Google redirecting links help please

A

ara002

Posts: 19   +0
Google and yahoo on both internet explorer and firefox are redirecting my links. No virus scan or spyware scans detect anything. Occasionally, AVG will say they detect a threat but they cannot heal them or remove them. Please help me.
 
Completed 8 steps, here are the attachments...

The three logs are attached. Please help! thanks
 
How is your computer running after the 8 steps?

Some suspicious things in the hijackthis log, but depending on the redirecting, they may be okay:
"R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local"
"O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)"
"O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)"

You need IE8 for this scan. Use Windows Update to get IE8 and any other Windows Updates that might be there:
ESET Online Scanner

Run the scan and report any findings
 
still redirects

After I completed the 8 steps, it still redirects. What should I do about those files you mentioned? Here is the ESET scanner log attached. And after this it still is redirecting.
 
Go ahead and delete the hijackthis lines I posted... I know the (no file) entries are not going to affect the redirect, but the .local line might affect the redirect. If you still suffer with the redirect, we will have to take a more aggressive cleaning approach
 
Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


[CENTER]
RC1.png
[/CENTER]


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
 
Here is the combo fix log

Here it is. Thanks for all your help.
 

Attachments

  • ComboFix.txt
    19.4 KB · Views: 5
go to start and then run and type cmd

cd\
c:\mbr.exe -t
c:\mbr.log

A log file (c:\mbr.log) will open. Post the contents of it to your reply
 
seems to be working

Everything seems to be back to normal and the redirecting appears to have stopped. Should I still post that log? Also, is it necessary to keep this Superantispyware? I had ad-aware already and have always used lavasoft. Just want to know if that's ok to use in your guys opinion? Also, should I continue to use AVG or is there something better out there for free you can recommend? My last question is regarding firewalls (I don't really know anything about them). Should I use one of the free ones offered online or does the windows firewall work good enough by itself? Thank you guys so much for your help. I really appreciate this.
 
Adaware is outdated and obsolete now... delete superantispyware and try Advanced SystemCare free, CCleaner and switch to free Avast or Advir for your antivirus software. Keep up with the Windows Updates and run your antispyware/antimalware software often, to control those nasty cookies
 
OK thank you for the advice. My only other question is about the redirecting problem I had. Was that a big deal? It seems as if it is not an uncommon problem based on all the forums and discussions I stumbled upon online. Could anything have been compromised on my computer or could have been viewed by anyone else?
 
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys
kernel: MBR read successfully
user & kernel MBR OK
 
Here is the new hjt log. Also, can someone address my question from a couple posts above regarding whether or not the redirecting was serious or not and if it compromised anything on my computer. Thanks!
 
Your HJT log is clean.

It was a pretty serious infection, one of the most annoying doing the rounds at the minute. It takes one of disk controllers for your system, in your case iastor.sys, and infects it so that it takes control on boot and was causing redirects.

Nothing is ever guaranteed when it comes to infections, what I can say is that the steps I have asked you to run have removed the infection, confirmed that it is no longer present and now we will see if anything else is remaining.

Please do an online scan with Kaspersky WebScanner

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instrutions below under Upgrading Java, to download and install the latest vesion.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure the following is checked.
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply.
Upgrading Java:
  • Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 16.
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u16-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Make sure the C:\Program Files\JAVA folder is removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u16-windows-i586.exe and select "Run as an Administrator.")
 
You may have to run Combofix, but you have to do it very carefully, following the instructions to the letter
 

Similar threads

Daniel Sims
Scam calls evolve: Crocodilus malware adds fake contacts to Android phones
Replies
4
Views
125
captaincranky
captaincranky
midian182
OpenAI is considering launching its own browser to challenge Google
Replies
12
Views
549
ZedRM
ZedRM
zohaibahd
Breaking up Google to restore search competition is on the table, says DOJ
Replies
18
Views
608
TempleOrion
TempleOrion

Latest posts

Back