Another case of google redirect

Status
Not open for further replies.
Hi,

I haven't checked if it's happening to IE, but my google results in Chrome are being redirected to sites that are completely unrelated to what I am searching for. When I tried to reboot in Safe Mode to run MalwareBytes and SuperAntiSpyware, I get a blue screen talking about a page fault error. I ran those programs in normal mode.
I've run the 8 steps and the logs are posted below.

Thanks for your help.
 
I'm having one of those deja vous moments! I answered this earlier but I must have previewed the reply and forgotten to post it- again!!

So to repeat: Welcome to TechSpot, cotes. I'll help you with the malware. My apology for the delay- this is a busy place!

I remember saying that Normal Mode was what should be used. That we only use Safe Mode for these 3 programs if someone can't us Normal Mode!!

I told you that you have some Vundo malware entries. So if you still need help, I'd like you to run this:
Please download ComboFix HERE:
  • With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.
  • Please disable all security programs, such as antiviruses, antispywares, and firewalls. Also disable your internet connection.
  • Run Combo-Fix.exe and follow the prompts.
    (Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.)
  • Wait for the scan to be completed.
  • If it requires a reboot, please do it.
• After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt)

Notes:

  • 1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

When finished, please rescan with HijackThis and include a new log and the Combofix report in next reply!

Whew!
 
Thanks for the info. I guess it does seem like you're fixing the same problem in the past couple of days. Some more information and unfortunately sad news, I noticed that whenever I scanned with Avast, it would flag my Eudora outbox file as well as the backup, as having Spoofing.gen in there. I ignored it most of the time, but I decided to delete those files. That seems to have really broken things because when I restarted my computer, I get the BSOD saying there's a page fault error. So now I can't get past the bootup screen.

I'm thinking about using a recovery disk to reinstall XP and then going ahead with ComboFix. Would that be ok or has the situation changed?

Thanks,
cotes
 
Oh my goodness! Here's information about the Spoofing.gen:
http://www.avira.com/en/threats/section/fulldetails/id_vir/4139/html_spoofing.gen.html

Then looking up "AHeAD Heuristic special detection" gives the following:
http://www.avira.com/en/threats/section/fulldetails/id_vir/2704/heur_crypted.html

Did you try booting right into Safe Mode? If not, give it a try:

Boot into Safe Mode
  • Restart your computer and start pressing the F8 key on your keyboard.
  • Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.

Let me know if you can and I'll try to take you further.

A word of caution for the future: Avast flagging your Outbox AND backup don't make a lot of sense. Please Avast has a problem with False Positives in the past couple of days. That cause a lots of grief- you can see those post here- until Avast corrected their virus definitions.

So before you delete anything, make sure it's the right thing to do.
 
Status
Not open for further replies.
Back