Almost everytime I try to click a link on google it gets redirected. I have read other topics on this issue and I think that I may be infected by a virus. HJT MBAM and SAS haven't found a trace of anything that may have caused this. CWShredder hasn't either. I have completed the 8 steps.
Inactive Google links keep on getting redirected to random websites
- Thread starter Pinoyboy1081
- Start date
- Status
Bobbye
Posts: 16,313 +36
You might want to look into a fully functional antivirus program instead of Threatfire- it supplements your existing security app.
Both of the following programs are free and known to be good:
Avira Free
Avast Home
Let's do an online AV scan first- not the usual order:
Run Eset NOD32 Online AntiVirus Scanner HERE
I'm not seeing any malware in these logs, but I am concerned about the 'AV' program.
Please don't make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!! DO NOT make any Registry Changes. And it is recommended that if you are running any Registry editing program, that you either uninstall or disable while we are in the cleaning process
By the way, any malware can cause search engine to redirect. It's not just Google- only that most people use it!
Edit: you used a Beta version of HijackThis. Please remove it and download the current version HERE as we will run it again.
Both of the following programs are free and known to be good:
Avira Free
Avast Home
Let's do an online AV scan first- not the usual order:
Run Eset NOD32 Online AntiVirus Scanner HERE
- Tick the box next to YES, I accept the Terms of Use.
- Click Start
- When asked, allow the Active X control to install
- Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
- Click Start
- Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
- Click Scan
- Wait for the scan to finish
- Re-enable your Antivirus software.
- A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
I'm not seeing any malware in these logs, but I am concerned about the 'AV' program.
Please don't make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!! DO NOT make any Registry Changes. And it is recommended that if you are running any Registry editing program, that you either uninstall or disable while we are in the cleaning process
By the way, any malware can cause search engine to redirect. It's not just Google- only that most people use it!
Edit: you used a Beta version of HijackThis. Please remove it and download the current version HERE as we will run it again.
Alright, the scan ended. The results are attached. I also have downloaded HJT.
Bobbye
Posts: 16,313 +36
We'll move the infections found by the Eset scanner:
Please download OTMovit by Old Timer and save to your desktop.
Be sure to reboot the system when through with the above: follow with:
Please downloadComboFixx HERE:
Leave theOTMoveItt report and thecombofixx report in your next reply. I'll see what else needs to be handles.
You should note that the source of mostooff the infection is music> this is why:
O4 - Startup:LimeWiree On Startuplnkk = D:\LimeWire\LimeWire.exe
P2P or 'filesharingWarningg:
Note: Even if you are using a "safe" P2P program, it is only the program that is safe. I suggest that you uninstall [bLimeWiree[/b] for the following reasons:
Please read the information on P2P Warning[urll] to help you better understand these dangers.
If you choose not to remove LimeWire, do NOT use it while I am helping clean your system.
Please download OTMovit by Old Timer and save to your desktop.
- Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
- Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
Code::Processes :Services :Reg :Files C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\2GMTQ233\n002106201318r0409J10000601W351462e7X943c57e6Ydf926948Z0100f0800 C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\4ELMIREA\n002106201318r0409J10000601W351462e7X943a4695Ydf926948Z0100f0800 C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\4ELMIREA\n002106201318r0409J10000601W351462e7X943a4695Ydf926948Z0100f0800[1] C:\WINDOWS\Temp\Qkkr.exe G:\Rap\imma jerk hot new track.mp3 G:\Rap\my time fabolous [new single].au;G :\Rap\man or machinedjj revolution (highbitratee).mp3 :Folders G:\fantasydavid fernandes.auu C:\Documents and SettingsNetworkServicee\Local Settings\Temporary Internet Files\Content.IE5\2GMTQ233\n002106201318r0409J10000601W351462e7X943c57eYdff926948Z0100f0800[1] G:\Rap\freestylelillwaynee - best track ever.mp3 G:\Rapimmaa jerk hot new track.mp3 G:\Rap\my timefabolouss [new single]auu :Folders: :Directory G:\fantasydavid fernandes.auu :Commands [purity] emptytempp] [start explorer] [Reboot] - Return toOTMoveItt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
- Click the red [bMoveitt![/b] button.
- A log of files and folders moved will be created in the c:_OTMoveIttMovedFiless folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
- Close [bOTMoveItt3[/b]
Be sure to reboot the system when through with the above: follow with:
Please downloadComboFixx HERE:
- WithComboFixx, at the download window, please rename it to Combo-Fix(exee) before downloading it.
Important! Save the renamed download to your desktop.
- Please disable all security programs, such asantivirusess,antispywaress, and firewalls.
- Double click on the setup file on the desktop to run
- If prompted to download and install the Recovery Console, please do so.
(Please note: If the Microsoft Windows Recovery Console is already installed,ComboFixx will continue it's malware removal procedures.) - If prompted to update, please allow.
- Click on Yes, to continue scanning for malware.
- When finished, it will produce a log.Please include the C:ComboFixxtxtt in your next reply.
1.Do not mouse-clickCombofix'ss window while it is running. That may cause it to stall.
2.ComboFixx may reset a number of Internet Explorer's settings.
3.Combofixx preventsautorunn of ALL CD, floppy and USB devices to assist with malware removal & increase security.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run.
Leave theOTMoveItt report and thecombofixx report in your next reply. I'll see what else needs to be handles.
You should note that the source of mostooff the infection is music> this is why:
O4 - Startup:LimeWiree On Startuplnkk = D:\LimeWire\LimeWire.exe
P2P or 'filesharingWarningg:
Note: Even if you are using a "safe" P2P program, it is only the program that is safe. I suggest that you uninstall [bLimeWiree[/b] for the following reasons:
- As long as you are using file sharing networks and programs which are from sources that are not documented, you cannot verity that a download is legitimate.
- Malware writers use these program to include malicious content.
- Fie sharing is usually unmonitored and there is a danger that your private files might be accessed.
- The 'sharing' also includes malware that the shared system has on it.
- Files that are illegal can be spread through file sharing.
Please read the information on P2P Warning[urll] to help you better understand these dangers.
If you choose not to remove LimeWire, do NOT use it while I am helping clean your system.
- Status
Similar threads
Latest posts
-
AMD Radeon RX 8000 RDNA 4 GPUs rumored to use slower 18 Gbps GDDR6 memory- MarcusNumb replied
-
SuperAntiSpyware problem- learninmypc replied
