Google search redirect virus removal

By redli ยท 5 replies
Jun 19, 2010
  1. My google search will redirect to some junk sites.

    I used the 8 steps given in the guide. The logs are attached.

    When I tried to install microsoft updates from, it says

    I think there are automatic microsoft updates to my system
    After that I continued doing the remaining steps.

    Thanks for your help in advane.

    Attached Files:

  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    It's looking like you have a Rootkit on the Master boot Record (MBR). you will need to run the following:

    Please download ComboFix from Here and save to your Desktop.

    • [1]. Do NOT rename Combofix unless instructed.
      [2].Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3].Close any open browsers.
      [4]. Double click combofix.exe & follow the prompts to run.
    • NOTE: Combofix will disconnect your machine from the Internet as soon as it starts. The connection is automatically restored before CF completes its run. If it does not, restart your computer to restore your connection.
      [5]. If Combofix asks you to install Recovery Console, please allow it.
      [6]. If Combofix asks you to update the program, always allow.
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      [7]. A report will be generated after the scan. Please post the C:\ComboFix.txt in next reply.
    Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.
    Note: Make sure you re-enable your security programs, when you're done with Combofix..
    Run Eset NOD32 Online AntiVirus Scanner HERE
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the Active X control to install
    • Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    • Click Start
    • Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    • Click Scan
    • Wait for the scan to finish
    • Re-enable your Antivirus software.
    • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
    As for the Windows update problem: that could be from the malware or it could be from heavy traffic on the site. You are the 3rd person in a row reporting this problem. See how it is after the system is clean.

    Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.

    I will be writing some script to use after Combofix has been run.
  3. redli

    redli TS Rookie Topic Starter

    I completed combofix and online sanning. Find attacged the logs

    Attached Files:

  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    Viewing the contents of Combofix and the large number of special drivers and Services, tells me this is not a home computer, but most likely one use for work. Is That correct?

    I see Minot, Oracle, Threat Fire, Bynet, Telnet, etc.

    In fact, you have 40 drivers and Services running. I am reluctant to work on this system with all of these specialized processes. If this is your home computer, you are doing a great deal more than just 'home computing'.

    Please advise.

    By the way, you also have several Norton/Symantec programs running in addition to McAfee.
  5. redli

    redli TS Rookie Topic Starter

    This is my personal laptop only. I installed the trial versions.

    Any inputs to maintain good system. My system is damn slow also.

    I used to have norton, but i uninstalled and installed mccafe as I though norton would have made system slow. I also have spyware doctor.

    Suggest me the correct settings or software required and the fix.
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    You system is so slow because you have so much running! Remove the trials. Take everything of of Startup except your antivirus program, firewall if you have 3rd party firewall, touchpad process and network process if you have something like Network Magic>>>>nothing else!

    1. To access Startup using the msconfig utility
    Click on Start> Run> type in msconfig> enter> it should be on General tab.[/COLOR][/U][/B] On that screen, you check Selective Startup> everything below that should be checked EXCEPT the "Load the Startup Items".

    Once that is done, click on the Startup tab> here's what you'll see:

    If you need to expand the Command Column, (this shows what the process 'belongs' to) hold left mouse button down on the dividing line on from next to Location and move to the right to expand.

    This is where you UNCHECK the Startup items. This does not remove the item or uninstall anything> it just stops it from starting on boot. IT can be rechecked at any time if wanted. You don't do anything on the other tabs. When through> Apply> OK

    When you reboot the system the first time after making changes, a nag message comes up that can be ignored and closed after checking 'don't show this message again.' Stay in Selective Startup to retain the changes.

    Once you make changes to the Startup menu, you must remain in Selective Startup to retain those changed. If you go back to Normal Startup, everything you unchecked will be checked again and start on boot.

    2. Reset the Services:
    Start> Run> type in services.msc> double click on the Service> Change according to BlackViper's recommendations HERE.

    If the Service is not listed, chances are it can be safely set to Manual startup type. (except for those processes noted) Exit Services when through.

    This is for Windows XP SP3- I don't see that you have any of the SP- suggest you get SP3 on board.

    3. Uninstall old, unused and/or unwanted programs:
    Go to the Control Panel> Add/Remove Programs> uninstall everything you aren't using or don't need.

    Reboot after each of the steps above. I am not comfortable removing entries with all the special programs you have running. When you get the system cleaned up and have removed those 'trials' (Telnet can get you into a lot of trouble!) if you still think you have malware, come back and I'll get new logs from you.

    I don't think you system could accept enough RAM to run everything you're running now without being slow!
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...