Google redirect... again
- Thread starter yinato
- Start date
- Status
Again?
When/Where were you helped before?
You are running two Antivirus softwares:
Norton and AVG9
I personally don't like either of them, but you need to decide on one or the other, and then uninstall the one you don't want
After uninstalling them you need to run the Removal Tools as well (as both those Antiviruses will not uninstall properly without it)
AVG Remover: http://www.avg.com/filedir/util/support/avgremover_en.exe
Norton Removal Tool: ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe
Note: my preference is free Avira Antivirus: http://www.free-av.com/
If you decide to download and install this one, you will need to do a full scan as well (to pick up the things Norton and AVG missed)
Plus you are best to update Malwarebytes again, and run another quick scan
After that restart, and provide the new HJT and Malwarebytes log
And how its now performing as well
Edit:
Also startup HJT straight away and tick these 4: Then select Fix
When/Where were you helped before?
You are running two Antivirus softwares:
Norton and AVG9
I personally don't like either of them, but you need to decide on one or the other, and then uninstall the one you don't want
After uninstalling them you need to run the Removal Tools as well (as both those Antiviruses will not uninstall properly without it)
AVG Remover: http://www.avg.com/filedir/util/support/avgremover_en.exe
Norton Removal Tool: ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe
Note: my preference is free Avira Antivirus: http://www.free-av.com/
If you decide to download and install this one, you will need to do a full scan as well (to pick up the things Norton and AVG missed)
Plus you are best to update Malwarebytes again, and run another quick scan
After that restart, and provide the new HJT and Malwarebytes log
And how its now performing as well
Edit:
Also startup HJT straight away and tick these 4: Then select Fix
DOH! I forgot to say run IE Reset
Try IE Reset Fixit Tool:
Or manually from here https://www.techspot.com/vb/post682762-2.html
Then restart Internet Explorer and run through the basic settings
-------------
ComboFix Instructions
Please download ComboFix from HERE or HERE to your Desktop.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**
If you still cannot get this to run, try booting into Safe Mode, and run it there.
To boot into Safe Mode, tap F8 after BIOS, and just before the Windows logo appears. A list of options will appear, select "Safe Mode."
If this doesn't work either, try the same method (above method), but name Combofix.exe to iexplore.exe instead, or winlogon.exe..
This because It also happens in some cases that malware blocks EVERY process except for what is in its own whitelist, so this whitelist also includes system important processes such as iexplore.exe, explorer.exe, winlogon.exe...
-------------
Also why are you not running SP3 ?
Try IE Reset Fixit Tool:
Or manually from here https://www.techspot.com/vb/post682762-2.html
Then restart Internet Explorer and run through the basic settings
-------------
ComboFix Instructions
Please download ComboFix from HERE or HERE to your Desktop.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**
- If you are using Firefox, make sure that your download settings are as follows:
- Tools->Options->Main tab
- Set to "Always ask me where to Save the files".
- During the download, rename Combofix to Combo-Fix as follows:
- It is important you rename Combofix during the download, but not after.
- Please do not rename Combofix to other names, but only to the one indicated.
- Close any open browsers.
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
- Close any open browsers.
- WARNING Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
- Double click on combo-Fix.exe & follow the prompts.
- When finished, it will produce a report for you.
- Please attach the Combo-Fix log along with a new HijackThis log for further review. (Note You should Restart first)
If you still cannot get this to run, try booting into Safe Mode, and run it there.
To boot into Safe Mode, tap F8 after BIOS, and just before the Windows logo appears. A list of options will appear, select "Safe Mode."
If this doesn't work either, try the same method (above method), but name Combofix.exe to iexplore.exe instead, or winlogon.exe..
This because It also happens in some cases that malware blocks EVERY process except for what is in its own whitelist, so this whitelist also includes system important processes such as iexplore.exe, explorer.exe, winlogon.exe...
-------------
Also why are you not running SP3 ?
Yes run the "Manual" IE Fix before anything else 
SP3 = Service Pack 3
Which is an automatic required update by MS for all users to stay safe and have Windows working optimally
You can read more about SP3 here: http://support.microsoft.com/kb/936929
SP3 = Service Pack 3
Which is an automatic required update by MS for all users to stay safe and have Windows working optimally
You can read more about SP3 here: http://support.microsoft.com/kb/936929
Yes
Yes it is lol
IE6 is very old, its so old that its outdated now, meaning really we all updated a long time ago
As Windows and IE is not up to date, its no wonder you are infected
Not only that, but if you were given support, then the support member definitely would have stated to update (otherwise it wasn't really good)
We have to do it manually
Please start up HijackThis and do a scan only
Place a check (tick) next to the following and then select Fix (making sure that IE6 and all other programs are closed first)
Yes it is
lol IE6 is very old, its so old that its outdated now, meaning really we all updated a long time ago
As Windows and IE is not up to date, its no wonder you are infected
Not only that, but if you were given support, then the support member definitely would have stated to update (otherwise it wasn't really good)
We have to do it manually
Please start up HijackThis and do a scan only
Place a check (tick) next to the following and then select Fix (making sure that IE6 and all other programs are closed first)
I think I got them all
I must sign off
So here are some steps you need to do anyway
------------------
Download TFC to your desktop
TFC only cleans temp folders. TFC will not clean URL history, prefetch, or cookies. Depending on how often someone cleans their temp folders, their system hardware, and how many accounts are present, it can take anywhere from a few seconds to a minute or more. TFC will completely clear all temp files where other temp file cleaners may fail. TFC requires a reboot immediately after running. Be sure to save any unsaved work before running TFC.
TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder.
------------------
Uninstall Combofix
Start > Run > Combofix /Uninstall > ok
Note: Combofix will look as though its going to scan again (it won't) It will just uninstall
------------------
You may want to update to a more secure Hosts file
There's lots of important info on that here: http://www.mvps.org/winhelp2002/hosts.htm
As it's difficult to see the actual download, here it is: http://www.mvps.org/winhelp2002/hosts.zip
Important! Windows Vista requires special instructions: http://www.mvps.org/winhelp2002/hostsvista.htm
Simply download the hosts.zip file, extract, then run mvps.bat, then restart
------------------
Clear system restore points
------------------
Update Java by clicking here: http://java.com/en/download/installed.jsp?detect=jre&try=1
Then download and run JavaRa
This will remove all your old Java stuff (that is not required)
------------------
Restart
Report how everything is running well
------------------
If all seems well, I'd suggest updating to SP3 (but it may be best to uninstall AVG and run the removal tool first > then restart > then update)
SP3: http://www.microsoft.com/windows/products/windowsxp/sp3/default.mspx
------------------
Also update to Internet Explorer 8: http://go.microsoft.com/fwlink/?LinkID=142198
So here are some steps you need to do anyway
------------------
Download TFC to your desktop
- Open the file and close any other windows.
- It will close all programs itself when run, make sure to let it run uninterrupted.
- Click the Start button to begin the process. The program should not take long to finish its job
- Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean
TFC only cleans temp folders. TFC will not clean URL history, prefetch, or cookies. Depending on how often someone cleans their temp folders, their system hardware, and how many accounts are present, it can take anywhere from a few seconds to a minute or more. TFC will completely clear all temp files where other temp file cleaners may fail. TFC requires a reboot immediately after running. Be sure to save any unsaved work before running TFC.
TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder.
------------------
Uninstall Combofix
Start > Run > Combofix /Uninstall > ok
Note: Combofix will look as though its going to scan again (it won't) It will just uninstall
------------------
You may want to update to a more secure Hosts file
There's lots of important info on that here: http://www.mvps.org/winhelp2002/hosts.htm
As it's difficult to see the actual download, here it is: http://www.mvps.org/winhelp2002/hosts.zip
Important! Windows Vista requires special instructions: http://www.mvps.org/winhelp2002/hostsvista.htm
Simply download the hosts.zip file, extract, then run mvps.bat, then restart
------------------
Clear system restore points
Clear your existing system restore points and establish a new clean restore point:- Go to Start > All Programs > Accessories > System Tools > System Restore
- Select Create a restore point, and Ok it.
- Next, go to Start > Run and type in cleanmgr
- Select the More options tab
- Choose the option to clean up system restore and OK it.
------------------
Update Java by clicking here: http://java.com/en/download/installed.jsp?detect=jre&try=1
Then download and run JavaRa
This will remove all your old Java stuff (that is not required)
------------------
Restart
Report how everything is running well
------------------
If all seems well, I'd suggest updating to SP3 (but it may be best to uninstall AVG and run the removal tool first > then restart > then update
)SP3: http://www.microsoft.com/windows/products/windowsxp/sp3/default.mspx
------------------
Also update to Internet Explorer 8: http://go.microsoft.com/fwlink/?LinkID=142198
Seems you have installed AVG8 then AVG9 in the last month
Is AVG9 the free version?
If so, as stated above you may want to uninstall it then run the removal tool > then restart. Before updating to SP3
Also you missed a couple of removals in HJT: (just start HJT and fix those 2)
You have a file running here: c:\windows\system32\33D654663A.sys
That does not come up with anything known, I suspect it may be Malware
Please locate the file and rename it to: 33D654663A.sysOLD
Then Restart
Is AVG9 the free version?
If so, as stated above you may want to uninstall it then run the removal tool > then restart. Before updating to SP3
Also you missed a couple of removals in HJT: (just start HJT and fix those 2)
You have a file running here: c:\windows\system32\33D654663A.sys
That does not come up with anything known, I suspect it may be Malware
Please locate the file and rename it to: 33D654663A.sysOLD
Then Restart
okay, I've removed AVG and reset my computer. I haven't tried searching on google, as I don't have an anti virus right now(downloading avira as I type), but my computer is running quickly. Also, I can't seem to get Sp3
----------------------------
just finished downloading Avira but I keep getting Cannot find server page when I try to download SP3
----------------------------
just finished downloading Avira but I keep getting Cannot find server page when I try to download SP3
That may help
If not then you may need to provide another HJT log
Okay, I've done everything but upgrade to IE 8 and download SP3, I've attached the HJT log. Do I need to include the Avira virus scan log as well?
----
btw, I want to upgrade IE 8 at the every end if possible since the last time I upgraded my IE browser, i had the hal.dll error
----
btw, I want to upgrade IE 8 at the every end if possible since the last time I upgraded my IE browser, i had the hal.dll error
Wow...I just tried to use google search engine to see if the problem was fixed, and it isn't, but I did find out when this problem last occurred by typing yinato and combofix... it turns out this exact event happened on november 13 last year:dead:... and I got the virus this year on the 14th
There is no Malware in your log
But Symantec (Norton) still persists, plus a couple of others not required
Start up HJT and run a scan only, place a tick next to the following and then select FIX:
The following could also be the culprit, but again, they are not Malware as such
I don't believe they need to be running, or even installed
You might want to check Add/Remove programs to uninstall it, and/or FIX them in HJT as well:
So you did do an updated Avira full scan?
If not then definitely do it, if so (as you already stated) I expect that Avira found something ? to remove, and it did
Restart
What is happening now? You stated you are still being redirected?
Which page exactly is being re-directed? All does look fine at the moment
But Symantec (Norton) still persists, plus a couple of others not required
Start up HJT and run a scan only, place a tick next to the following and then select FIX:
The following could also be the culprit, but again, they are not Malware as such
I don't believe they need to be running, or even installed
You might want to check Add/Remove programs to uninstall it, and/or FIX them in HJT as well:
So you did do an updated Avira full scan?
If not then definitely do it, if so (as you already stated) I expect that Avira found something ? to remove, and it did
Restart
What is happening now? You stated you are still being redirected?
Which page exactly is being re-directed? All does look fine at the moment
Here's the log that I got from Avira and a HJT log i just got. I updated avira as well. Also, I'm still being redirected while using google. I'm gong to reboot my computer now and repost a new log.
---------------------------
I've noticed that symantec keeps popping up even though I use HJT. I've fixed it 4 times.
---------------------------
I've noticed that symantec keeps popping up even though I use HJT. I've fixed it 4 times.
- Status
