Google redirect, completed preliminary 8-step removal

Status
Not open for further replies.
Hello,

I seem to have the "Google redirect virus," which also has affected the yahoo search engine. It does not happen every single time I click on a link provided on the Google search results page, but fairly often. I completed the "8-step Viruses/Spyware/Malware Preliminary Removal."

Note:
My version of Adobe Reader was out of date. I saw in another thread that this can present vulnerabilities. After I did the 8 steps I uninstalled the old versions and attempted to install the latest version from the Adobe website. The website tried to install the "adobe download manager" on my computer but an error occurred. I am attaching a screenshot of the error.

Logs from the 8 steps are attached.
Thanks
 
Welcome to TechSpot and thanks you for your patience. This is a busy forum!

Please reopen HijackThis to [b['do system scan only'[/b[. Check each of the following if present:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe


Close all Windows Except HijackThis and click on "Fix Checked"

Run Eset NOD32 Online AntiVirus Scanner HERE

Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the Active X control to install
  • Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
  • Click Start
  • Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
  • Click Scan
  • Wait for the scan to finish
  • Re-enable your Antivirus software.
  • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
Follow with rescan of HijackThis.
Please attach Eset log and new HJT log in your next reply.
 
Hi,

Thanks a million for your time and help. Attached are the new logs. I tested out Google with a few searches and did not get redirected at first, but it did start happening again.
 
Okay- those logs look good.
Are you getting redirected to any particular site or type of sites?

Let's try this:

Download SDFix HERE and save it to your Desktop.
  • Double click SDFix.exe and it will extract the files to %systemdrive%
    (Drive that contains the Windows Directory, typically C:\SDFix)

    Boot into Safe Mode
  • Restart your computer and start pressing the F8 key on your keyboard.
  • Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.

    Run SDFix
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
  • Attach Report.txt back here

Attach log to next reply.
 
Status
Not open for further replies.
Back