Google redirect virus, please help

By lid
Jan 28, 2010
Topic Status:
Not open for further replies.
  1. Hi,
    I have the google virus and been having it for a few days now. I did the 8 step removal process. Here are my logs.

    Thank you in advance.
    Lid

    Attached Files:

  2. lance359

    lance359 Newcomer, in training

    I looked at your log and it seems you were infected with TDSS rootkit which is likely to cause search engine redirection. To ensure a clean PC I recommend you download Hitman Pro 3.5 and scan for the TDL3 rootkit (to ensure atapi.sys / iaStor.sys were not infected as well). If one of these .sys files are infected, deploy the free license in Hitman Pro to desinfect.
  3. Tmagic650

    Tmagic650 TS Ambassador Posts: 20,684   +153

  4. jmmessin

    jmmessin Newcomer, in training

    I happen to load "hitman Pro" and scan my computer and it detected "winpatrol" as a Trojan. What's up with that? I don't think Winpatrol is a Trojan. This program claims "Impossible to make false positives on important systems files thanks to "profiling" and whitelisting".

    Any comments on why "hitman pro" did this?
  5. lid

    lid Newcomer, in training Topic Starter

    I have downloaded the Hitman program from the link you have provided me. I've tried scanning my computer and it keeps telling me " no internet connection" when my internet is on. I've tried to see if maybe it was something to do withthe settings, but everything looks fine. What should I do now?
  6. lid

    lid Newcomer, in training Topic Starter

    I ran Combofix and here is the log.

    Attached Files:

    • log.txt
      File size:
      16.8 KB
      Views:
      3
  7. Tmagic650

    Tmagic650 TS Ambassador Posts: 20,684   +153

    Okay, good?
  8. lid

    lid Newcomer, in training Topic Starter

    I tested google out ...it doesn't seem to redirect me anywhere. So yes, everything is good. Thank you so much
  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

  10. Tmagic650

    Tmagic650 TS Ambassador Posts: 20,684   +153

    Easy fix lid,
    just delete/remove this line from the hijackthis log... Happy Computing!
  11. lid

    lid Newcomer, in training Topic Starter

    What do I need to do now?
     
  12. Tmagic650

    Tmagic650 TS Ambassador Posts: 20,684   +153

    Run hijackthis again. When the results is shown, put a check in the box next to Bobbye's line, and fix or remove it
  13. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Gosh!

    Step to delete popcaploader.dll :
    - Click Start, Run, and enter cmd in the box and click OK. This opens a command prompt windows.
    - Enter the following command lines each followed by the enter key

    cd C:\WINDOWS\Downloaded Program Files\
    attrib -r -h -s popcaploader.dll
    del popcaploader.dll


    Exit
  14. Tmagic650

    Tmagic650 TS Ambassador Posts: 20,684   +153

    Very cool Bobbye thanks :) I won't be posting here any longer, so please work hard not to let the new posts go unchecked. Good luck, and thanks
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.