Google redirect virus

Status
Not open for further replies.
I have already removed AVG and I am running Avira scan now.

What do I need to do after I compete this to get rid of this virus?
 
Logs are attached

Hope you can help
 

Attachments

  • Attach.txt
    16.5 KB · Views: 1
  • DDS.txt
    12 KB · Views: 2
  • mbam-log-2010-06-09 (15-28-23).txt
    865 bytes · Views: 2
  • gmer.log
    6.7 KB · Views: 2
Okay, for the record: there is no Google redirect virus! Most malware prevents the user from accessing sites they want and most people us Google to search. I have found that some people who think they are getting redirected, are just being blocked by their security from loading a bad site. That isn't a redirect, it's a security block.

My bottom line is that I have a problem when people don't give me any information on what they are experiencing, what's happening with their system, if it's happening all of the time with all browsers and all search engines from the address bar, the search box, shortcuts and Favorites or Bookmarks.

You originally said you removed one antivirus program and put another on on. Did you scan with the new program? Did it find anything? What did it do with what it found?

It appears that you had McAfee security somewhere along the line and it has processes still loading. Please run this: McAfee Removal
Reboot when finished.

You have a Rootkit malware infection. I will write some script that should remove it. You need to run the following first:

Please download ComboFix from Here and save to your Desktop.

  • [1]. Do NOT rename Combofix unless instructed.
    [2].Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3].Close any open browsers.
    [4]. Double click combofix.exe & follow the prompts to run.
  • NOTE: Combofix will disconnect your machine from the Internet as soon as it starts. The connection is automatically restored before CF completes its run. If it does not, restart your computer to restore your connection.
    [5]. If Combofix asks you to install Recovery Console, please allow it.
    [6]. If Combofix asks you to update the program, always allow.
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    [7]. A report will be generated after the scan. Please post the C:\ComboFix.txt in next reply.
Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.
Note: Make sure you re-enable your security programs, when you're done with Combofix..
=======================================
Run Eset NOD32 Online AntiVirus Scanner HERE
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the Active X control to install
  • Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
  • Click Start
  • Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
  • Click Scan
  • Wait for the scan to finish
  • Re-enable your Antivirus software.
  • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
Please leave the 2 logs in your next reply. IT would be helpful to have a description of what you are noticing.
 
Removal tool link says error

I do not go to a removal tool. When I ran the new virus program nothing came back as infected.
 
Logs

Here are the logs you requested. At this time everything is working.
 

Attachments

  • ComboFix.txt
    18.2 KB · Views: 1
  • log.txt
    819 bytes · Views: 2
Custom CFScript


  • [1]. Close any open browsers.
    [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3]. Open notepad and copy/paste the text in the code below into it:
Code:
KillAll::
File::
c:\windows\system32\drivers\hitmanpro35.sys
c:\windows\SYSTEM32\USRmlnkA.exe
c:\program files\Hitman Pro 3.5\HitmanPro35.exe

Folder::
c:\documents and settings\All Users\Application Data\Hitman Pro
c:\program files\Hitman Pro 3.5
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USRpdA"= -
"HitmanPro35"= -
Driver::

FCopy::
C:\WINDOWS\ServicePackFiles\i386\atapi.sys | C:\Windows\System32\drivers\atapi.sys

Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please attach to your next reply.
===================================
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code:
    :filefind
    disk.*
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
==================================
Are you aware of and still using this download from 2003? There are 21 program folders for it.
Visio 2003 Sample: 20 Sample Diagrams
If you are not using them, I can add them to script to be removed, so let me know:
 
Status
Not open for further replies.
Back