Google Redirect and Avast not updating

[Zucye]

My google search results page, are redirecting me to different sites, after FireFox was abruptly restarted. This started happening in all my user accounts. First FireFox restarts and then all searches are redirected. I downloaded Ad-Aware and didn't find anything but a few tracking cookies that got deleted. I also run the Avast antivirus (which is been running for a couple of years) and I notice 2 thing; the Avast icon in the task bar is gone and I can't longer update Avast.(Ad-Aware can't be updated either) Never the least I runned avast at boot and while in the administrator account and it didn't find any viruses.

I Downloaded 7770finder. Which found a problem and I delete it. After that I was able to use google without being redirected for a few minutes, but then FireFox abruptly restarted again and the symptoms started right back.

I also downloades and run: Malwarebytes, SuperantySpyware (found: gec_logging[1]. htm and gpl_lp[1]. js - were removed) and unistalled and re-intalled Avast. I tried ComboFix but I can't make it run. It does not even let me acces the download site: bleepingcomputer (I had to download the program to a usb drive to put it in the laptop)

In Advance thanks for your Time!
Zucye

LATEST LOGS IN POST #4

 

[Zucye]

I responded to my own topic, not to bump it, but because I have made some progress. I think the problem is partially solved. But I still might be infected and I need someone to look at my log. Please Help!

I uninstalled all my virus and spyware removal tools and ran once again "7770finder" with following parameters "7770FINDER.exe /r /p c:\" for a full drive scan. As before it found "csfici.lgy" in the windows file. Which I had previously deleted. I renamed it to “csficiZucye.lgy” and Even though another one re-appeared shortly after, the new “csfici.lgy” is only 1 kb. And the redirection has stopped. Also, after uninstalling the virus and spyare tools. I was able to run "ComboFix", but I am kind of scare to use it without guidance. So far I have only re-installed AVAST (the anti virus). I don't know if my computer is clean now, but at least the redirection is gone.

Any suggestions as to what to next to see if there is still a virus in the computer. Avast is not picking anything (but it didn't before either). As for the icon for Avast not appearing in the task bar and not updating, I think it was a conflict between Avast and Ad-Aware.

 

[kimsland]

Maybe read here https://www.techspot.com/vb/post733954-4.html

And here: UPDATED 8-step Viruses/Spyware/Malware Preliminary Removal Instructions

I think you may have missed a couple of steps

 

[Zucye]

8 Steps Completed

I Completed the 8 Steps as suggested. Logs are attached

 

[kimsland]

Download Combofix
Lots of info on its use h e r e
Direct download h e r e

Locate the downloaded Combofix. Double click on it to run, answering any prompts along the way
Note: during Combofix scan (lasting up to 10mins) your Desktop and clock may reset (all normal)
ComboFix will also restart your computer (eventually) and then (eventually) create a log

Save this log file to be attached to a new reply

Restart

Then do another scan with HJT (scan and log file) and attach this to a new reply as well

 

[Zucye]

After step #4 ran Avast for another full scan with the following results.
4/3/2009 3:07:34 AM Admin 1032 Sign of "Win32:KillAV-KS [Trj]" has been found in "C:\Documents and Settings\SUSY\Local Settings\Temporary Internet Files\Content.IE5\X8JEI0BJ\g6[1].exe\[UPX]" file. - It was successfully removed.

Ran Combofix and after it restarted. I got the following message:
Windows cannot find 'NIRCMD.COM'

I restarted the computer manually again and everything seems to be working fine.

 

[kimsland]

Google Redirect and Avast not updating

Looks to be resolved

Can you now update Avast and run a full scan?


Clear & Reset System Restore's Cache

Go to Start >> Run - type or copy/paste control sysdm.cpl,,4 and then press Enter
* Tick on the checkbox - Turn off System Restore on all drives
* Click Apply
Turn it back 'On' by unticking the same checkbox & click Apply, and then OK

Fix System Restore
https://www.techspot.com/vb/topic123379.html


Un-install Combofix

• Click START then RUN
• Now type Combofix /u in the runbox and click OK
• 
• When shown the disclaimer, Select "2"

(Note: 1 space after ComboFix in that uninstall command)

 

[Zucye]

Yes I am able to update Avast now and google is not redirecting so far.

I uninstalled combofix and did the Clear Reset System Restore

Do the logs look ok? Nothing weird going on?

Which spyware should I keep? or should I install something else besides Avast. I don't want to install Ad-Aware again as I feel that was part of the problem. Any suggestion are appreciated.

Please Advice!

 

[riley17]

Alright mate, ive got the exact same problem as you. Could you just sum up how you solved it as i got a little lost reading through here!

Thanks

 

[kimsland]

Yes here you go

Maybe read here https://www.techspot.com/vb/post733954-4.html

And here: UPDATED 8-step Viruses/Spyware/Malware Preliminary Removal Instructions

I think you may have missed a couple of steps

Actually this one will be the most valuable one for you

=> How to post a New Thread

 

[kimsland]

Zucye, yes your logs look ok

I use free Avira Antivirus, but Avast! is just as good

As for programs to keep, there have been other threads on this
Personally I see no reason to have all these bundles of programs starting with Windows

I believe a scan with updated Malwarebytes and SuperAntispyware every now and then is good
It all comes down to your browsing habits, ie I don't get Malware

Edit: And stop quoting yourself

 

[Zucye]

Thanks Kimsland! And sorry about that!
Have a great weekend!

Thanks againg for the Help :wave:

 

[glitter99]

same problem with google redirect and avast not updating

Hi,
I'm new to these boards and very new at trying to fix my own computer. A few weeks ago google started to redirect me whenever I clicked on a result in the web search. It was usually to another search site. If I back clicked I could sometimes get to the page I wanted. Antivir found a trojan called TR/ATRAPS.Gen located in documents and settings\amanda\local settings\ncfl.hvx. If I deleted it or quarantined it, it kept reappearing and I was getting notices all the time. Then I got blocked from checking computer help website as all my web browsers would crash. So I took my computer in to a computer shop to be "cleaned". The removed Antivir and my computer was better for a week. I replaced Antivir and it wouldn't update so I removed it and added avast and it wouldn't update. I could go to the website and download updates manually though. Google started redirecting me again yesterday and avast found the same ncfl.hvx files times 3 and quarantined them. With avast running in the background my computer seems to be ok.

I followed all the instructions in the updates 8 step malware removal and here are the logs. Can someone please make sure my computer is finally fixed? Thanks, I greatly appreciate your help and skill.