also @ TechSpot: Building a Thin Mini-ITX PC: Small and Silent Performance

Need help got the Google redirect virus

Discussion in 'Virus and Malware Removal' started by jpak88, Nov 12, 2010.

Page 4 of 5

  1. Broni Malware Annihilator Posts: 39,324   +175

    I still need Extras.txt.
    You didn't say, which browser is getting redirected.
    Broni, Nov 19, 2010
    #61

  2. jpak88 Newcomer, in training Posts: 54

    should i just reformat my computer? i feel like its my router thats been hacked bcuz my dads computer is only like 5months old and he has the redirect virus also
    jpak88, Nov 19, 2010
    #62

  3. jpak88 Newcomer, in training Posts: 54

    let me re scan or can i find the extra file somewhere?
    jpak88, Nov 19, 2010
    #63

  4. jpak88 Newcomer, in training Posts: 54

    my inet explorer is getting redirected
    jpak88, Nov 19, 2010
    #64

  5. Broni Malware Annihilator Posts: 39,324   +175

    No, you don't need to reformat anything.
    Please, read my previous reply.
    Broni, Nov 19, 2010
    #65

  6. Broni Malware Annihilator Posts: 39,324   +175

    Hold on there. We posted at the same time.
    Broni, Nov 19, 2010
    #66
     

  7. Broni Malware Annihilator Posts: 39,324   +175

    OTL log looks clean.

    Go Start>Run (Start search in Vista), type in:
    cmd
    Click OK (in Vista and Windows 7, while holding CTRL, and SHIFT, press Enter).

    In Command Prompt window, type in following commands, and hit Enter after each one:
    ipconfig /flushdns
    ipconfig /registerdns
    ipconfig /release
    ipconfig /renew
    net stop "dns client"
    net start "dns client"


    Turn the computer off.

    On your router, you'll find a pinhole marked "Reset".
    Keep pushing the hole, using a pencil, or a paperclip until all lights briefly come off and on.
    NOTE. Simple router disconnecting from a power source will NOT do.
    Restart computer and check for redirections.

    NOTE. You may need to re-check your router security settings, as described HERE
    Broni, Nov 19, 2010
    #67

  8. jpak88 Newcomer, in training Posts: 54

    my os is xp
    jpak88, Nov 19, 2010
    #68

  9. Broni Malware Annihilator Posts: 39,324   +175

    Just omit, whatever is in parentheses.
    Broni, Nov 19, 2010
    #69

  10. jpak88 Newcomer, in training Posts: 54

    oky did everything
    jpak88, Nov 21, 2010
    #70

  11. Broni Malware Annihilator Posts: 39,324   +175

    Broni, Nov 21, 2010
    #71

  12. jpak88 Newcomer, in training Posts: 54

    yea still getting redirections
    jpak88, Nov 21, 2010
    #72

  13. Broni Malware Annihilator Posts: 39,324   +175

    Do you have any other browser installed?
    Can you check, if the other browser is getting redirected too?
    Broni, Nov 21, 2010
    #73

  14. jpak88 Newcomer, in training Posts: 54

    no i dont have any other browsers installed unless you want me to dl some
    jpak88, Nov 22, 2010
    #74

  15. Broni Malware Annihilator Posts: 39,324   +175

    Yes, please. Get Firefox: http://www.mozilla-europe.org/en/firefox/
    Check for redirections there.

    Also, do this....

    Go Start>Run ("Start search" in Vista), type in:
    cmd
    Click OK (hit Enter in Vista).

    At Command Prompt, paste this:
    ipconfig /all>c:\ipconfig_all.txt&notepad c:\ipconfig_all.txt&exit
    Hit Enter.

    Copy and paste what you see in Notepad into a Reply here.
    Broni, Nov 22, 2010
    #75

  16. jpak88 Newcomer, in training Posts: 54

    firefox isnt getting redirected.



    Windows IP Configuration



    Host Name . . . . . . . . . . . . : anonymous

    Primary Dns Suffix . . . . . . . :

    Node Type . . . . . . . . . . . . : Unknown

    IP Routing Enabled. . . . . . . . : No

    WINS Proxy Enabled. . . . . . . . : No



    Ethernet adapter Local Area Connection:



    Connection-specific DNS Suffix . :

    Description . . . . . . . . . . . : Intel(R) PRO/1000 MTW Network Connection

    Physical Address. . . . . . . . . : 00-14-22-61-4E-35

    Dhcp Enabled. . . . . . . . . . . : Yes

    Autoconfiguration Enabled . . . . : Yes

    IP Address. . . . . . . . . . . . : 192.168.1.3

    Subnet Mask . . . . . . . . . . . : 255.255.255.0

    Default Gateway . . . . . . . . . : 192.168.1.1

    DHCP Server . . . . . . . . . . . : 192.168.1.1

    DNS Servers . . . . . . . . . . . : 192.168.1.1

    Lease Obtained. . . . . . . . . . : Tuesday, November 23, 2010 5:55:34 AM

    Lease Expires . . . . . . . . . . : Wednesday, November 24, 2010 5:55:34 AM
    jpak88, Nov 23, 2010
    #76

  17. Broni Malware Annihilator Posts: 39,324   +175

    Yeah. ipconfig log looks normal, so it must be IE issue.
    Open IE, go Tools>Internet Options>Advanced tab and click "Reset" button.
    Restart IE and check for issues.
    Broni, Nov 23, 2010
    #77

  18. jpak88 Newcomer, in training Posts: 54

    yea still getting redirected after i reset everything
    jpak88, Nov 23, 2010
    #78

  19. Broni Malware Annihilator Posts: 39,324   +175

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    =================================================================

    Copy the entire content of the report and paste it in a reply here.

    Note. You may get this warning it is ok, just ignore it:
    "Rootkit Unhooker has detected a parasite inside itself!
    It is recommended to remove parasite, okay?"
    Broni, Nov 23, 2010
    #79

  20. jpak88 Newcomer, in training Posts: 54

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Professional
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x0008001d

    Kernel Drivers (total 147):
    0x804D7000 \windows\system32\ntkrnlpa.exe
    0x806E4000 \windows\system32\hal.dll
    0xF7B12000 \windows\system32\KDCOM.DLL
    0xF7A22000 \windows\system32\BOOTVID.dll
    0xF741E000 spdp.sys
    0xF7B14000 \windows\System32\Drivers\WMILIB.SYS
    0xF7406000 \windows\System32\Drivers\SCSIPORT.SYS
    0xF73D8000 ACPI.sys
    0xF73C7000 pci.sys
    0xF73A7000 fltMgr.sys
    0xF7612000 ohci1394.sys
    0xF7622000 \windows\system32\DRIVERS\1394BUS.SYS
    0xF7632000 isapnp.sys
    0xF7BDA000 pciide.sys
    0xF7892000 \windows\system32\DRIVERS\PCIIDEX.SYS
    0xF7642000 MountMgr.sys
    0xF7388000 ftdisk.sys
    0xF7B16000 dmload.sys
    0xF7362000 dmio.sys
    0xF789A000 PartMgr.sys
    0xF7652000 VolSnap.sys
    0xF734A000 atapi.sys
    0xF730A000 a320raid.sys
    0xF7662000 disk.sys
    0xF7672000 \windows\system32\DRIVERS\CLASSPNP.SYS
    0xF72F8000 sr.sys
    0xF72BF000 PCTCore.sys
    0xF72AE000 TfSysMon.sys
    0xF729D000 TfFsMon.sys
    0xF7682000 PxHelp20.sys
    0xF7286000 KSecDD.sys
    0xF7273000 WudfPf.sys
    0xF71E6000 Ntfs.sys
    0xF71B9000 NDIS.sys
    0xF719F000 Mup.sys
    0xF76E2000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0xF6327000 \SystemRoot\system32\drivers\ctaud2k.sys
    0xF6303000 \SystemRoot\system32\drivers\portcls.sys
    0xF7712000 \SystemRoot\system32\drivers\drmk.sys
    0xF62E0000 \SystemRoot\system32\drivers\ks.sys
    0xF62B4000 \SystemRoot\system32\drivers\ctoss2k.sys
    0xF7B58000 \SystemRoot\system32\drivers\ctprxy2k.sys
    0xF7722000 \SystemRoot\system32\DRIVERS\nic1394.sys
    0xF628C000 \SystemRoot\system32\DRIVERS\e1000325.sys
    0xF5ED6000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
    0xF5EC2000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xF7982000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0xF5E9E000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xF798A000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xF7992000 \SystemRoot\system32\DRIVERS\fdc.sys
    0xF5E8A000 \SystemRoot\system32\DRIVERS\parport.sys
    0xF7732000 \SystemRoot\system32\DRIVERS\serial.sys
    0xF7142000 \SystemRoot\system32\DRIVERS\serenum.sys
    0xF7742000 \SystemRoot\system32\DRIVERS\imapi.sys
    0xF6412000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0xF6402000 \SystemRoot\system32\DRIVERS\redbook.sys
    0xF799A000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0xF5E4A000 \SystemRoot\system32\drivers\smwdm.sys
    0xF5D97000 \SystemRoot\system32\drivers\senfilt.sys
    0xF7C61000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xF7B5A000 \SystemRoot\System32\Drivers\RootMdm.sys
    0xF79A2000 \SystemRoot\System32\Drivers\Modem.SYS
    0xF63F2000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xF713A000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xF5D80000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xF63E2000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xF63D2000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xF79AA000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xF5D6F000 \SystemRoot\system32\DRIVERS\psched.sys
    0xF63C2000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xF79B2000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xF79BA000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xF79C2000 \SystemRoot\system32\DRIVERS\RimSerial.sys
    0xF5D3F000 \SystemRoot\system32\DRIVERS\rdpdr.sys
    0xF63B2000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xF79CA000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xF79D2000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xF5D22000 \SystemRoot\system32\DRIVERS\mcdbus.sys
    0xF7B5C000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xF5CC4000 \SystemRoot\system32\DRIVERS\update.sys
    0xF711E000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xF63A2000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xF5C77000 \SystemRoot\system32\drivers\hap16v2k.sys
    0xF5B9A000 \SystemRoot\system32\drivers\ha10kx2k.sys
    0xF5B78000 \SystemRoot\system32\drivers\emupia2k.sys
    0xF5B58000 \SystemRoot\system32\drivers\ctsfm2k.sys
    0xF5ABA000 \SystemRoot\system32\drivers\ctac32k.sys
    0xF7752000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xF7B68000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xF79E2000 \SystemRoot\system32\DRIVERS\flpydisk.sys
    0xF7AFE000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xF7D34000 \SystemRoot\System32\Drivers\Null.SYS
    0xF7B6E000 \SystemRoot\System32\Drivers\Beep.SYS
    0xF79F2000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0xF79FA000 \SystemRoot\System32\drivers\vga.sys
    0xF7B70000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xF7A02000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xF7A0A000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xF7B06000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xAE7A3000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xAE74A000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xAE713000 \??\C:\WINDOWS\system32\drivers\pctgntdi.sys
    0xAE6ED000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0xF7782000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xAE69D000 \SystemRoot\system32\DRIVERS\netbt.sys
    0xF7163000 \SystemRoot\System32\drivers\ws2ifsl.sys
    0xF7792000 \SystemRoot\system32\DRIVERS\arp1394.sys
    0xAE67B000 \SystemRoot\System32\drivers\afd.sys
    0xF77A2000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xF7A12000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
    0xAE650000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xAE5E0000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xF77B2000 \SystemRoot\System32\Drivers\Fips.SYS
    0xAE5BD000 \SystemRoot\system32\DRIVERS\avipbb.sys
    0xF7B76000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
    0xF7A1A000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0xF5CBC000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0xF77D2000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0xF5CB0000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0xF5CAC000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0xF7822000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xF5CA4000 \SystemRoot\System32\Drivers\dump_diskdump.sys
    0xAE4B5000 \SystemRoot\System32\Drivers\dump_a320raid.sys
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xAE7F2000 \SystemRoot\System32\drivers\Dxapi.sys
    0xF78C2000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0xF7C8C000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF012000 \SystemRoot\System32\ati2dvag.dll
    0xBF065000 \SystemRoot\System32\ati2cqag.dll
    0xBF0FE000 \SystemRoot\System32\atikvmag.dll
    0xBF182000 \SystemRoot\System32\atiok3x2.dll
    0xBF1CD000 \SystemRoot\System32\ati3duag.dll
    0xBF572000 \SystemRoot\System32\ativvaxx.dll
    0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
    0xAC160000 \SystemRoot\system32\DRIVERS\avgntflt.sys
    0xAC14C000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xF7872000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0xABE03000 \SystemRoot\system32\drivers\wdmaud.sys
    0xAC060000 \SystemRoot\system32\drivers\sysaudio.sys
    0xABB31000 \SystemRoot\system32\DRIVERS\mrxdav.sys
    0xF7BD4000 \SystemRoot\System32\Drivers\ParVdm.SYS
    0xABBD5000 \??\C:\windows\system32\drivers\cpuz133_x32.sys
    0xAB881000 \SystemRoot\system32\DRIVERS\srv.sys
    0xAB7A2000 \??\C:\windows\system32\drivers\PfModNT.sys
    0xAB559000 \SystemRoot\System32\Drivers\HTTP.sys
    0x7C900000 \WINDOWS\system32\ntdll.dll

    Processes (total 51):
    0 System Idle Process
    4 System
    724 C:\WINDOWS\system32\smss.exe
    772 csrss.exe
    812 C:\WINDOWS\system32\winlogon.exe
    856 C:\WINDOWS\system32\services.exe
    868 C:\WINDOWS\system32\lsass.exe
    1076 C:\WINDOWS\system32\ati2evxx.exe
    1096 C:\WINDOWS\system32\svchost.exe
    1164 svchost.exe
    1268 C:\WINDOWS\system32\svchost.exe
    1308 C:\WINDOWS\system32\svchost.exe
    1484 svchost.exe
    1556 svchost.exe
    1644 C:\WINDOWS\system32\ati2evxx.exe
    1792 C:\WINDOWS\system32\spoolsv.exe
    1836 C:\Program Files\Avira\AntiVir Desktop\sched.exe
    632 C:\WINDOWS\explorer.exe
    720 C:\WINDOWS\system32\TaskSwitch.exe
    740 C:\Program Files\Analog Devices\Core\smax4pnp.exe
    760 C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.exe
    752 C:\WINDOWS\system32\CTHELPER.EXE
    140 C:\Program Files\Lexmark 5400 Series\lxctmon.exe
    1128 C:\Program Files\Lexmark 5400 Series\ezprint.exe
    1244 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    1356 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    1408 C:\Program Files\RocketDock\RocketDock.exe
    1504 C:\Program Files\Bret Taylor\Stickies\Stickies.exe
    1736 C:\Program Files\Creative\SBAudigy4\Entertainment Center\RcMan.exe
    1940 C:\Program Files\Pando Networks\Media Booster\PMB.exe
    1664 C:\WINDOWS\system32\ctfmon.exe
    340 C:\Program Files\MagicDisc\MagicDisc.exe
    444 svchost.exe
    1524 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    1708 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1916 C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
    1996 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    2100 C:\WINDOWS\system32\CTSVCCDA.EXE
    2140 C:\Program Files\Java\jre6\bin\jqs.exe
    2172 C:\WINDOWS\system32\lxctcoms.exe
    2360 C:\WINDOWS\system32\PnkBstrA.exe
    2384 C:\Program Files\Spyware Doctor\pctsAuxs.exe
    2500 C:\WINDOWS\system32\svchost.exe
    3052 C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
    3068 alg.exe
    3096 C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
    3996 C:\WINDOWS\system32\wuauclt.exe
    2432 C:\Program Files\Internet Explorer\IEXPLORE.EXE
    208 C:\Program Files\Internet Explorer\IEXPLORE.EXE
    860 C:\Program Files\Internet Explorer\IEXPLORE.EXE
    2988 C:\Documents and Settings\Owner\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

    PhysicalDrive0 Model Number: MAXTORATLAS10K5_300SCA, Rev: JNZH

    Size Device Name MBR Status
    --------------------------------------------
    279 GB \\.\PhysicalDrive0 RE: Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


    Done!
    jpak88, Nov 24, 2010
    #80
Page 4 of 5
Topic Status:
Not open for further replies.

Add New Comment

Social Login & Guest Posting

TechSpot Members
Login here or sign up for free,
it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.