Google Redirect Virus

[MattRichman]

To anyone that can help me,

I have the Google Redirect Virus thing. My already slow computer (its from 2003) has been even slower recently. Also, when I search in Google, and click on a link, it takes me to a random third party website.

I attached a few logs.

-Matt

 

[touch]

Hello MattRichman

Please download Combofix:
http://subs.geekstogo.com/ComboFix.exe

And save to the desktop.

Open notepad and copy/paste the text in the quotebox below into it:
Name the file as CFScript
and Save it on the desktop

Killall::
Snapshot::
File::
C:\WINDOWS\system32\dozepiwa.dll
c:\windows\system32\govuyoni.dll

http://www.fromsej.saknet.dk/billeder/cfscript.gif

Once saved, refering to the picture above, drag CFScript.txt into ComboFix.exe.

Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please attach it to your next post

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

 

[MattRichman]

Touch,

I did what you said. The log is attached.

-Matt

 

[touch]

Open notepad and copy/paste the text in the quotebox below into it:
Name the file as CFScript
and Save it on the desktop

Killall::

Snapshot::
File::
c:\windows\system32\drivers\_004936_.tmp.dll
c:\windows\system32\drivers\_004928_.tmp.dll
c:\windows\system32\drivers\_008177_.tmp.dll
c:\windows\system32\faviheki.exe
Driver::
82550cb4
njhaizau

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DL32"=-

http://www.fromsej.saknet.dk/billeder/cfscript.gif

Once saved, refering to the picture above, drag CFScript.txt into ComboFix.exe.

Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please attach it to your next post, along with new hijackthis log.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

 

[MattRichman]

Attached are the new logs that you asked for.

-Matt

 

[touch]

Clean log´s

How are things running now ?

 

[MattRichman]

Things seem pretty good now.

Thanks a bunch!

-Matt

 

[touch]

Sounds good

Now your computer problems are solved, it is time for the clean-up procedure.

You should Create a New Restore Point to prevent possible reinfection from an old one.
The easiest and safest way to do this is:
Go to Start > All Programs > Accessories > System Tools > System Restore
Select Create a restore point, and Ok it.
Next, go to Start > Run and type in cleanmgr
Select the More options tab
Choose the option to clean up system restore and OK it.

This will remove all restore points except the new one you just created.


Please download OTCleanIt
Save it to desktop.
This will remove all the tools we used to clean your computer.
Double-click OTCleanIt.exe. Click CleanUp. Say Yes to the "Begin cleanup Process?"
When asked if you want to proceed with the cleanup process, click Yes. Restart your computer when prompted.
Please note. It will NOT remove Mbam, Ccleaner and SuperAntispyware.

To learn more about how to protect yourself while on the internet, please read Tony Klein´s guide:
How did I get infected in the first place

 

[MattRichman]

I did all that you said, and my computer now works perfectly.

However, when I try to install XP SP3, I get the error message, "Access is denied." Why is that?

-Matt

 

[touch]

Who or what say "Access is denied" ?

 

[MattRichman]

I get an error message in the middle of the install that says Access is Denied.

 

[touch]

Ok. See if this help:
http://support.microsoft.com/kb/949377

 

[nanobox99]

same problem please help!

 

[touch]

Ok. download and install SubInACL.exe:
http://www.microsoft.com/downloads/...56-d8fe-4a91-93cf-ed6985e3927b&displaylang=en


Then open Notepad and paste following code:

cd /d "%ProgramFiles%\Windows Resource Kits\Tools"
subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=administrators=f /grant=system=f
subinacl /subkeyreg HKEY_CURRENT_USER /grant=administrators=f /grant=system=f
subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=administrators=f /grant=system=f
subinacl /subdirectories %SystemDrive% /grant=administrators=f /grant=system=f
subinacl /subdirectories %windir%\*.* /grant=administrators=f /grant=system=f
secedit /configure /cfg %windir%\inf\defltbase.inf /db defltbase.sdb /verbose

Save the file with name SP3.bat.

Doubleclick on the file. It might take some time to complete.

After completion, restart your system and now you should be able to install SP3 ?