TechSpot

Google Redirect Virus

By m106
Jul 5, 2009
  1. I Think my computer has the google redirect virus. It happens 50% of the time I'm browsing on firefox. I already tried scanning with Malwarebytes and it still there. I'm using Firefox 3.5
    Here is my Hijack this log:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 4:07:36 PM, on 7/5/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Unable to get Internet Explorer version!
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
    D:\Program Files\FormatFactory\FormatFactory.exe
    D:\Program Files\FormatFactory\FFModules\mencoder.exe
    C:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    D:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\FSAUA\program\fsaua.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\ORSP Client\fsorsp.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

    --
    End of file - 2136 bytes
     
  2. LookinAround

    LookinAround Ex Tech Spotter Posts: 6,491   +182

    Hi m106

    I just noticed your post (tho i'm not one of the malware experts... so you'll need wait for them to review your logs) BUT... for assistance you should see and follow the instructions here for Virus/Malware Removal Instructions. Then post the full set of logs (as it instructs) for review
     
  3. m106

    m106 TS Rookie Topic Starter

    Thanks,
    I'll try that.
     
  4. m106

    m106 TS Rookie Topic Starter

    Thanks I got it fixed.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...