Google redirecting, trojan, and marketscore spyware removal help

By valentinee
Dec 2, 2008
  1. On Sunday, my computer was disrupted and suddenly restarted with no notifications or warnings. I didn't think much of it- maybe it was a power outage who knows. BUT after that, I got messages from my Firewall telling me that ispynow spyware was trying to get through and that its a keylogger that collects information and takes screen shots of my screen remotely. I tried everything to get rid of it and finally, with help from Security Task Manager found and destroyed the key logger. The Firewall notification no longer shows up. I thought that was the end and that I was done but sadly enough, that was pretty much only the start.

    As i try to get online and search for something on Google, the links redirect me to some search engine sites through other ip addresses (in the loading bar, when the "link" loads, it shows an i.p. address and then redirects to the search engine). I tried to search something on yahoo and the same thing goes on, the link opens a new tab with the search engine. If i copy and paste the link Google provides into the search bar, it opens it fine. BUT if i try to download some spyware protection programs, it wont let me. It either says can not connect to server or can not display page. doesn't work at all! Any of the helpful sites wont open. I'm surprised it let me get on Techspot.
    The only program I was able to download is Spyware Terminator. This helped. It found a trojan and marketscore spyware (which I'm guessing is the redirecting problem).
    I havent tried to delete these because I might screw something up so Im asking for help from you guys. PLEASE help me remove these and get my computer to normal again.
    thank you.

    also, i tried to run AVG and Ad Aware but nothing shows up. and it wont let me update either of the programs.
    again, no programs are being allowed to download.

    I attached the report from Spyware Terminator- the only thing I could get to work.

    View attachment spywareterminatorreport.txt
  2. rf6647

    rf6647 TS Maniac Posts: 829

    Welcome to TS. Your description was helpful, and citing symptoms adds to understanding the threat / infection. I am trying to anticipate your needs. AVG does not interfere with basic tools called out in the 8-step guide. In your case, you are facing a difficulty.

    In case of difficulty, attempt this method
    Note, one user reported the need to restart in safe mode with networking, as the relief was temporary. This refers to message #1.
    Additional note: Message #3 link to 'fixit download' has demonstrated its effectiveness in many cases.

    This should give you a breakthrough. It is customary to posts logs. Report progress & what changes are observed. Any feedback is appreciated for which procedure was needed to give you some control.

    Genreal Remark: - React to unanswered items appearing in scan logs
    • NO Action’ - Remove Selected when offered by MBAM
    • 'Delete on Reboot’ - Restart the computer after concluding the scan

    Proceeding along a typical path.

    If you feel comfortable to venture on your own, other threads posted during the last week offer a ‘supplement to guide’ with instructions for rescanning with the tools and for using ComboFix when ‘ TDSS’ class of trojans is found.
  3. valentinee

    valentinee TS Rookie Topic Starter


    I finally got the google redirecting thing to stop, thanks to the link!
    I got through the 8 step process and deleted (it seems) everything than needed to be deleted.
    However, whenever I run SuperAntiSpyware, it shows TDSS files. When I check them to be deleted, my computer is asked to restart. I run the test again and the files are STILL there. Whats up with that?
    Here are the logs required. Please help!
    I greatly appreciate this. Thank you.

    View attachment 38922

    View attachment 38923

    View attachment 38924
  4. rf6647

    rf6647 TS Maniac Posts: 829

    Thank you for the feedback and for calling attention to findings. Your logs show found and removed items. For your case, we will supplement our guide with a special scan / tool.

    Successive scans are used to uncover additional infections, since masking is common with many infestations. When a tool reports something it can not clean, that's when the strategy calls for a stronger scanner. The sequence for applying the scanners begins with the standard scanners (fully updated) and ends with the stronnger cleaner, with a side benifit that it adds information about the comparative effectiveness among the tools.

    The TDSS exploit (among other non-plug and play driver exploits) is quite the rage. The temptation is to package a method for this. However, the result would be quite lengthy and possibly confusing, since it is not possible to anticipate contributing factors.

    Overview -
    • Update scanning tools. MBAM version was 2 weeks old.
    • ComboFix is a very effective tool that scans / fixes hard to clean infections. Additionally, it includes diagnostic information.
    • Uninstall old copy of ComboFix - if tool was used previously
    Supplement to guide. Successive scans used to uncover additional infections.
    • Update both MBAM & SAS. Rerun them both.
    • This effort is complete when logs report NO infections/threats, or reporting something it can not clean.
      • Typically extra repeat scans are not needed
    • Follow ComboFix instructions referenced below.

    • Scan with HJT. (part of instructions for ComboFix)

    • Posts logs. Report progress & what changes are observed. Include logs that found infections.

  5. frog98146

    frog98146 TS Rookie Posts: 21

    Hi you all
    I have the same problem with searches. And updates. I can not get any av pages to come up in search. I couldn't even get here. I clicked on Y!mLite a yahoo non-boot chat client and it let me go into the yahoo Christian chat room 19. A guy there that knows allot about computers told me to go to a AV free program site I did and it let me in How I don't know. I was able to down load a-squared anti-malware program and I am able to update it just fine. I reinstalled my Mcafee soft ware and it still wont let me update it. I can't go to the Mcafee website http://us. so I can get a hold of support. I can't go to AVG web site it redirects me to a search site that happens with mcafee also or it just tells me the site can't be found. I did a search and found that others back in 2004 were having this same problem but the thread is closed. Back then it was a problem they said with comcast ISP users. I live in a house where the internet is provided and it's comcast. I looked at the host file and there is nothing wrong with it. I updated JAVA and still have the problem. Those were ideas from back in 2004 to try. Now in 2008 same problem. I should say I mite dump Mcafee anyway the mite find 1-4 problems on my computer when I scan a-squared found 131 5 of witch were trotion horses. I'm stuck baffeld.
    If some one knows what to do please let me know

    OH by the way I have IE 7 7.0.5730.11 Build 75730, Google Chrome 0.3154.9 (Can't find server to update, when I went to about on Chrome it looked for updates), and Safari 3.1.2 (525.21). How do I attach a file here I found all the systems files on my computer and thought you could look at them but I can't see how to attach them here. When I looked up about IE it said show system files and I saved it all. I see go advanced and I can OK.
    Answered my own question don't you hate it when that happens.

    Here is the file

    I have to figure how to change a .info file to a text file. Maybe you can tell me how? thanks frog98146
  6. rf6647

    rf6647 TS Maniac Posts: 829

  7. valentinee

    valentinee TS Rookie Topic Starter

    I did as you suggested. It seems that MBAM deleted some files. But Im sure there's more infections to it. I ran MBAM the first time and it found 6 or so infections and i clicked remove selected. It did so. So I ran it again and this time there was only one infection and it says it removed it as well. But I don't know.

    Here are the log files.

    View attachment 39468
    View attachment 39469
    View attachment 39466
    View attachment 39467

    Unfortunately I just somehow caught another virus ):
    It seems to be the site
    Luckily this time, however, everything was blocked and the actual virus wasn't installed. Or so it says.
    I'm working on getting all my scanners running again and completing the 8 step process. It seems endless. I will get the logs ASAP.
    Should I also do combo fix again?

    I ran all the scanners once again and here are the results.
    I wasn't sure if I should run combo fix again or not, but I didn't.

    View attachment 39540
    View attachment 39541
    View attachment 39539
  8. rf6647

    rf6647 TS Maniac Posts: 829

    It’s regrettable that this thread has escaped my attention. Indications are your protections are keeping you from serious harm. The scan logs handled one infection. Reply with questions or concerns.

    Here are cleanup items.
    1. Scan with HJT. Tick and Fix the following. Restart the computer.
    2. Uninstall ComboFix

    3. clear system restore points
      • This is a good time to clear your existing system restore points and establish a new clean restore point:
        • Go to Start > All Programs > Accessories > System Tools > System Restore
        • Select Create a restore point, and Ok it.
        • Next, go to Start > Run and type in cleanmgr
        • Select the More options tab
        • Choose the option to clean up system restore and OK it.
      • This will remove all restore points except the new one you just created.
  9. valentinee

    valentinee TS Rookie Topic Starter

    I tried to fix these files:

    O15 - Trusted Zone: *
    O15 - Trusted Zone: *
    O15 - Trusted Zone: * (HKLM)
    O15 - Trusted Zone: * (HKLM)
    O20 - Winlogon Notify: hgGxXopn - hgGxXopn.dll (file missing)

    the O15 files were missing already. and O20 was successfully deleted.

    When I tried to clear the System Restore points I got a message saying that there is not enough disk space available on the system drive. I don't know if I should attempt to clean the disk because I'm afraid I might delete some needed files.

    And another problem I have...
    some of the system programs are missing. Like calculator, solitaire, and all those card games, paint, etc. Why is this? They are completely gone. How can I restore them?
  10. rf6647

    rf6647 TS Maniac Posts: 829

    Before all this started over 2 weeks ago, what do you estimate the amount of free space on the main drive? About 50%? About 25%?

    What are the numbers now?

    Quarantined files and recycle bin can use a good deal of storage.

    CCleaner does a good job to get rid of temporary files (mostly internet) and uninstall packages for updates applied to XP.

    Window components can be brought back.
    Control Panel > add/remove programs > change views (left side - Windows Components) > accessories + utilities.
  11. valentinee

    valentinee TS Rookie Topic Starter


    Something is so wrong with my computer.
    It KEEPS catching viruses. No matter how much protection I use.
    This time it caught one by simply BEING on the internet. I hate this. Non harmful sites and it still catches them )':
    It says its a trojan this time and an adware ):
    Im running all tests again.
    But what is this?? Can my computer be seriously that harmed? Or what happened? Whats going on? All these viruses? I never caught a viruses in five years until all this.
    Any suggestions? Help?
  12. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Hi valentinee

    As this thread (being your thread) was originally created 3 weeks ago, it would be best for you to create a new thread with the 3 present logs from running the 8-step removal process

    As you asked "Why", I will try to explain on the probable cause of your newly re-infected Virused\Malware system

    Although there are many possibilities to where this re-infesting may have come from, including:
    Internet browsing
    CD\DVD\Flash Drive
    Or even your own system

    It is more than likely that you have picked up the current Internet Explorer Malware, that is presently making havoc on many users computers. Even MS themselves have only a "workaround" for this issue. One of them being to use another browser (such as Firefox) until this issue (through a future security update) is finally resolved.

    Now I could ponder all day why anyone gets infected, and then to advice on the options, including Firewall; Spyware gaurds; Antivirus; and a multitude of others. But in your present case, we are best to remove the present infection, on a brand new thread.

    Please create a new thread, for this new infection
    Your first post, should consist of all 3 logs, with Malwarebytes ran (possibly a few times) until clean
    I would also recommend using Avira AntiVirus software, and removing any other non-listed Antivirus or Spyware protection.
    You should also try to remove as many not absolute required, automatic Windows startups, which will help make a cleaner and smaller HJT log
    The guide should be followed exactly as it states
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...