Google redirecting to ad websites

Solved
By Alchemist13
Sep 12, 2010
Topic Status:
Not open for further replies.
  1. I seem to have caught some type of virus/Malware on my computer, whenever I do a search on and click a link I would be redirected to some type of advertising website; in addition it seems to have some major lag time. I did a complete scan with my comodo, spybot search and destroy & comodo system cleanner and it did find some Malware and removed them yet I am still having the same issue.

    I have included the Malwarebytes Anti-Malware & GMER "zip it due to file being to large to attach" log below. I also ran the DDS for 24 hours yet no DDS.txt and Attach.txt appeared so I ended the program.

    Any help to resolved this pain would be appreciated. Thank you.

    Attached Files:

  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    Welcome to TechSpot. I'll help with the malware. IT looks like you may have a rootkit. We'll bypass DDS for now- it shouldn't take that long. Did you run TFC first?

    Please download ComboFix from Here and save to your Desktop.

    • [1]. Do NOT rename Combofix unless instructed.
      [2].Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3].Close any open browsers.
      [4]. Double click combofix.exe & follow the prompts to run.
    • NOTE: Combofix will disconnect your machine from the Internet as soon as it starts. The connection is automatically restored before CF completes its run. If it does not, restart your computer to restore your connection.
      [5]. If Combofix asks you to install Recovery Console, please allow it.
      [6]. If Combofix asks you to update the program, always allow.
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      [7]. A report will be generated after the scan. Please paste the C:\ComboFix.txt into your next reply. Split the post if needed.
    Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.
    Note: Make sure you re-enable your security programs, when you're done with Combofix..
    =====================================
    Run Eset NOD32 Online AntiVirus scan HERE
    1. Tick the box next to YES, I accept the Terms of Use.
    2. Click Start
    3. When asked, allow the Active X control to install
    4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    5. Click Start
    6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    7. Click Scan
    8. Wait for the scan to finish
    9. Re-enable your Antivirus software.
    10. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
    Okay to attach this log.

    Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
  3. Alchemist13

    Alchemist13 Newcomer, in training Topic Starter

    Sorry for the late reply, I have tried running the ComboFix yet keep receiving fail to install error. I went to safe mode to install and it seemed to have worked for a second but then stopped when restarted in normal mode. When i tried again in normal mode it had kept stating that COMODO Antivirus was runing "when I'm 100% sure I closed it" I finally just uninstalled COMODO "for now"and redid everything from the TFC, Malwarebytes Anti-Malware & GMER and reposted the logs.

    When I tried to run Eset NOD32 online antivirus it kept failing stating the memory could not be "written" and terminated.

    Attached Files:

  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    You have many processes set to start on boot. Then they will all run in the background. If you have any RAM issue, you will be using the available RAM after surfing for a while and attempts to run additional processes will fail.

    Go to Start> Run> type in services.msc> find each of the following and double click on it> Set Startup type as given: NOTE: Some of these services mat already be set as given- if they are, go on to next Service. Service name may be slightly different than listed below:
    "WZCSVC">> Manual
    "WMPNetworkSvc"= >> Manual
    "Viewpoint Manager Service">> Disable
    "usnjsvc">> Manual
    "ose">> Automatic
    "odserv" >> Manual
    "MDM">> Disable> Stop
    "Macromedia Licensing Service">> Manual
    "iPod Service" >> Disable
    "idsvc" >> auto
    "IDriverT"= >> Manual
    "FLEXnet Licensing Service" >> Manual
    "Bonjour Service" >> Manual
    "bmwebcfg">> Manual
    "Apple Mobile Device">> Manual
    "JavaQuickStarterService" >> Stop
    "RoxLiveShare9" >>Manual
    "RoxWatch9" >> Manual
    "RoxMediaDB9" >> Manual
    "Roxio Upnp Server 9" >> Manual
    "Roxio UPnP Renderer 9" >> Manual

    Exit Services> Reboot

    Comodo is being started from the Registry. I really need DDS so I can check what's on the system. Please reboot the computer, then try both the Eset scan and DDS again. Don't do anything else before you run these. When you have finished those scans, do the following:
    =========================================
    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2

    • Double-click SystemLook.exe to run it.
    • Copy the content of the following codebox into the main textfield:
      Code:
      :filefind
       rasacd.*
      
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt
    ========================================
    Please run this Custom CFScript

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad and copy/paste the text in the code below into it:
    Code:
    KillAll::
    File::
    Folder::
    c:\windows\system32\drivers\hitmanpro35.sys
    c:\documents and settings\All Users\Application Data\Hitman Pro
    c:\program files\Hitman Pro 3.5
    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "Viewpoint Manager Service"
    "MDM"
    DirLook::
    C:\62b126ede312f208d3b6f8
    FCopy::
    C:\WINDOWS\ServicePackFiles\i386\atapi.sys | C:\Windows\System32\drivers\atapi.sys
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into your next reply.
  5. Alchemist13

    Alchemist13 Newcomer, in training Topic Starter

    I was finally able to run DDS, yet the Eset scan still failed. I didn't want to continue to the next step if it wasn't fine with you so I have just pasted the DDS Logs.

    Attached Files:

  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    Please run the script I set up for you. This will remove some entries, among them, HitmanPro. That is not a good program to have> it's nothing but a bundle of programs that are free on the internet. It causes a considerable amount of problems.

    The order to run now should be:
    1. Combofix script> you have a rootkit infection and this should get rid of one or both.
    2. System Look> I need to know where in the system a good copy of this file is so I can move the bad one out and replace with good one.
    Empty the Recycle Bin
    Reboot
    3. Try the Eset scan now.

    Paste results from #1 and #2. Okay to attach the Eset log if you get one.

    Please do not use BitLord or LimeWire while I am helping you. I would encourage uninstalling both but if you don't want to do that, take both off of Startup for now.
    Reboot
  7. Alchemist13

    Alchemist13 Newcomer, in training Topic Starter

    I have paste both results & the Eset still fails.

    Attached Files:

  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    Please see if this Kaspersky online scan will run:
    Run Kaspersky Online Scanner in Internet Explorer

    Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
    • Click Accept and the web scanner will begin to load
    • If a yellow warning bar appears at the top of the browser, click it and choose Install ActiveX Control
    • You will be prompted to install an ActiveX component from Kaspersky, click Install
    • If you are prompted about another ActiveX control called Kaspersky Online Scanner GUI part then allow it to be installed also.
    • The program will launch and then begin downloading the latest definition files:
    • Once the files have been downloaded click on NEXT and then Scan Settings
    • In the scan settings make that the following are selected:
      [o] Scan using the following Anti-Virus database> Extended (if available otherwise Standard)
      [o] Scan Options: Scan Archives> Scan Mail Bases
    • Click OK
    • Now under select a target to scan:
      [o] Select My Computer
    • The program will start to scan your system.
    • Once the scan is complete, click on the Save as Text button and save the file to your desktop
    Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license is accepted, reset to 100%.
  9. Alchemist13

    Alchemist13 Newcomer, in training Topic Starter

    Here is the report given.

    Attached Files:

  10. Alchemist13

    Alchemist13 Newcomer, in training Topic Starter

    Is there any more steps in which i need to do to reslove and clean my computer?
  11. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    Sorry- didn't get notification of your reply. There are no new infections in the log.

    FYI: there is a reason we ask you to paste the logs into your reply. When that is done, we can do any searching directly from within our browser. When a file is attached, I have to copy and paste every entry I want information about. So it takes longer. All of your logs were attached. We have only been working on this for 2 days.

    If you are no longer getting redirected:
    Removing all of the tools we used and the files and folders they created
    • Uninstall ComboFix and all Backups of the files it deleted
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
      [​IMG]
    • Download OTCleanIt by OldTimer and save it to your Desktop.
    • Double click OTCleanIt.exe.
    • Click the CleanUp! button.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.

    Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
    • You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
    • Go to Start > All Programs > Accessories > System Tools
    • Click "System Restore".
    • Choose "Create a Restore Point" on the first screen then click "Next".
    • Give the Restore Point a name> click "Create".
    • Go back and follow the path to > System Tools.
      [*]Choose Disc Cleanup
      [*]Click "OK" to select the partition or drive you want.
      [*]Click the "More Options" Tab.
      [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.


    Empty the Recycle Bin
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.