Google redirect + other trojans

Status
Not open for further replies.

tjs2009

Posts: 10   +0
Hi, firstly thanks for taking the time to read this. I have followed the 8 steps and will attach the logs below.

I originally had a virus about a week ago which asked me to install fake anti virus software. I attempted to get rid of this virus myself, which appeared to work apart from now google redirects me to incorrect websites such as http://newserversearch.com/

Today i had an alert from avg anti virus that a threat was detected which was as follows.

15/12/2009 17:00:44 SYSTEM 1568 Sign of "Win32:Lordpatch [Trj]" has been found in "C:\System Volume Information\_restore{F90662A0-9461-4B96-B841-3F0EAFF87ED0}\RP1\A0000045.exe" file.
15/12/2009 17:00:39 SYSTEM 1568 Sign of "Win32:Trojan-gen" has been found in "C:\Qoobox\Quarantine\C\WINDOWS\system32\jganowlh.dll.vir" file.
15/12/2009 17:00:31 SYSTEM 1568 Sign of "Win32:Trojan-gen" has been found in "C:\Qoobox\Quarantine\C\WINDOWS\system32\fvmyxhxc.dll.vir" file.
15/12/2009 16:58:22 SYSTEM 1568 Sign of "Win32:Lordpatch [Trj]" has been found in "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Patch.exe" file.


Occasionaly i think i have got rid of the virus but it only returns, frustratingly.
I have attached my logs. No viruses were found, but as i said they it reappears once removed so i must be missing something.

Let me know if theres anything else i can provide.
 
I had the newserversearch thing happen to me myself just recently. I've tried scanning it with everything and I couldn't remove it, but I seem to have found a "temporary" solution. One thing I noticed is that my Internet Explorer and Firefox both seem to change "newserversearch" into some random anagram. Another thing I noticed is that my Google Chrome was not affected. My only choice was to either abandon Firefox and all the add-ons and use Google Chrome, or find a solution. I decided to rename my firefox.exe into something else just to see if the problem persisted. And lo and behold, the damn bastard finally stopped redirecting my links. So although it may not completely remove the problem, you'll hopefully still have your favorite browser back in working order.
 
noob, please watch your language. you still have your malware. IF you want help, pelase start a new thread and follow the steps HERE.

tjs2009, I can't make much sense out of the antivirus log- it goes back to 2002. Suggest you delete it and start new one.

However, it appears that the malware is in the restore points. That usually happens. Yous system is safe as long as you don't use system Restore- for now. I'll have you remove the old restore points at the end of the cleaning.

"Qoobox" is the name of the folder that Combofix puts the quarantined entries. It gets removed which Combofix is uninstslled. Ether you ran this on your own, or someone forgot to have you uninstall it. The system is safe however, and I'll have you delete it later.

The AVG v7.5 is of concern. !. Because it's patched and 2. Because that version is no longer supported. If this is the antivirus program you are using, update immediately.


I'd like a HijackThis log from you please. So run that and include log.

Also do online virus scan:
Run Eset NOD32 Online AntiVirus Scanner HERE

Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the Active X control to install
  • Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
  • Click Start
  • Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
  • Click Scan
  • Wait for the scan to finish
  • Re-enable your Antivirus software.
  • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
Put HJT log and Eset log in your next reply- We'll go from there.
 
That random anagram seems familiar!. occasionaly I think I have finnaly ridden myself of this plague and can search fine, then it reappears.

I have searched endlessly on my drives with various different virus scanners but it always comes back.

Hopefully someone knows whats going on?



EDIT---------------------

Just seen the new post, thank you for the reply. I thought i attached the hijackthis log, i will run a new one now since i am on a fresh boot and upload it. I will update AVG now also.

I ran the combofix program myself. Apologies if that makes this any more complicated.

I will also run that online anti virus program and report the log of that.
 
Eset scanner found one threat, but i think it might just be a false alarm?

C:\Poker\William Hill Poker\_Williamhill.exe a variant of Win32/PTCasino application cleaned by deleting - quarantined
 
Status
Not open for further replies.
Back