TechSpot

Google redirect problem

By riss1
Nov 6, 2007
  1. Hi,
    I am having a VERY frustrating problem with google. When I click on a link I get redirected the first 2 or 3 times, before FINALLY getting through!
    Please help me and thankyou in advance!!!!

    am running windows xp have norton but it appears useless.
    Thanx
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

    If after reading the above, you wish to clean your system, do the following.

    Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

    Post fresh HJT, AVG Antispyware and Combofix logs as Attachments into this thread, only after doing the above.

    Also, let me know the results of the Panda Antirootkit scan.

    Regards Howard :wave: :wave:

    This thread is for the use of riss1 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. riss1

    riss1 TS Rookie Topic Starter Posts: 23

    Google redirect problem ;(

    Hi,
    Thanks for the help!!!!
    I have FINALLY finished all the scans etc and have attached the files I can find below. I dont know where to find the resluts of the panda scan or whatever it was called. But it didn't say anything so i guess it was ok??
    Thanks for the help!!!
    Having trouble attaching it!:evil:
    will try another post
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    See HERE for instructions on how to attach log files.

    Regards Howard :)

    This thread is for the use of riss1 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  5. riss1

    riss1 TS Rookie Topic Starter Posts: 23

    Hi,
    The pop up blovker at work wouldnt allow me to send the attachment- at home now and it seems to be working.
    The reports are attached.
    Not sure how to show the report from the last one the apanda thingy.
    One of the mnay scans I did said I did have atrojan though.
    Thanks
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    I asked for HJT, AVG Antispyware and Combofix logs.

    All I have got is a HJT log and a VBG log that I didn`t ask for.

    All I wanted from the Panda Antirootkit scan was the results of anything it found.

    Either follow the instructions, or I can`t help you.

    Regards Howard :)

    This thread is for the use of riss1 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  7. riss1

    riss1 TS Rookie Topic Starter Posts: 23

    Hi there,
    Sorry about that. I have attached logs of scans. I hyop ethis is what you need.
    Thanks again.
     
  8. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    That`s fine. Now, where are the Combofix log and the Panda Antirootkit results?

    Regards Howard :)

    This thread is for the use of riss1 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  9. riss1

    riss1 TS Rookie Topic Starter Posts: 23

    combo fix attachment

    here's the combo fix attachment. I can't seem to attach the hijack this report as it says that I have already attached it to this thread?
    the panda scan came up clear.
     
  10. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Open notepad and copy/paste the text in the code box below into it:
    NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
    Also ..

    Pay particular attention to this :-

    Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
    Code:



    Save this as CFScript.txt

    Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.

    [​IMG]

    This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a fresh HJT log.

    Also, do not forget the Panda Antirootkit results.

    Regards Howard :)

    This thread is for the use of riss1 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  11. riss1

    riss1 TS Rookie Topic Starter Posts: 23

    panda antiroot

    Hi,
    I was wondering why I couldnt find a scan report for panda anti root so ran it again and paid a little more attention this time. It appears the scan gets half way through then the screen turns blue with writing all over it and in flash it si gone and the pc reboots. Then the microsodt has recovered from a serious error log box comes up once it reboots and the anti root doesnt come back on again...
    i dont think that is suppose to happen?
    Thanks for your help so far though- its been great
     
  12. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Ok, now that makes sense.

    Uninstall panda antirootkit and try the AVG Antirootkit programme instead.

    Post fresh HJT and Combofix logs after following the instructions in my post above.

    Regards Howard :)

    This thread is for the use of riss1 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  13. riss1

    riss1 TS Rookie Topic Starter Posts: 23

    new logs

    Hi,
    Well I uninstalled panda and installed avg anti-root. after running the new anti root it said the pc was all clear. I also dragged the file into combofix and that opened up and ran except that it had a few windows pop up saying there was a problem.
    have attached the logs anyway.
    thanks
     
  14. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    You haven`t attached the fresh Combofix log as requested.

    Please do so.

    Regards Howard :)

    This thread is for the use of riss1 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  15. riss1

    riss1 TS Rookie Topic Starter Posts: 23

    combo fix attachment

    Hi,
    I am sorry about not attaching it. i seem to only be able t attach 1 thing on each post. i tried to attach it to another post and it said "you have already attached this in this thread" or something like that.
    i am sure i am doing swrong that is prob very simple.
    ;(
    sorry will rename it and try again...
    no that didnt work. i will have to do another scan and try and attach that one.
     
  16. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    I have removed your previous Combofix log, so hopefully, you have no problems in attaching a new one.

    Regards Howard :)

    This thread is for the use of riss1 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  17. riss1

    riss1 TS Rookie Topic Starter Posts: 23

    combo fix log

    Hi Howard,
    thanks for that. I did another combo fix search so i could write down the problems i encountered on the way.
    Whilst it was running it said "SED is not recognised as an internal or external command"
    after rebooting an error message came up "sed.cfexe encountered a problem and needs to close"
    Followed by a window saying :"nirmcmd.cfexe this application has fialed to start because CopnnAPI.DLL was not found. Reinstalling the application may fix this problem."

    I have attached the new log.
    I really appreciate your help.
     
  18. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    All clean.

    Delete the following folder.

    C:\qoobox

    Turn off system restore.(XP/ME only) See how HERE.

    Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.

    Go HERE, download and install the latest version of Java.

    Once it`s installed, go to add remove programmes in your control panel and uninstall all previous versions of Java, except version 6 update 3. Close Control panel.

    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of riss1 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  19. riss1

    riss1 TS Rookie Topic Starter Posts: 23

    Thanks

    Thankyou so much Howard. you obvioulsy know what you are doing and I really appreciate the time and effort you put into helping me!
    You expertise in this field is fantastic. I wish you well and hopefully I will not have to post here again! (Fingers crossed)
    Should I keep all those programs on my oc or delete them. (combo fix, HJT etc) As my pc is quite slow in starting up and turning off.

    A huge thanks
     
  20. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    I`ve just noticed, I missed a nasty entry in your HJT log.

    Please do the following.

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O2 - BHO: (no name) - {36CE4CCD-0171-47CE-BE90-CC4CD5D6C2D8} - C:\WINDOWS\system32\atmf.dll

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or folders(if there).

    C:\WINDOWS\system32\atmf.dll

    Reboot into normal mode and rehide your protected OS files.

    Run a fresh HJT scan, and make sure that entry has gone. If it has, then you`re good to go.

    You can now get rid of all the tools we used during clean up. I also suggest you uninstall AVG Antispyware too.

    If you really want to speed up your system, I suggest you consider doing the following.

    Download one AV and one Firewall programme from the choices below.

    AVG free or Avast antivirus programmes.

    Zonealarm, Kerio or Comodo free firewall programmes.


    Download this Symantec/Norton removal tool.

    Disconnect from the net and run the Symantec/Norton removal tool.

    Install whichever firewall you chose and reconnect to the net.

    Install whichever AV programme you chose and run the AV updates.

    I think you`ll be pleasantly surprised at the performance hike to you system.

    On top of that, you should also go and read this thread HERE.

    Then, go and read this thread HERE as well.

    Of course, the above are only suggestions, that you may or may not wish to take.

    Regards Howard :)

    This thread is for the use of riss1 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  21. riss1

    riss1 TS Rookie Topic Starter Posts: 23

    bad news

    I pressed delete in the HJT scan on the said file and then when i went to delete the file in the c:\windows\system32\atmf.dll it said that access was denied the drive might be full or write proetcted or the file may be in use.
    Any ideas?
     
  22. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    No worries.

    Open notepad and copy/paste the text in the code box below into it:
    NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
    Also ..

    Pay particular attention to this :-

    Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
    Code:


    Save this as CFScript.txt

    Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.

    [​IMG]

    This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a fresh HJT log.

    Regards Howard :)

    This thread is for the use of riss1 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  23. riss1

    riss1 TS Rookie Topic Starter Posts: 23

    persistant little thing

    hi,
    I have had no luck with removing the atmf.dll file ;( It seems to be rather persistant!!
    have attached the combo fix and hijack this logs.
    Thanks
     
  24. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Ok, let`s try a different approach.

    Download Vundofix from HERE.

    Double click the Vundofix.exe to run it.

    Right click in the vundofix window and click add files.

    Enter the full file path/s to the files you want Vundofix to delete and click the add files button, followed by the close window button. Click the remove vundo button and let Vundofix do it`s stuff.

    This is the file path you need to enter into Vundofix.

    C:\WINDOWS\system32\atmf.dll

    Post a fresh HJT log when done.

    Regards Howard :)

    This thread is for the use of riss1 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  25. riss1

    riss1 TS Rookie Topic Starter Posts: 23

    no luck

    hi,
    no luck. a window popped up and said the file could not be deleted!
    gee it certainly wants to stay there!
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...