Google redirect virus please help

By arrton
Dec 16, 2009
  1. hi i have somthing that redirects me when i search in google i dowloaded ccleaner and superantispyware and malwarebytes and they all found stuff and now tell me my computer is clean! but i still have the problem i have tried to follow the 8 steps as best i could (most of this stuff goes over my head i will put the origanal logs here and attach the hijack this and most recent logs as well. thank you for taking a look any and all help would be greatly appreciated thank you.

    these were the results of the first twoo scans.

    SUPERAntiSpyware Scan Log

    Generated 12/11/2009 at 08:04 PM

    Application Version : 4.31.1000

    Core Rules Database Version : 4360
    Trace Rules Database Version: 2204

    Scan type : Complete Scan
    Total Scan Time : 02:14:28

    Memory items scanned : 876
    Memory threats detected : 0
    Registry items scanned : 6601
    Registry threats detected : 1
    File items scanned : 36070
    File threats detected : 0


    Malwarebytes' Anti-Malware 1.42
    Database version: 3340
    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.18865

    10/12/2009 21:21:48
    mbam-log-2009-12-10 (21-21-48).txt

    Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|L:\|)
    Objects scanned: 437146
    Time elapsed: 1 hour(s), 29 minute(s), 39 second(s)

    Memory Processes Infected: 1
    Memory Modules Infected: 0
    Registry Keys Infected: 2
    Registry Values Infected: 1
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 9

    Memory Processes Infected:
    C:\Users\drewster\AppData\Local\Temp\b.exe (Trojan.Dropper) -> Unloaded process successfully.

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\NeoChronos (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\neochronos (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\Program Files\Pcsx2\plugins\PadSSSPSX.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Users\drewster\AppData\Local\Temp\89596.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Users\drewster\AppData\Roaming\Microsoft\Windows\update8123.cmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Users\drewster\Desktop\Programs & appS\YAAI_2.0.3.488\YAAI_2.0.3.488\YAAI.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Users\drewster\AppData\Local\Temp\b.exe (Trojan.Dropper) -> Delete on reboot.
    C:\Users\drewster\AppData\Local\Temp\d.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
    C:\Users\drewster\AppData\Local\Temp\f.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
  2. arrton

    arrton TS Rookie Topic Starter

    hi there i now your probably very busy but i wondered have i put this in the right place?
    as i have told the kids they cant use the computer till its fixed as i think they may have caused this! thanks again for the help.
  3. arrton

    arrton TS Rookie Topic Starter

    uh oh i just turned on the pc this morning and got an unknow limited connectivity message and cant accses the internet now im really starting to panic help me pleease!
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...