Google redirect problem
- Thread starter riss1
- Start date
- Status
howard_hopkinso
Posts: 21,238 +17
Hello and welcome to Techspot.
Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.
If after reading the above, you wish to clean your system, do the following.
Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.
Post fresh HJT, AVG Antispyware and Combofix logs as Attachments into this thread, only after doing the above.
Also, let me know the results of the Panda Antirootkit scan.
Regards Howard :wave: :wave:
This thread is for the use of riss1 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.
If after reading the above, you wish to clean your system, do the following.
Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.
Post fresh HJT, AVG Antispyware and Combofix logs as Attachments into this thread, only after doing the above.
Also, let me know the results of the Panda Antirootkit scan.
Regards Howard :wave: :wave:
This thread is for the use of riss1 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Google redirect problem ;(
Hi,
Thanks for the help!!!!
I have FINALLY finished all the scans etc and have attached the files I can find below. I dont know where to find the resluts of the panda scan or whatever it was called. But it didn't say anything so i guess it was ok??
Thanks for the help!!!
Having trouble attaching it!:evil:
will try another post
Hi,
Thanks for the help!!!!
I have FINALLY finished all the scans etc and have attached the files I can find below. I dont know where to find the resluts of the panda scan or whatever it was called. But it didn't say anything so i guess it was ok??
Thanks for the help!!!
Having trouble attaching it!:evil:
will try another post
howard_hopkinso
Posts: 21,238 +17
See HERE for instructions on how to attach log files.
Regards Howard
This thread is for the use of riss1 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Regards Howard
This thread is for the use of riss1 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
howard_hopkinso
Posts: 21,238 +17
I asked for HJT, AVG Antispyware and Combofix logs.
All I have got is a HJT log and a VBG log that I didn`t ask for.
All I wanted from the Panda Antirootkit scan was the results of anything it found.
Either follow the instructions, or I can`t help you.
Regards Howard
This thread is for the use of riss1 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
All I have got is a HJT log and a VBG log that I didn`t ask for.
All I wanted from the Panda Antirootkit scan was the results of anything it found.
Either follow the instructions, or I can`t help you.
Regards Howard
This thread is for the use of riss1 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
howard_hopkinso
Posts: 21,238 +17
That`s fine. Now, where are the Combofix log and the Panda Antirootkit results?
Regards Howard
This thread is for the use of riss1 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Regards Howard
This thread is for the use of riss1 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
howard_hopkinso
Posts: 21,238 +17
Open notepad and copy/paste the text in the code box below into it:
NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
Also ..
Pay particular attention to this :-
Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
Code:
Save this as CFScript.txt
Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a fresh HJT log.
Also, do not forget the Panda Antirootkit results.
Regards Howard
This thread is for the use of riss1 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
Also ..
Pay particular attention to this :-
Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
Code:
Save this as CFScript.txt
Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a fresh HJT log.
Also, do not forget the Panda Antirootkit results.
Regards Howard
This thread is for the use of riss1 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
panda antiroot
Hi,
I was wondering why I couldnt find a scan report for panda anti root so ran it again and paid a little more attention this time. It appears the scan gets half way through then the screen turns blue with writing all over it and in flash it si gone and the pc reboots. Then the microsodt has recovered from a serious error log box comes up once it reboots and the anti root doesnt come back on again...
i dont think that is suppose to happen?
Thanks for your help so far though- its been great
Hi,
I was wondering why I couldnt find a scan report for panda anti root so ran it again and paid a little more attention this time. It appears the scan gets half way through then the screen turns blue with writing all over it and in flash it si gone and the pc reboots. Then the microsodt has recovered from a serious error log box comes up once it reboots and the anti root doesnt come back on again...
i dont think that is suppose to happen?
Thanks for your help so far though- its been great
howard_hopkinso
Posts: 21,238 +17
Ok, now that makes sense.
Uninstall panda antirootkit and try the AVG Antirootkit programme instead.
Post fresh HJT and Combofix logs after following the instructions in my post above.
Regards Howard
This thread is for the use of riss1 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Uninstall panda antirootkit and try the AVG Antirootkit programme instead.
Post fresh HJT and Combofix logs after following the instructions in my post above.
Regards Howard
This thread is for the use of riss1 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
new logs
Hi,
Well I uninstalled panda and installed avg anti-root. after running the new anti root it said the pc was all clear. I also dragged the file into combofix and that opened up and ran except that it had a few windows pop up saying there was a problem.
have attached the logs anyway.
thanks
Hi,
Well I uninstalled panda and installed avg anti-root. after running the new anti root it said the pc was all clear. I also dragged the file into combofix and that opened up and ran except that it had a few windows pop up saying there was a problem.
have attached the logs anyway.
thanks
howard_hopkinso
Posts: 21,238 +17
You haven`t attached the fresh Combofix log as requested.
Please do so.
Regards Howard
This thread is for the use of riss1 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Please do so.
Regards Howard
This thread is for the use of riss1 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
combo fix attachment
Hi,
I am sorry about not attaching it. i seem to only be able t attach 1 thing on each post. i tried to attach it to another post and it said "you have already attached this in this thread" or something like that.
i am sure i am doing swrong that is prob very simple.
;(
sorry will rename it and try again...
no that didnt work. i will have to do another scan and try and attach that one.
Hi,
I am sorry about not attaching it. i seem to only be able t attach 1 thing on each post. i tried to attach it to another post and it said "you have already attached this in this thread" or something like that.
i am sure i am doing swrong that is prob very simple.
;(
sorry will rename it and try again...
no that didnt work. i will have to do another scan and try and attach that one.
howard_hopkinso
Posts: 21,238 +17
I have removed your previous Combofix log, so hopefully, you have no problems in attaching a new one.
Regards Howard
This thread is for the use of riss1 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Regards Howard
This thread is for the use of riss1 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
combo fix log
Hi Howard,
thanks for that. I did another combo fix search so i could write down the problems i encountered on the way.
Whilst it was running it said "SED is not recognised as an internal or external command"
after rebooting an error message came up "sed.cfexe encountered a problem and needs to close"
Followed by a window saying :"nirmcmd.cfexe this application has fialed to start because CopnnAPI.DLL was not found. Reinstalling the application may fix this problem."
I have attached the new log.
I really appreciate your help.
Hi Howard,
thanks for that. I did another combo fix search so i could write down the problems i encountered on the way.
Whilst it was running it said "SED is not recognised as an internal or external command"
after rebooting an error message came up "sed.cfexe encountered a problem and needs to close"
Followed by a window saying :"nirmcmd.cfexe this application has fialed to start because CopnnAPI.DLL was not found. Reinstalling the application may fix this problem."
I have attached the new log.
I really appreciate your help.
howard_hopkinso
Posts: 21,238 +17
All clean.
Delete the following folder.
C:\qoobox
Turn off system restore.(XP/ME only) See how HERE.
Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.
Go HERE, download and install the latest version of Java.
Once it`s installed, go to add remove programmes in your control panel and uninstall all previous versions of Java, except version 6 update 3. Close Control panel.
If you have any further virus/spyware problems, please post in this thread.
Regards Howard
This thread is for the use of riss1 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Delete the following folder.
C:\qoobox
Turn off system restore.(XP/ME only) See how HERE.
Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.
Go HERE, download and install the latest version of Java.
Once it`s installed, go to add remove programmes in your control panel and uninstall all previous versions of Java, except version 6 update 3. Close Control panel.
If you have any further virus/spyware problems, please post in this thread.
Regards Howard
This thread is for the use of riss1 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Thanks
Thankyou so much Howard. you obvioulsy know what you are doing and I really appreciate the time and effort you put into helping me!
You expertise in this field is fantastic. I wish you well and hopefully I will not have to post here again! (Fingers crossed)
Should I keep all those programs on my oc or delete them. (combo fix, HJT etc) As my pc is quite slow in starting up and turning off.
A huge thanks
Thankyou so much Howard. you obvioulsy know what you are doing and I really appreciate the time and effort you put into helping me!
You expertise in this field is fantastic. I wish you well and hopefully I will not have to post here again! (Fingers crossed)
Should I keep all those programs on my oc or delete them. (combo fix, HJT etc) As my pc is quite slow in starting up and turning off.
A huge thanks
howard_hopkinso
Posts: 21,238 +17
I`ve just noticed, I missed a nasty entry in your HJT log.
Please do the following.
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.
Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
O2 - BHO: (no name) - {36CE4CCD-0171-47CE-BE90-CC4CD5D6C2D8} - C:\WINDOWS\system32\atmf.dll
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or folders(if there).
C:\WINDOWS\system32\atmf.dll
Reboot into normal mode and rehide your protected OS files.
Run a fresh HJT scan, and make sure that entry has gone. If it has, then you`re good to go.
You can now get rid of all the tools we used during clean up. I also suggest you uninstall AVG Antispyware too.
If you really want to speed up your system, I suggest you consider doing the following.
Download one AV and one Firewall programme from the choices below.
AVG free or Avast antivirus programmes.
Zonealarm Kerio or Comodo free firewall programmes.
Download this Symantec/Norton removal tool.
Disconnect from the net and run the Symantec/Norton removal tool.
Install whichever firewall you chose and reconnect to the net.
Install whichever AV programme you chose and run the AV updates.
I think you`ll be pleasantly surprised at the performance hike to you system.
On top of that, you should also go and read this thread HERE.
Then, go and read this thread HERE as well.
Of course, the above are only suggestions, that you may or may not wish to take.
Regards Howard
This thread is for the use of riss1 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Please do the following.
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.
Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
O2 - BHO: (no name) - {36CE4CCD-0171-47CE-BE90-CC4CD5D6C2D8} - C:\WINDOWS\system32\atmf.dll
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or folders(if there).
C:\WINDOWS\system32\atmf.dll
Reboot into normal mode and rehide your protected OS files.
Run a fresh HJT scan, and make sure that entry has gone. If it has, then you`re good to go.
You can now get rid of all the tools we used during clean up. I also suggest you uninstall AVG Antispyware too.
If you really want to speed up your system, I suggest you consider doing the following.
Download one AV and one Firewall programme from the choices below.
AVG free or Avast antivirus programmes.
Zonealarm Kerio or Comodo free firewall programmes.
Download this Symantec/Norton removal tool.
Disconnect from the net and run the Symantec/Norton removal tool.
Install whichever firewall you chose and reconnect to the net.
Install whichever AV programme you chose and run the AV updates.
I think you`ll be pleasantly surprised at the performance hike to you system.
On top of that, you should also go and read this thread HERE.
Then, go and read this thread HERE as well.
Of course, the above are only suggestions, that you may or may not wish to take.
Regards Howard
This thread is for the use of riss1 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
howard_hopkinso
Posts: 21,238 +17
No worries.
Open notepad and copy/paste the text in the code box below into it:
NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
Also ..
Pay particular attention to this :-
Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
Code:
Save this as CFScript.txt
Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a fresh HJT log.
Regards Howard
This thread is for the use of riss1 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Open notepad and copy/paste the text in the code box below into it:
NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
Also ..
Pay particular attention to this :-
Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
Code:
Save this as CFScript.txt
Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a fresh HJT log.
Regards Howard
This thread is for the use of riss1 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
howard_hopkinso
Posts: 21,238 +17
Ok, let`s try a different approach.
Download Vundofix from HERE.
Double click the Vundofix.exe to run it.
Right click in the vundofix window and click add files.
Enter the full file path/s to the files you want Vundofix to delete and click the add files button, followed by the close window button. Click the remove vundo button and let Vundofix do it`s stuff.
This is the file path you need to enter into Vundofix.
C:\WINDOWS\system32\atmf.dll
Post a fresh HJT log when done.
Regards Howard
This thread is for the use of riss1 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Download Vundofix from HERE.
Double click the Vundofix.exe to run it.
Right click in the vundofix window and click add files.
Enter the full file path/s to the files you want Vundofix to delete and click the add files button, followed by the close window button. Click the remove vundo button and let Vundofix do it`s stuff.
This is the file path you need to enter into Vundofix.
C:\WINDOWS\system32\atmf.dll
Post a fresh HJT log when done.
Regards Howard
This thread is for the use of riss1 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
- Status
Similar threads
