TechSpot

Google redirect virus please help

By arrton
Dec 16, 2009
  1. hi i have somthing that redirects me when i search in google i dowloaded ccleaner and superantispyware and malwarebytes and they all found stuff and now tell me my computer is clean! but i still have the problem i have tried to follow the 8 steps as best i could (most of this stuff goes over my head i will put the origanal logs here and attach the hijack this and most recent logs as well. thank you for taking a look any and all help would be greatly appreciated thank you.

    these were the results of the first twoo scans.

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 12/11/2009 at 08:04 PM

    Application Version : 4.31.1000

    Core Rules Database Version : 4360
    Trace Rules Database Version: 2204

    Scan type : Complete Scan
    Total Scan Time : 02:14:28

    Memory items scanned : 876
    Memory threats detected : 0
    Registry items scanned : 6601
    Registry threats detected : 1
    File items scanned : 36070
    File threats detected : 0

    Trojan.Agent/Gen
    HKU\S-1-5-21-3775297378-1307702850-244003435-1000\Software\Margotte

    Malwarebytes' Anti-Malware 1.42
    Database version: 3340
    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.18865

    10/12/2009 21:21:48
    mbam-log-2009-12-10 (21-21-48).txt

    Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|L:\|)
    Objects scanned: 437146
    Time elapsed: 1 hour(s), 29 minute(s), 39 second(s)

    Memory Processes Infected: 1
    Memory Modules Infected: 0
    Registry Keys Infected: 2
    Registry Values Infected: 1
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 9

    Memory Processes Infected:
    C:\Users\drewster\AppData\Local\Temp\b.exe (Trojan.Dropper) -> Unloaded process successfully.

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\NeoChronos (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\neochronos (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\Program Files\Pcsx2\plugins\PadSSSPSX.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Users\drewster\AppData\Local\Temp\89596.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Users\drewster\AppData\Roaming\Microsoft\Windows\update8123.cmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Users\drewster\Desktop\Programs & appS\YAAI_2.0.3.488\YAAI_2.0.3.488\YAAI.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Users\drewster\AppData\Local\Temp\b.exe (Trojan.Dropper) -> Delete on reboot.
    C:\Users\drewster\AppData\Local\Temp\d.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
    C:\Users\drewster\AppData\Local\Temp\f.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
     
  2. arrton

    arrton TS Rookie Topic Starter

    hi there i now your probably very busy but i wondered have i put this in the right place?
    as i have told the kids they cant use the computer till its fixed as i think they may have caused this! thanks again for the help.
     
  3. arrton

    arrton TS Rookie Topic Starter

    uh oh i just turned on the pc this morning and got an unknow limited connectivity message and cant accses the internet now im really starting to panic help me pleease!
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.