Google Redirecting

Status
Not open for further replies.

Metesh

Posts: 9   +0
Hi There,

I am having a problem with Google redirecting to odd websites when I use Mozilla Firefox v3 and IE7. I can usually see copy-book.com loading before I am redirected. Recently, I also have annoying tray icon which tells me "You have a security problem" before asking me to install fake anti-spyware tools.

I have AVG installed (although I can't get the scan to run as the 'scan' button is unresponsive), CCleaner, SUPERAntiSpyware, Malwarebytes' Anti-Malware, HijackThis. Java has been updated to latest version (update 6, version 11).

Here are the relevant logs...

I would be grateful for you help...thanks in advance.
 
I am also having difficulty accessing 'My Computer' and other folders. When I click on them, the taskbar along the bottom of the screen disappears for a second, then returns, and two Command Prompt screens appear very briefly but then disappear. I cannot get into any files or folders after this...any idea what's going on?

The problem seems to resolve on rebooting.
 
It appears that MBAM was not used to remove the infections found. Repeat all scans. Respond to actions required by MBAM.
Code:
Memory Modules Infected:
C:\Program Files\Mozilla Firefox\components\iamfamous.dll (Spyware.Passwords) -> No action taken.


  • More progress is needed if your logs show found but unanswered items
  • React to unanswered items appearing in scan logs
    • NO Action’ - Remove Selected when offered by MBAM
    • 'Delete on Reboot’ - Restart the computer after concluding the scan
 
The problem seems to have resolved after a few scans I did earlier. No more redirecting! I'll post the new MBAM scan after it's finished. Thanks.
 
Thanks for the logs. It appears that you have handled the crisis well. HJT reveals a few minor points to consider.

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (file missing) >> truly a file is expected.

Does TeaTime nag about this every restart?
O4 - HKCU\..\RunOnce: [SpybotDeletingB2151] command /c del "c:\resycled\boot.com"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2499] cmd /c del "c:\resycled\boot.com"

Remove ComboFix history & Qoobox



Establish a new clean restore point and Clear your existing System Restore points:
  • New
    • Go to Start > All Programs > Accessories > System Tools > System Restore>
    • Select Create a restore point> OK.
  • Clear Old
    • go to Start > Run > cleanmgr > Select the More options tab >
    • Choose the option to clean up System Restore > OK

      • This will remove all restore points except the new one you just created.
 
Thanks rf6647 and others for all your help. I have done as you requested and the problem is now fully resolved. Many thanks.
 
Status
Not open for further replies.
Back