I was having problems with search engines results redirecting me to bogus websites. It was kind of off and on. Sometimes everything worked fine, sometimes it would redirect but after a couple tries clicking the link it would find the real website, and sometimes I just plain couldn't get to the real website at all. I went through the 8 steps and everything seems to be okay now, but I figured I better post my logs just for good measure, thanks.
Google redirect virus, 8 steps completed, logs attached
- Thread starter esmac1988
- Start date
- Status
Bobbye
Posts: 16,313 +36
One of your [problems may have been resolved, but the system still has a considerable amount of malware active:
Please download GMER and save it to your desktop. (This file will have a random name)
Two other links for the download should you need one:
Link 2
Link 3
Please attach the log with your next reply
After that, Please download ComboFix HERE:
Attach both reports to your next reply.
DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!! DO NOT make any Registry Changes. And it is recommended that if you are running any Registry editing program, that you either uninstall or disable while we are in the cleaning process
Please download GMER and save it to your desktop. (This file will have a random name)
Two other links for the download should you need one:
Link 2
Link 3
- Disconnect from the Internet and close all running programs.
- Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
- Double-click on the randomly named GMER file and allow the gmer.sys driver to load if asked.
- Select Rootkit tab> click Scan
- If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system click NO.
- When scan is completed, click Save button, and save the results as gmer.log
- Exit GMER and re-enable all active protection when done.
- If you encounter any problems, try running GMER in Safe Mode.
Please attach the log with your next reply
After that, Please download ComboFix HERE:
- With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.
Important! Save the renamed download to your desktop.
- Please disable all security programs, such as antiviruses, antispywares, and firewalls.
- Double click on the setup file on the desktop to run
- If prompted to download and install the Recovery Console, please do so.
(Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.) - If prompted to update, please allow.
- Click on Yes, to continue scanning for malware.
- When finished, it will produce a log.Please include the C:\ComboFix.txt in your next reply.
1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run.
Attach both reports to your next reply.
DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!! DO NOT make any Registry Changes. And it is recommended that if you are running any Registry editing program, that you either uninstall or disable while we are in the cleaning process
It seems that I'm having some trouble running the GMER scan. I downloaded it, and while its on the tab that says Rootkit/Malware I clicked scan, but when its finished scanning it doesn't give me any results like the last scans I have done. An information box just pops and says "GMER hasn't found any system modification." where I can click OK, but there are no logs. What am I doing wrong?
Bobbye
Posts: 16,313 +36
It doesn't mean you did anything wrong- just that GMER didn't find anything. I'd like you to scan with the following which will check hidden files, hidden processes, hidden registry keys and hidden services:
Download catchme.exe to your desktop.
Paste log in next reply.
Download catchme.exe to your desktop.
- Double click the catchme.exe to run it
- Click the "Scan" button to start scan
- Open catchme.log to see results
Paste log in next reply.
Bobbye
Posts: 16,313 +36
I rechecked the logs- you've got a 64bit system and some of the program we use won't work on 64 bit. Hold the GMER report for a bit and see if you can run the following:
Please download OTL to your desktop.
This will get some of the information I need out.
Please download OTL to your desktop.
- Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
- When the window appears, underneath Output at the top change it to Minimal Output.
- Under the Standard Registry box change it to All.
- Check the boxes beside LOP Check and Purity Check.
- Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
This will get some of the information I need out.
Bobbye
Posts: 16,313 +36
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
Code::OTL :Services :Reg :Files IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk O2 - BHO: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files (x86)\BearShareTb\BearShareDx.dll O2 - BHO: (UrlHelper Class) - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\Program Files (x86)\iMesh Applications\MediaBar\DataMngr\IEBHO.dll O2 - BHO: (UrlHelper Class) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files (x86)\BearShare Applications\BearShare\BearShareIEHelper.dll O2 - BHO: (MediaBar) - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Program Files (x86)\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll O3 - HKLM\..\Toolbar: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files (x86)\BearShareTb\BearShareDx.dll O3 - HKLM\..\Toolbar: (MediaBar) - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Program Files (x86)\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [TWebCamera] File not found O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - Reg Error: Key error. File not found C:\Users\owner\AppData\Roaming\LimeWire C:\Users\owner\AppData\Local\CrashDumps C:\Program Files (x86)\BearShareTb\BearShareDx.dll C:\Program Files (x86)\BearShare Applications\BearShare\BearShareIEHelper.dll C:\Program Files (x86)\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll :Commands [purity] [emptytemp] [Reboot] - Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
- Status
Similar threads
