My Google Searches are being redirected

Status
Not open for further replies.
Yes, I'm one of those victims :( I followed some of Google's help and manage to get Hijack working and got a log. Can someone take a look and see whats wrong?

Also, I've downloaded Malwarebytes Anti-Malware and Spy Bots Search and Destroy which was recommended by Google Help. For some reason the installation doesn't work because it doesn't have access to the website. I tried accessing the companies websites and they wouldn't show up because of some DNS server.
 

Attachments

  • hijackthis.log
    12.5 KB · Views: 5
Hello malik17th

It looks like we have to use alternative fix tools to remove the wareout infection you´ve got.

Download SmitfraudFix (by S!Ri) to your Desktop (Win2k/WinXP only!).
http://siri.urz.free.fr/Fix/SmitfraudFix.exe

Note : process.exe is part of the SmitFraudFix tool and is detected by some antivirus programs as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

Reboot into Safe Mode
You can usually do this by restarting your computer and continually tapping F8 until a menu appears. Highlight Safe Mode and hit enter.

Once in Safe mode, open the SmitfraudFix folder and double-click smitfraudfix.cmd

Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.

The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually.

Please attach C:\rapport.txt in next reply
 
SmitFraudFix should works with Windows XP, 2000, and Windows Vista (32 bit)

My bad. I haven´t updated my instructions, because it is not often we use the tool.
 
Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [sysav] C:\Users\Valen\AppData\Roaming\pcdefender.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{470DE41D-15EE-4021-894B-8895490E37CA}: NameServer = 85.255.112.88,85.255.112.236
O17 - HKLM\System\CCS\Services\Tcpip\..\{FD5827FC-39FC-4194-8E9F-69510EAD5E4E}: NameServer = 85.255.112.88,85.255.112.236
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.88,85.255.112.236
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.88,85.255.112.236
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.88,85.255.112.236


Reboot to safe mode ->
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows Xp Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode.

Find and delete these files (if present):

C:\Documents and Settings\All Users\Ta1HnnaIasEcfgF.exe
c:\WINDOWS\ieocx.dll
C:\Users\Valen\AppData\Roaming\pcdefender.exe

Reboot normally.


Now lets check some settings on your system.
Enter your Control Panel and double-click on Network Connections

Then right click on your Default Connection
Usually Local Area Connection for Cable and DSL
Left click on Properties
Double-Click on the Internet Protocol (TCP/IP) item
Select the radio dial that says Obtain DNS Servers Automatically
Press OK twice to get out of the properties screen and reboot if it asks.

Next Go start run type cmd and hit OK
type
ipconfig /flushdns
then hit enter, type exit hit enter

(that space between g and / is needed)

Reboot and post a new hijackthis log.

Try malwarebyte again and see if it works for you now. If so, post that log also.
 
ok got my new log, I was able to install Malware but I can't even open it or run it. Been waiting for 30 minutes and the program won't start
 
Ok. We´ll try combofix -

Please download combofix here -> https://www.techspot.com/downloads/5587-combofix.html

Before Saving it to Desktop, please rename it to something like 123.exe to stop malware from disabling it.

Now, please make sure no other programs are running, close all other windows.

Please double click on the file you downloaded. Follow the onscreen prompts to start the scan.
Once the scanning process has started please DO NOT click on the Combofix window or attempt to use your computer as this can cause the scanning process to stall.
It may take a while to complete scanning and this is normal.

You will be disconnected from the internet and your desktop icons/toolbars will disappear during scanning, do not worry, this is normal and it will be restored after
scanning has completed.

Combofix will create a logfile and display it after your computer has rebooted.

Usually located in c:\combofix.txt, please attach it to your next post
 
Okay I've tried running ComboFix but it keeps crashing on me every time. Keeps giving me the blue screen with the dumping the memory
 
Try running ComboFix from safe mode, and see if it can complete without dumping memory
 
Status
Not open for further replies.
Back