TechSpot

Google redirect, completed preliminary 8-step removal

By sharkcorps
Dec 6, 2009
Topic Status:
Not open for further replies.
  1. Hello,

    I seem to have the "Google redirect virus," which also has affected the yahoo search engine. It does not happen every single time I click on a link provided on the Google search results page, but fairly often. I completed the "8-step Viruses/Spyware/Malware Preliminary Removal."

    Note:
    My version of Adobe Reader was out of date. I saw in another thread that this can present vulnerabilities. After I did the 8 steps I uninstalled the old versions and attempted to install the latest version from the Adobe website. The website tried to install the "adobe download manager" on my computer but an error occurred. I am attaching a screenshot of the error.

    Logs from the 8 steps are attached.
    Thanks
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Welcome to TechSpot and thanks you for your patience. This is a busy forum!

    Please reopen HijackThis to [b['do system scan only'[/b[. Check each of the following if present:

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
    O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe


    Close all Windows Except HijackThis and click on "Fix Checked"

    Run Eset NOD32 Online AntiVirus Scanner HERE

    Note: You will need to use Internet Explorer for this scan.
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the Active X control to install
    • Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    • Click Start
    • Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    • Click Scan
    • Wait for the scan to finish
    • Re-enable your Antivirus software.
    • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
    Follow with rescan of HijackThis.
    Please attach Eset log and new HJT log in your next reply.
     
  3. sharkcorps

    sharkcorps TS Rookie Topic Starter

    Hi,

    Thanks a million for your time and help. Attached are the new logs. I tested out Google with a few searches and did not get redirected at first, but it did start happening again.
     
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Okay- those logs look good.
    Are you getting redirected to any particular site or type of sites?

    Let's try this:

    Download SDFix HERE and save it to your Desktop.
    • Double click SDFix.exe and it will extract the files to %systemdrive%
      (Drive that contains the Windows Directory, typically C:\SDFix)

      Boot into Safe Mode
    • Restart your computer and start pressing the F8 key on your keyboard.
    • Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.

      Run SDFix
    • Open the extracted SDFix folder and double click RunThis.bat to start the script.
    • Type Y to begin the cleanup process.
    • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
    • Press any Key and it will restart the PC.
    • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
    • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    • Attach Report.txt back here

    Attach log to next reply.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.