Search Page links redirected

[xlbo]

Hi - seem to have an issue with all search page links being redirected to other pages. Most of the time it is to something that is vaguely related to the search itself but not always

I've followed the 8 steps guide and have Malwarebytes, SuperAntiSpyware and HJT logs.

As a note, I had to change the name of the Malwarebytes and HJT program files as whatver has infected my system seems to prevent .exe files with those specific names from running

As of the latest run through, google links are now working again but I'm concerned that the infection will come back on reboot so would appreciate it if someone could have a look at the log files and let me know

Rgds

Geoff

 

[xlbo]

Update

Update - infection has returned - was ok after 1 reboot but is now back again.

Main symptoms are redirecting of search page links and not allowing Malwarebytes / HJT to run under their default file names

New logs attached after running avira, malwarebytes & superantispyware

MWB says it finds and removes a trojan. SAS says it finds and removes a rootkit - have ok'd actions to do this on each of those 2. Have run HJT and attached the log - no action taken on that yet though

Any help would be much appreciated

Rgds

Geoff

 

[PanicSchmanik]

I have/had a similar problem, maybe I can help out. (Nothing professional, though.)

Go to C\Windows\System32 >

Make it so you get a detailed list, then click on DateModified

Look for the time when you got the problem.


If you see anything like this:

uacbbr.dll
UAClbvxdmdulkrsjgrovo.dll

(Basically anthing starting with uac)

Then you probably have the same thing as me. I found that deleting some of these files stopped the search engine redirect, though I could not remove all of them.

---

Besides that, while surfing for that uacbbr thing, I found this program called "Prevx". It allows you to scan your pc for malware and found amongst other things, the UAC stuff, which my McAfee doesn't pick up. Maybe that program can help you.

(Actually removing stuff isn't free, but at least it could help you identify malware.)

 

[xlbo]

Potentially fixed

Thanks for the response - actually managed to find a link that seemed to to the job - not allowed to post the link because I don;t have enough posts though!

The virus was: msivxserv - for anyone reading this, if you google that name, there is a specific how to remove guide near the top of the returned links

Followed the steps and all seems clean now - even after multiple reboots Have done a final HJT log - could someone confirm if it is clean?

Cheers

Geoff