Google redirect

By Theodore
May 12, 2007
Topic Status:
Not open for further replies.
  1. Team,

    I'm constantly being redirected from google to unrelated commercial sites. How do I get back on track?

    thanks in advance.

    Theodore.
  2. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +19

    Hello and welcome to Techspot.

    It sounds like your system is infected with malware. I have therefore moved your thread to our Security and the Web forum.

    Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

    If after reading the above, you wish to clean your system, do the following.

    Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

    Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.

    Also, let me know the results of the AVG Antirootkit scan.

    Regards Howard :wave: :wave:

    This thread is for the use of Theodore only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  3. Theodore

    Theodore Newcomer, in training Topic Starter

    Howard,

    thanks for the reply,

    if I decide to clean as option 1 and if that fails reformat as option 2, will I be able to determine if the clean option was successful or will the malware still be active?

    theodore
  4. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +19

    Cleaning your computer of malware does not guarantee 100% that the system is free of malware, nor does it guarantee it`s safe to use for online banking/credit card use etc.

    Regards Howard :)

    This thread is for the use of Theodore only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  5. Theodore

    Theodore Newcomer, in training Topic Starter

    as requested

    Howard,

    see the requested information below:

    rootkit path
    c:\windows\system32\kdizz.exe

    tootkit type
    Hidden file


    see attached files


    let me know how you get on

    theodore
  6. momok

    momok Newcomer, in training Posts: 2,272

    Hi,

    (Please back up your registry before you do the next step)

    You may wish to copy and paste these instructions on notepad for easier reference later.

    Boot into safe mode under your normal user name. See how HERE

    Next turn on "Show all files and folders, including hidden and system". See how HERE

    Run the antirootkit and fix that entry that you had listed.

    Go to Start > Control Panel > Add and Remove Programs.
    Remove anything related to the following:
    Video Access ActiveX Object
    PestCapture }
    SystemDoctor Free } These 4 are rogue anti-malware programs that will actually harm your system rather than protect or fix it.
    DriveCleaner Free }
    Spwarelocked }

    Go to start > run and type services.msc. Press the enter key.
    Search for the following services(if there) double click to select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

    rare
    user32.dll
    Salestart


    Open your task manager by pressing holding ctrl, alt and pressing del. Alternatively, use ctrl + shift + esc. Go to the processes tab, and end the following processes, if found:

    isamntr.exe
    pmsnrr.exe
    dcpasmon.exe
    iun6002.exe


    After that, run HijackThis and fix the following entries, if found (do this by placing a tick in the check boxes beside these entries and clicking "Fix checked"):

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://MDASBS:8080

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local>

    O2 - BHO: (no name) - {A6ACAE64-F798-4930-AD86-BD3FB32038DB} - C:\Program Files\Video Access ActiveX Object\isadd.dll (file missing)

    O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\SystemDoctor\dcpasmon.exe"

    O4 - HKLM\..\Policies\Explorer\Run: [user32.dll] C:\Program Files\Video Access ActiveX Object\isamntr.exe

    O4 - HKLM\..\Policies\Explorer\Run: [rare] C:\Program Files\Video Access ActiveX Object\pmsnrr.exe

    O4 - Global Startup: Program Neighborhood Agent.lnk = ?

    O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?

    Fix all O17 entries.

    O22 - SharedTaskScheduler: hemine - {9d6fac42-a7be-4702-87ef-75d8dc14249e} - (no file)

    Close HJT.


    Navigate in Windows Explorer and delete the following files and folders in bold.

    c:\windows\system32\kdizz.exe
    C:\Program Files\Video Access ActiveX Object\
    C:\WINDOWS\iun6002.exe
    C:\Program Files\PestCapture\
    C:\Program Files\Gay-Lesbian-Photo\
    C:\Program Files\Common Files\DriveCleaner Free
    C:\DOCUME~1\FButera\APPLIC~1\DriveCleaner Free
    C:\DOCUME~1\FButera\APPLIC~1\SystemDoctor Free
    C:\Program Files\Common Files\SystemDoctor
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\SystemDoctor Free
    C:\Program Files\SpywareLocked

    Go to Start > Run and type regedit. Press Enter.
    Press ctrl + F and search for all instances of the following and delete them.
    Video Access ActiveX Object
    kdizz.exe
    PestCapture
    Gay-Lesbian-Photo

    Close the program.

    Reboot into normal mode and rehide your protected OS files.

    When you have been done with all the above, may I suggest that you patch your windows to XP Service Pack 2. It will help make your system much safer to external threats and infections.

    Thereafter, please post a fresh HJT and AVG Antispyware log from normal mode as an attachment into this thread.

    Regards,
    Your friendly Momok =)

    This thread is for the use of Theodore only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  7. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +19

    Edit:I have removed my instructions, which are more or less a duplicate of momok`s. Our posts obviously crossed lol.

    Momok will continue to give you instructions until your system is clean.

    Regards Howard :)

    This thread is for the use of Theodore only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  8. Theodore

    Theodore Newcomer, in training Topic Starter

    Guys,

    thanks for your help thus far.

    I've followed momok instructions from the start, however, I can't logon in safe mode. When I enter as a normal user name the password no longer works, which is a bit odd becuase when I logon in normal mode it works. I understand I need to move on from this stage to complete your instruction. Any suggestions?

    theodore.
  9. momok

    momok Newcomer, in training Posts: 2,272

    Hi,

    In that case try your administrator account then. Are you by any chance using a laptop? (I've personally encountered the same problem before on my laptop, although I must admit I'm not fully sure why this happens)


    Regards,
    Your friendly Momok =)

    This thread is for the use of Theodore only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  10. Theodore

    Theodore Newcomer, in training Topic Starter

    momok,

    yes I am using a laptop with XP Pro and I've tried my adminstrator account, it doesn't work either.

    theodore.
  11. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +19

    Try following the instructions from normal mode, then post the requested logfiles.

    Regards Howard :)

    This thread is for the use of Theodore only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.