://wiki.castlecops.com/Malware_Removal:_Temporarily_Disable_Real_Time_Monitoring_Programs
    Real Time:

    Your Java is also out of date:
    Please re-open HiJackThis and scan.*Check* the boxes next to all the entries listed below:
    Symantec/Norton Entries:
    Have HijackThis remove these entries also:
    Now close all windows other than HiJackThis, then click Fix Checked.Close HiJackThis and reboot into Safe Mode:
    Start> Run> type in ''msconfig' without the quotes> Selective Start-up> Startup tab> uncheck everything EXCEPT the AV and Firewall, touchpad for laptop> Apply> OK.
    Start> Run> type in services.msc> Change the Startup type for ALL Symantec Services to Disable using right click> Propereties on each Service> Change the Startup typpe for the Java Quick Start to Disabled> Apply> OK

    Control Panel> Add/Remove Programs> uninstall Java v6 and any other programs you don't use.
    Reboot into Normal Mode> Close the nag message after checking 'don't show this message again.' Stay in Selective Startup.

    Double click and Run the Norton Removal Tool.

    Install current Java version-v6u7- from here: http://java.com/en/download/manual.jsp

    Now proceed with running the additional programs, followed with HijackThis scan. Attach all three logs.
     
  3. djphilos

    djphilos TS Rookie Topic Starter Posts: 21

    Thank you

    I am on the case and get back to you asap
     
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Okay. Attach logs when through.
     
  5. djphilos

    djphilos TS Rookie Topic Starter Posts: 21

    Ok, here goes

    Did everything to the letter and it all seems to be ok now

    Don`t want to speak too soon, but Google is not redirecting, mbam just updated and sas has just updated too.
    Even Google chrome is working.

    Here are the logs anyway to see if you can see anything else

    Cannot thank you enough for your help

    Whats the best way to prevent this in the future?

    I take it that I should keep Avira running and updated all of the time? Should I have a Firewall? and should I keep sas or mbam running all the time or just periodical scan
     
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Okay, just a few entries to clean up:
    Please re-open HiJackThis and scan.*Check* the boxes next to all the entries listed below:
    Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis and reboot.

    I don't see a PDF reader- usually Adobe. You can either download the latest Adobe v9, or better, get FoxIt instead. It is free, does the same thing as Adobe, but doesn't have the bloat:
    So: Either/Or:
    http://www.download.com/Adobe-Reader/3000-2378_4-10000062.html
    OR
    http://www.foxitsoftware.com/pdf/rd_intro.php > click on 'Get it Free.'

    You can remove the cleaning tools:
    *OTCleanit! by Oldtimer*
    * Download OTCleanIt (http://download.bleepingcomputer.com/oldtimer/OTCleanIt.exe)
    * Click the CleanUp! button.
    * It will go thorough the list and remove all of the tools it finds and then delete itself (requiring a reboot).

    Clear your existing System Restore points and establish a new clean restore point:
    Go to Start > All Programs > Accessories > System Tools > System Restore> Select Create a restore point> OK.
    Next, go to Start > Run and type in cleanmgr> Select the More options tab> Choose the option to clean up System Restore and OK it.
    This will remove all restore points except the new one you just created.

    Security:
    1. Keep one antivirus program updated. Scan often.
    2. Get a Firewall: Recommended Free Firewall:
    Comodo> http://www.personalfirewall.comodo.com/
    Zonealarm> http://www.zonealarm.com/store/content/catalog/products/zonealarm_free_firewall.jsp

    3. Keep at least two spyware/adware programs on the system. Update and scan often. Recommendations:
    SpywareBlaster to keep off: http://www.javacoolsoftware.com/spywareblaster.html
    Spyware Doctor: http://www.techspot.com/downloads/176-spyware-doctor.html
    Spybot Search & Destroy:
    http://www.techspot.com/downloads/149-spybot-search-and-destroy-detection-update.html

    SpywareBlaster: http://www.techspot.com/downloads/568-spywareblaster.html

    And it goes without saying that you, the user, is the first line of security. Where you go, what you click on, what you open....it begins there.

    IT was a pleasure helping you. Please let us know if you need additional information.
     
  7. djphilos

    djphilos TS Rookie Topic Starter Posts: 21

    Not out of the woods

    Looks like maybe I have been a tad premature

    Hijack this got rid of
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :

    But not
    O24 - Desktop Component 0: Privacy Protection - (no file)

    I have attached the new hjt log

    And, system restore said, quote
    System restore is not able to create a restore point.
    Please restart the computer, and then run system restore again.

    I tried this a couple of times with no joy

    hmm
     
  8. djphilos

    djphilos TS Rookie Topic Starter Posts: 21

    Curiouser and curiouser

    After posting my last reply i ran the now updated Malwarebytes which in turn found some stuff

    I wake up this morning, and my pc has returned to its sorry state of google redirect and no chrome

    HELP

    I am going to redo all of the previous steps and post logs asap
     
  9. djphilos

    djphilos TS Rookie Topic Starter Posts: 21

    Here they are

    sas found nothing
     
  10. djphilos

    djphilos TS Rookie Topic Starter Posts: 21

    IT GETS WORSE

    About an hour ago my pc just totally froze! I hit the reset button

    Now my pc will not start in any mode other than safe mode

    AAHHHHHHHHHH

    I looked in the device manager and couldn`t see any probs there

    I think my pc maybe takin a very fast exit strategy out of the window so
     
  11. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Remove 024 Desktop from HijackThis:
    Your logs don't indicate a cause of the current problem, so it appears to be either mechanical or the OS itself. Boot into Safe Mode and check the Event Viewer:
    Please do not copy the entire Event Log. Look for thee last Error- when the system froze. This can be done in Safe Mode. Maybe we can turn up a cause for the problems.
     
  12. djphilos

    djphilos TS Rookie Topic Starter Posts: 21

    Ok, I think I have finally messed up BIG TIME

    In my eagerness (stupidness) to try and get my pc started. I read a post about repairing xp with the setup disc

    So I tried it, it didn`t work and now when I try to boot in safe mode it tells me that setup cannot start in safe and that my pc will restart. Then it just loops between trying to restart with no joy.

    Give it to me straight, did I finally kill it?

    If so I take it that I can just put the HD into another pc to get my photos,music etc

    what a DIK i am
     
  13. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Well, apparently you hadn't read my previous post before you decided to repair. Trying to do something when you don't know how usually causes consequences. Did you kill it? I don't know. You may be able to get into the BIOS, change Boot order to CD first and boot from the Windows CD setup.

    The only other suggestion I have at this point is to reformat. I hope you backed up what you didn't want to lose.Too bad- we wasted a lot of time!
     
  14. djphilos

    djphilos TS Rookie Topic Starter Posts: 21

    Sorry about the waste of time, I live and learn.

    I can get into the bios, so how would i boot from the disc?

    I take it that I can try and put my HD into another pc and get the stuff off right?

    Once again

    THANK YOU
     
  15. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Sorry- guess I shouldn't show my frustration! But tit takes a while to go through all the logs, verify entries, etc. I wasn't expecting the repair attempt in the middle of it.

    Go into the BIOS> use the arrow keys to access Boot section> set Boot order to CD first, hard drive second, Save an Exit. Press any key, insert Windows OS CD, boot from the Startup. If you're lucky, you will just boot into the OS and not lose anything. But good possibility is having to do a Recovery and possibly lose it all.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...