also @ TechSpot: Microsoft wants Xbox to be the entertainment hub for all your devices

TechSpot

[Active] Google Redirect. Everything I've tried fails

Discussion in 'Virus and Malware Removal' started by Kevyncito, Oct 6, 2010.

Thread Status:
Not open for further replies.

  1. Kevyncito Newcomer, in training

    Hi, i've tried many different solutions for the google redirect virus, but nothing seems to work. Here are my logs.


    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4755

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    10/6/2010 12:06:42 PM
    mbam-log-2010-10-06 (12-06-42).txt

    Scan type: Quick scan
    Objects scanned: 146463
    Time elapsed: 5 minute(s), 49 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 2
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\0q6l4 (Trojan.Downloader) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\w8d6 (Trojan.Downloader) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    Attached Files:

    Kevyncito, Oct 6, 2010
    #1

  2. crunchie Malware Helper

    Hi and welcome to TechSpot forums :).

    ====

    GMER logs too please.
    crunchie, Oct 6, 2010
    #2

  3. Kevyncito Newcomer, in training

    Gmer Log

    Here's the Gmer Log. I didn't think it would work since i'm on W7

    Attached Files:

    Kevyncito, Oct 6, 2010
    #3

  4. crunchie Malware Helper

    It does not work with 64bit :).

    Download OTL to your Desktop.

    * Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    * Under the Custom Scan box paste this in:


    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\System32\config\*.sav
    CREATERESTOREPOINT


    * Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
    crunchie, Oct 7, 2010
    #4

  5. Kevyncito Newcomer, in training

    It said they were too long to post so i attached them

    Attached Files:

    Kevyncito, Oct 7, 2010
    #5

  6. crunchie Malware Helper

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      
:OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe File not found
O4 - HKCU..\Run: [EA Core] C:\Program Files (x86)\Electronic Arts\EADM\Core.exe File not found
O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe File not found
:Commands
[emptytemp]
[resethosts]
[Reboot]
    • Then click the Run Fix button at the top.
    • Let the program run unhindered, reboot the PC when it is done.
    • Post log from this run.
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

    ============

    Download and Run ATF Cleaner
    Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

    Double-click ATF Cleaner.exe to open it.

    Under Main choose:
    Windows Temp
    Current User Temp
    All Users Temp
    Cookies
    Temporary Internet Files
    Prefetch
    Java Cache
    *The other boxes are optional*
    Then click the Empty Selected button.

    Firefox:
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

    Opera:
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

    Click Exit on the Main menu to close the program.

    ========

    How are things now?
    crunchie, Oct 7, 2010
    #6

  7. Kevyncito Newcomer, in training

    I think that did the trick! My google instant is back! :p
    Thank you so much!

    Attached Files:

    Kevyncito, Oct 7, 2010
    #7

  8. crunchie Malware Helper

    No worries :).

    Launch OTL and click on the Cleanup button. Follow the prompts.

    If you have any problems, let me know.
    crunchie, Oct 7, 2010
    #8
Thread Status:
Not open for further replies.