Completed steps - logs for analysis

By andiejac ยท 10 replies
Jan 25, 2009
  1. I encountered a problem earlier today with what I believe to be a search engine redirect virus. When I would do a Google search and click on the site I wanted to go to, it would redirect me elsewhere.

    So, after doing a little research I ran into the steps for removing the virus/malware, and have followed all the steps.

    I am currently running Norton Antivirus. In addition to your analysis of the logs, I'd appreciate any recommendations about which antivirus you recommend for a home computer.

    Please let me know if you have any other questions. And thank you so much in advance for your assistance with this!
  2. kimsland

    kimsland Ex-TechSpotter Posts: 14,523

    Yes, does it actually run? It must be running slow with all that

    Here's the steps to recovery ;)

    Un-install Ad-Aware

    Uninstall Symantec (Norton) Antivirus
    Run the Norton Removal tool

    Run Startup Control Panel and remove any not required startups: (should be most!)

    Install Avira free AntiVirus

    Start up Malwarebytes again; Update it; then run a full scan (remove all found Malwares)
    You need to run this multiple times, until all hidden Malwares are uncovered and removed

    Repost the clean Malwarebytes log
    And the much smaller HJT log ;)
    Oh, and likely working perfectly computer results
  3. andiejac

    andiejac TS Rookie Topic Starter

    Thanks for your help - this is much appreciated. :)

    I've removed Ad-Aware and Norton, installed Avira and run Malwarebytes. There is nothing found in the Malwarebytes scan, but I'm still having the same issue with search engines redirecting.

    Attached are the new logs. Can you please advise the next steps?

    Thank you

    sorry - forgot to attach the logs. :)
  4. kimsland

    kimsland Ex-TechSpotter Posts: 14,523

    Please startup HJT Scan again and remove all the following entries (tick then press fix)
    Make sure your Internet browser is closed before pressing fix

    The following services, being automatically started, you may need to research as to why:
  5. andiejac

    andiejac TS Rookie Topic Starter

    followed next steps - search engine still redirecting

    I've "fixed" all the entries that you listed. Then I went back and reran Malwarebytes and HJT again. The logs are attached.

    My Google searches are still redirecting to incorrect sites. Also, I see for the first time that the Comodo firewall that I installed is blocking several "intrusion attempts". I don't know how to get a log to show you the specific information, however. If you think this information would be helpful, would you mind walking me through how to get it from Comodo?

    Let me know what are the next steps.

  6. andiejac

    andiejac TS Rookie Topic Starter

    Update - more info and new logs

    Well, I hope that I am not messing up my computer too bad, but I found some more things that I tried to fix. I am absolutely no expert, but just scouring the events from the last few days and trying desperately to get the security of my computer back in check.

    So, a few days ago I had an issue where my internet would not work at all. I called my service provider, went through the whole unplug and replug the ethernet cord, yada, yada. Nothing was working. Then for some reason I went to the Control Panel and Network Settings. I had 2 LANs, and both were showing as disabled. So I right clicked and enabled the first one, and then internet was back up and running. Problem fixed - or so I thought. :)

    Fast forward to yesterday when my Google searchs started redirecting. I did a little research, end up here and following all the recommended steps to remove the problem, but still Google redirects.

    So, after my last post I starting thinking about the LAN issues again and think that this all must be connected somehow. So, go to Control Panel and Network Connections. There are 3 icons.

    First is "Internet Connection" under the heading "Internet Gateway". This shows disabled. But when I look at the Properties and Advanced Settings, I see "Services - Select the services running on your network that Internet users can access." And there are 2 selected listings for Skype. I disabled both.

    Second is LAN - showing connected, firewall working.

    Third is LAN-3 (or something to that effect - I didn't take a screen shot and now it's gone). This one show disconnected, but when looking at the Properties the Windows firewall is turned off. I turn it back on.

    So then I decide to just uninstall Skype, and while I'm at it I will uninstall VPN since I can't seem to get that entry off the HJT log. Uninstalling VPN also (I think) got rid of the questionable Cisco entry in the log.

    Then I rebooted, checked the Network Connections and the LAN-3 is now completely missing. (Correction - I am still being redirected! Except that instead of the Google search listing a bogus website in the search result, it now just brings up the bogus site when clicking on the actual name of the website that I want to go to!)

    Attached are the new logs after I did all the tweaking indicated above. Please let me know if anyone has any advice or information that will help to make sure that this is resolved & that I don't mess up my computer too bad.

  7. kimsland

    kimsland Ex-TechSpotter Posts: 14,523

    These are the only ones that are not needed and can cause issues:
    Personally I'd fix and remove them
    Then Uninstall Google with it, from Add\Remove programs

    Look if after doing the above it still doesn't help, do this ;)

    Download Combofix
    Lots of info on its use h e r e
    Direct download h e r e

    Save it to a location that you can easily find later (in Safe Mode) ie directly to C drive

    Restart your computer to Safe Mode (by repeatedly pressing F8 on your keyboard before Windows starts)
    Log into your Administrator account
    Locate the previously downloaded Combofix
    Double click on it to run, answering any prompts along the way
    Note: during Combofix scan (lasting up to 10mins) your Desktop and clock may reset (all normal)

    Once Combofix has finished, save the log file to be attached to a new reply
    Restart back to Normal mode, and attach the Combofix log
  8. andiejac

    andiejac TS Rookie Topic Starter

    no more redirect & combofix log attached

    First - thank you so much for the wonderful service that you all provide. I really appreciate the help and don't know what I would have done without you in this situation!

    Here's what I've done.

    First, I fixed the HTJ entries that you indicated. A few kept creeping back into the logs, again and again. And Google was still redirecting.

    Then I decided to go ahead with the removal of all programs related to Google, as well as a few other unnecessary programs. 1 program called Google AFE would not uninstall (and still won't).

    From there, I followed the steps to run Combofix in safe mode. Although, I could not for the life of me figure out how to get Avira and Comodo disabled from safe mode. So I ended up uninstalling both while I ran Combofix (and have now reinstalled).

    I am happy to report that I am no longer having the redirect issue! And I am hoping that all is well from here. Please find the Combofix log attached. Please let me know what you recommend from here.

    Also, one last question. I have to report the virus to my place of employment since I use have used VPN to log into my work computer. Is there any way to tell what specific file(s) or virus(es) were the issue? Any information that you can provide will help greatly.

    Thanks again for your superb service!
  9. kimsland

    kimsland Ex-TechSpotter Posts: 14,523

    You had Trojan/Backdoor Win32.X Malware (Note this is a very general name)
    You also had BHO toolbar infection in your Browser either installed automatically from Malware infection, or allowed through a popup that you may have installed

    This was caused by not having an adequate Antivirus sofware installed (originally)
    And basically infections can come from anywhere

    Anyone can get infected, even Antivirus companies, even Microsoft
    To avoid infection can be quite involved to explain. But generally Safe Surfing is the highest importance. ie I never get infected, and my security is low
  10. andiejac

    andiejac TS Rookie Topic Starter

    thank you

    Thanks for the information, I will report this information to my company.

    Also, wondering if based on the Combofix logs that you see anything more that I need to do? I want to make sure that I've gotten everything that may still be on my machine before I start reinstalling any more programs. :)
  11. andiejac

    andiejac TS Rookie Topic Starter

    can anyone confirm the combofix results for me?

    just checking back to see if anyone can five me next steps based on the combofix log that I posted. Any help is greatly appreciated!

Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...