Another Google redirect, but cant load MBAM or SAS

Hi there - I'm posting behalf of my son, who's away at university & seems to have a pretty severe version of the Google redirect virus on his laptop. I'm doing it because his web access is so limited he cannot get here! He also cannot load MBAM or SAS as proposed by the 8Step Anti-Malware process, as he gets redirected every time he goes to the sites.

He has managed to run HJT & the log is attached

Does anybody have any clues what he should do next?

Peter

Peter, do a search on this site and you will see that several folks have had a similar problem. The guys here have done a very nice job of figuring out what needs to be done and how to go about doing it. In a nutshell, you need to download SAS and MBAM from www.download.com. The bug won't allow you to run those programs as they are, however, so you'll need to rename them before attempting to run them. All of this must be done with your active anti-virus software disabled (the existing threads have instructions on doing this, depending on your software). Once you run those, you should be cleaned-up enough to update them, then run them again.

Mike helped me in the thread entitled "Another bratsk hit", and I had him dumb-down the intructions for me, so they are fairly easy to follow.

It's a pain in the backside, but the good news is that it appears to be fixable.

Hi PChivers1

Special case where after installing MBAM and SAS they will not update or run.

Run this process only after you have installed MBAM and SAS and they will not update or run! They must be installed!!!!!!!

I have written a BFU script and a couple of batch files to:
1. Rip out Antivirus 2009, delete many other known bad files
2. Repair disabled Regedit, Taskmgr CMD etc.
3. Defaults the HOSTS file
4. Deeply cleans Temps both Windows and Internet
5. Renames MBAM and SAS (actually copies to this name so we still have the original name also) and puts Shortcuts on Desktop
Plus more.

To do this open the Attachment Fixit and download to desktop then Dbl click to Extract the Zip, it will create a Fixit folder on the Desktop (later when clean you may delete both of these). If it will not extract then RENAME IT FROM FIXIT.ZIP to FIXIT.EXE and it will self extract.

Dbl Click the Fixit Folder to enter it. Dbl click only the Fixit.cmd it will run if any Virus/Malware or Firewall asks about it, all must be allowed answer any prompts.

It will reboot your computer when it finishes.

Once back to Desktop.

Run only the runmbam and sas shortcuts until issues fixed then you may go back to the original shortcuts.

Remember to update and do the below special settings before Scanning.
Then post the logs on each run repeat the run until the log says clean or finds something it can not fix! Begin with runmbam then repeat with sas.

Dbl click the runmbam icon.
When it opens do not scan first UPDATE then click settings and confirm all checked if not check them. The click Scanner Tab chose Full scan the confirm your windows drive is selected/checked then click start Scan.

SuperAntispyware (sas) config

Before clicking Scan, UPDATE then click Preferences then Scanning Control.
Check all items except the 3rd item (Ignore System Restore......)
Click Close button to exit control center.
On main screen, Scan for Harmful Software click Scan your computer.
On the left check C:\Fixed Drive.
On the right, under Complete Scan, choose Perform Complete Scan.
Click Next to start the scan.

It will take while as it scans your computer.

After the scan, a summary box will popup. Click OK.
Make sure all in the white box has a check next to it, click Next. Then click to remove all
It will quarantine what it found, and pop up a log file. Attach log file back to Thread.

If asked to reboot, click Yes. When back up repeat again until clean posting logs each time!

Mike

Edit: Due to issues with the other Fixit.zip this is a new one (a self extracting exe) so must be renamed Fixit.exe before it will run

Download Here: -> View attachment Fixit.zip