Redirect Virus

By Zalemam · 11 replies
May 5, 2009
  1. OK I got the virus where when i click on a search link, I t redirects to a different website! ive tried to install Super anti spyware but it keeps crashing, The same with Mbam anti-malware!

    But i have the Hi-jack this log....
  2. Zalemam

    Zalemam TS Rookie Topic Starter Posts: 43

    any help???
  3. Zalemam

    Zalemam TS Rookie Topic Starter Posts: 43

    waiting! On a response! Im sorry if i seem to nag but I use my laptop for all my buisness and its really ingratiating!
  4. touch

    touch TS Rookie Posts: 978

    Hello Zalemam

    Sorry for late reply.

    Try malwarebyte again, slightly different ->

    Download malwarebyte;pop&cdlPid=10878968

    Save the file as setup.exe

    Run the setup.exe file
    When it gets to the final step of the installation it will seem like it hasn't but it will take anywhere from 15mins to an hour to get through that step so just let it do its thing.

    If automatic update fail, download and install the manual update ->

    Go into the Malware folder in through Program Files
    Rename the mbam.exe to 123.exe and run it.
    Do a full computer scan
    Check all and remove/fix/delete them.

    Restart your computer and post the log.

    Nb. It is possible you´ll have to scan from safe mode
  5. Zalemam

    Zalemam TS Rookie Topic Starter Posts: 43


    I followed the directions you gave me, and I scanned my computer the first time with out updated (i Forgot):blush: and then i realized i didnt update so i did an update and rescanned so there are 2 logs....

  6. touch

    touch TS Rookie Posts: 978

    It looks like the updated malwarebyte found a gxvxccounter rootkit ;)

    And there are probably more rootkit files hiding.
    I´ll therefore suggest you post a combolog ->

    Please download Combofix:

    And save to the desktop.

    Close all other browser windows.

    Please connect all your external hard drive/flash drive before running Combofix, if you have any

    Double-click on the combofix icon found on your desktop.

    Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.

    Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please attach it to your next post
  7. Zalemam

    Zalemam TS Rookie Topic Starter Posts: 43

    the log is attached

    It told me to write theses down so i did




    Idk if there any help....
  8. touch

    touch TS Rookie Posts: 978

    It´s certainly not easy to pronounce the filenames ;)

    P2P software/programs are a major contributor to your infections.

    We reserve the right to withdraw our support:
    If such programs are found in your logs
    Should you not agree to their removal.
    As they are normally set to bypass your Firewall and Anti-Virus software
    Filesharing/P2P Programs serves as a constant threat to your computer

    c:\program files\LimeWire

    Reboot, attach new combofix log
  9. Zalemam

    Zalemam TS Rookie Topic Starter Posts: 43

    uninstalled limewire,

    ran combo fix again...
  10. touch

    touch TS Rookie Posts: 978

    Ok :)

    Combofix log looks clean. Please attach new hijackthis log, and tell how things are running ?
  11. Zalemam

    Zalemam TS Rookie Topic Starter Posts: 43

    Google search links work flawless

    heres my hijackthis log
  12. touch

    touch TS Rookie Posts: 978

    Sounds good.

    Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (file missing)
    O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (file missing)
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (file missing)

    And you´re done.

    Now your computer problems are solved, it is time for the clean-up procedure
    You should Create a New Restore Point to prevent possible reinfection from an old one.
    The easiest and safest way to do this is:
    Go to Start > All Programs > Accessories > System Tools > System Restore
    Select Create a restore point, and Ok it.
    Next, go to Start > Run and type in cleanmgr
    Select the More options tab
    Choose the option to clean up system restore and OK it.

    This will remove all restore points except the new one you just created.

    Please download OTCleanIt
    Save it to desktop.
    This will remove all the tools we used to clean your computer.
    Double-click OTCleanIt.exe. Click CleanUp. Say Yes to the "Begin cleanup Process?"
    When asked if you want to proceed with the cleanup process, click Yes. Restart your computer when prompted.
    Please note. It will NOT remove Mbam, Ccleaner and SuperAntispyware.

    To learn more about how to protect yourself while on the internet, please read Tony Klein´s guide:
    How did I get infected in the first place
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...