Pesky Google redirect

[Jaguar280]

I had quite a bit of malware on my computer and i was successfully able to remove it using the 8 step virus removal process a few times.

However, that stupid google redirect malware/virus is still on my computer. I've gone through the 8 step process and its still here. Attached are my logs. Hopefully someone can help!!

Thanks!!!

 

[touch]

Hello Jaguar280

Please download Combofix:
http://subs.geekstogo.com/ComboFix.exe
And save to the desktop.

Close all other browser windows.

Double-click on the combofix icon found on your desktop.

Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.

Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please attach it to your next post.

 

[Jaguar280]

Thanks for the help, touch!

Here is the log file. Hopefully I can get rid of this thing now.

 

[Jaguar280]

bump... can anyone check out the log. i'd really appreciate it! Thanks!

 

[touch]

Oops, sorry I´ve missed you.

Please upload and have this file scanned:
c:\windows\system32\proquota.exe
Here:
http://virusscan.jotti.org/ Or here: http://www.virustotal.com/en/indexf.html


Attach back the results

 

[Jaguar280]

Sry touch. Was out of town this week :-/

Funny thing. Can't find the file. Seems to be gone. Tried looking for hidden files as well. Could it have renamed itself????

Thx for your patience and help!

 

[touch]

No problem

Open notepad and copy/paste the text in the quotebox below into it:
Name the file as CFScript
and Save it on the desktop

Killall::
Snapshot::
File::
C:\43214354.bat
C:^Documents and Settings^David^Start Menu^Programs^Startup^ChkDisk.dll
c:\windows\pss\ChkDisk.lnk
FileLook::
c:\windows\system32\proquota.exe
Folder::
c:\documents and settings\David\Application Data\Azureus
c:\program files\Vuze
Registry::
[-HKLM\~\startupfolder\C:^Documents and Settings^David^Start Menu^Programs^Startup^ChkDisk.dll]
[-HKLM\~\startupfolder\C:^Documents and Settings^David^Start Menu^Programs^Startup^ChkDisk.lnk]

Once saved, refering to the picture above, drag CFScript.txt into ComboFix.exe.

Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please attach it to your next post

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

 

[Jaguar280]

Thanks for the quick response touch.

Not sure if it matters but Azureus and vuze are torrent programs that I installed. I ran the script anyways. Seems to have deleted the program lol. Its ok though I can reinstall it.

Attached is the log. Hopefully your expertise can pull something out of it cause I got nothing, haha.

 

[touch]

You don´t have Proquota.exe: http://support.microsoft.com/kb/259826
But I´m not sure if you need it !

We remove Filesharing/Torrents/P2P programs because of this:
"As they are normally set to bypass your Firewall and Anti-Virus software"

Combofix log looks clean, so please tell how things are running ?

 

[Jaguar280]

I recently made the switch to google chrome because of the problems with firefox. seems google chrome isn't affected by the same viruses. dont know why.

i opened up firefox though and everything seems fine right now! seems like whatever you did has worked. i am using avast right now so hopefully that will keep me safe. i don't like using firewalls like zonealarm because of all the annoying alerts especially since i use live mesh.

hopefully i won't have to post on here again! thx for the support touch!