TechSpot

Google Redirect Virus

By m106
Jul 5, 2009
  1. I Think my computer has the google redirect virus. It happens 50% of the time I'm browsing on firefox. I already tried scanning with Malwarebytes and it still there. I'm using Firefox 3.5
    Here is my Hijack this log:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 4:07:36 PM, on 7/5/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Unable to get Internet Explorer version!
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
    D:\Program Files\FormatFactory\FormatFactory.exe
    D:\Program Files\FormatFactory\FFModules\mencoder.exe
    C:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    D:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\FSAUA\program\fsaua.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\ORSP Client\fsorsp.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

    --
    End of file - 2136 bytes
     
  2. LookinAround

    LookinAround TechSpot Chancellor Posts: 8,398   +169

    Hi m106

    I just noticed your post (tho i'm not one of the malware experts... so you'll need wait for them to review your logs) BUT... for assistance you should see and follow the instructions here for Virus/Malware Removal Instructions. Then post the full set of logs (as it instructs) for review
     
  3. m106

    m106 TS Rookie Topic Starter

    Thanks,
    I'll try that.
     
  4. m106

    m106 TS Rookie Topic Starter

    Thanks I got it fixed.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.