TechSpot

Google Redirection Virus Logs

By OSIG89
Dec 10, 2009
Topic Status:
Not open for further replies.
  1. Ran the 8 steps still getting redirected when clicking on Google links. What can I do now to fix this?
  2. OSIG89

    OSIG89 Newcomer, in training Topic Starter

    Any help please =/
  3. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    Malware removal has become extremely busy, must be to do with xmas coming up or something?
    You originally created your new topic 3 hours ago only, really that's not long ago at all

    The only reason I'm helping is because you at least have Avira, so I respect that ;)

    Start HJT Scan Only
    Place a tick in the following entry boxes
    Before selecting FIX, close all Internet Browsers
    Note: The grayed out lines are not issues, but do not need to start with Windows
    Combofix:
    • Download [​IMG]Combofix to your desktop.
    • Disable your Antivirus (as Combofix will remove any found malwares)
    • Double click ComboFix & follow the prompts.
    • A window will open with a warning.
    • When the scan completes it will open a text window. Please attach that log back here
    Also restart and then provide a fresh HJT Scan log



    2 Log attachments required
  4. OSIG89

    OSIG89 Newcomer, in training Topic Starter

    I wasn't able to remove the Unknown file in winsock LSP. HJT said it couldnt repair 010 Winsock LSP entries. It told me: You should use LSPFix for that. Under that it also said this: If the O10 item belongs to Webhancer, New.Net or CommonName, Spybot S&D can remove it automatically.

    Here's my new logs after I restarted though.
  5. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    Well if you don't use Ad-Aware much I'd uninstall it, its just making more and more entries in your logs. Anyway Malwarebytes is better.



    Manual steps to repair or to reset Winsock for Windows Vista users
    1. Click [​IMG], type cmd in the Start Search box, right-click cmd.exe, click "Run as administrator", and then press Continue.
    2. Type netsh winsock reset at the command prompt, and then press ENTER.
    3. Type netsh int ip reset at the command prompt, and then press ENTER.
    4. Type netsh interface ip delete arpcache at the command prompt, and then press ENTER.
    5. Type Exit, and then press ENTER.
    Restart



    Un-install Combofix
    • Click START then RUN
    • Now type Combofix /uninstall in the runbox and click OK
    • Any popup errors about Antivirus just ok or close
    Note: 1 space after ComboFix in that uninstall command



    Uninstall SUPERAntispyware
    Start > Control Panel > Add/Remove Programs > SUPERAntispyware > Uninstall



    Udate Java and remove older Java versions
    Run JavaRa
    This will remove all your old Java stuff (that is not required)
    It will also help you check for new Java updates Runtime updates
    Or just go here and auto check: http://java.com/en/download/installed.jsp?detect=jre&try=1



    Download and run TFC http://oldtimer.geekstogo.com/TFC.exe
    Your computer may need to Restart



    Remove old System Restore Points

    • Open System by clicking the Start button [​IMG], right-clicking Computer, and then clicking Properties.
    • In the left pane, click System protection [​IMG]. Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
    • Under Protection Settings, click the disk, and then click Configure.
    • Click Turn off system protection, click OK, and then click OK again.
    Then turn it back on again.



    Restart, and let me know how its performing
  6. OSIG89

    OSIG89 Newcomer, in training Topic Starter

    Still getting redirected and still have those Unknown files in winsock LSP in HJT.
  7. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

  8. OSIG89

    OSIG89 Newcomer, in training Topic Starter

    hmm that didn't work either might just have to reinstall os
  9. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    The Winsock LSP: c:\windows\system32\bfllr.dll, seem to be authentically coming from your ISP
    In other words just leave them there

    The redirection, we can try one more thing:

    You may want to update to a more secure Hosts file
    There's lots of important info on that here: http://www.mvps.org/winhelp2002/hosts.htm
    As it's difficult to see the actual download, here it is: http://www.mvps.org/winhelp2002/hosts.zip
    Important! Windows Vista requires special instructions: http://www.mvps.org/winhelp2002/hostsvista.htm

    Simply download the hosts.zip file, extract, then run mvps.bat, then restart

    Then restart, and test browsing the Internet again :)


    EDIT:

    You could also run a GMER Rootkit scan: http://www2.gmer.net/gmer.zip
  10. OSIG89

    OSIG89 Newcomer, in training Topic Starter

    Reinstalled OS... OMG it worked ... lol insta win
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.