Google search redirected, 8 steps results

By tonytony · 16 replies
Jun 2, 2009
  1. Hello, my google search results are being redirect to random sites, so i ran a scan of my whole computer using AVG anti-virus version 8.5.339. The following are the results under rootkits. The first one is a hidden driver while the rest are hidden files.


    I pressed the "Remove all unhealed" button and the following message appeared.

    "Object is hidden by a rootkit technique (which is usually used by a malicious software) Do you really want to remove it?"

    I clicked yes, the same message appeared about 6 more times and clicked yes on all of em. It then required me to restart my pc, which i did. But to no avail, my google searches still get redirected. I ran another AVG scan only to yield the same results. Thing is, when i run MBAM and SuperAntiSpyware they didn't detect anything. Which gives me the feeling that i am royally screwed here. Attached are my 8 STEPS logs. Any help would be greatly appreciated.
  2. touch

    touch TS Rookie Posts: 978

    Hello tonytony

    Viewpoint is considered foistware and is not needed on your computer.
    Download and unzip to own folder on Desktop -

    Run ViewpointKiller.exe


    Please download Combofix:
    And save to the desktop.

    Close all other browser windows.

    Double-click on the combofix icon found on your desktop.

    Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.

    Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please attach it to your next post.
  3. tonytony

    tonytony TS Rookie Topic Starter

    Thanks for your help, i did everything as instructed. Attached is the combofix log. Oh and btw, is it normal that i suddenly have a Internet Explorer Icon in my desktop? Because it wasn't there from the beginning(never use it).
  4. touch

    touch TS Rookie Posts: 978

    It is combofix there create internet explorer icon on the desktop.

    Open notepad and copy/paste the text in the quotebox below into it:
    Name the file as CFScript
    and Save it on the desktop

    Once saved, refering to the picture above, drag CFScript.txt into ComboFix.exe.

    Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please attach it to your next post

    Do not mouseclick combofix's window whilst it's running. That may cause it to stall
  5. tonytony

    tonytony TS Rookie Topic Starter

    Ok, sorry if it took too long to reply..had to go to work. Anyway, i did everything as instructed. Attached the new CF logs.

    Also AVG detected something...and I pressed heal.

    "Virus identified Packed.Rolex";"C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP860\A0376684.sys";"Moved to Virus Vault";"6/2/2009, 7:37:31 PM";"file";"C:\WINDOWS\system32\svchost.exe"

    Thanks again.
  6. touch

    touch TS Rookie Posts: 978

    No problem :)

    Combolog looks clean. How are things running now ?
  7. tonytony

    tonytony TS Rookie Topic Starter

    Looks like everything is running smooth now, google searches no longer being the svchost.exe that AVG caught after i ran ComboFix shouldn't be a problem also?
  8. touch

    touch TS Rookie Posts: 978

  9. tonytony

    tonytony TS Rookie Topic Starter

    Well I uploaded it to VirusTotal and looks like it didn't find anything on it.

    It's just that AVG Resident Shield already detected it twice. The Infection is called Virus Identified Packed.Rolex.

    Thanks again for taking time to help me.

    Attached results
  10. touch

    touch TS Rookie Posts: 978

    Ok. Then you´re good to go :)

    Click START then RUN
    Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    When shown the disclaimer, Select "2"
    The above procedure will:
    Delete the following:
    ComboFix and its associated files and folders.
    Reset the clock settings.
    Hide file extensions, if required.
    Hide System/Hidden files, if required.
    Set a new, clean Restore Point.

    To learn more about how to protect yourself while on the internet, please read Tony Klein´s guide:
  11. tonytony

    tonytony TS Rookie Topic Starter

    Awesome, everything's A-ok now. Thanks a lot!
  12. touch

    touch TS Rookie Posts: 978

    My pleasure :)
  13. afiore

    afiore TS Rookie


    I also am infected with the Packed.Rolex virus. I use AVG and have scanned/removed virus in Safe Mode, but when I restarted my system and scan again, it re-appears and seems to keep duplicating.

    Any help would be appreciated.
  14. kronbergk

    kronbergk TS Rookie


    I have the exact same problem but i dont know what to do next for my system. here is my combofix.txt file. please help me if you can. it would be much apprciated. i have already done the viewpoint killer and ran combofix as you can see from the attachment.

    thanks kronbergk
  15. kritius

    kritius TS Guru Posts: 2,084

    Start your own threads and don't follow other peoples instructions.
  16. kronbergk

    kronbergk TS Rookie


    i realize now that i should ask my own questions but everything seems to work now for me sorry if i did something wrong but it worked avg is no longer finding any packed.rolex viruses on my computer
  17. torsch

    torsch TS Rookie


    I got packed.rolex infection two days ago. On my PC I have two systems installed on different harddrives. The infected system is on a harddrive on it's own.

    At first I had no idea how to fix it, but then I just switched over to the other system on the other harddrive and did a scan whole computer with AVG, and packed.rolex was removed.

    Maybe just an idea how to solve the problem - and other similar problems very easy.
    Of course it will not work if you have two systems on the same drive hidden from each other.

    The same metod could work from a bootdisk of some kind with AVG installed on it...
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...