Stubborn Virus Redirects Google Links; Opens New Tabs; and Causes BSoD in Safe Mode

Status
Not open for further replies.
TechSpot:

Thank you for hearing my request for assistance.

For the last week, I've been struggling to relieve my computer of a pesky virus that seems invisible to every scanner and removal tool I've used. It's fortunate that the symptoms only appear to manifest while browsing the web, but I can't be sure of what else might be going on beneath the surface. And because I haven't been able to remove this invader myself, I am hoping you fine folks might be able to guide me the rest of the way.

To be more specific, I encounter symptoms while using Firefox, my preferred web browser. When I use Google to search the web, the search results appear legitimate enough on the surface, but when I click on one there's a 50% chance it will be redirected to a completely different ad site. Many times Google reports that the site I've been redirected to is known to have malware. Only in the past week have my Google results been automatically redirected to other sites. And only in the past week have tabs opened by themselves pointing to ad sites.

I'm afraid I have no suspicions as to how I've contracted this problem.

In an attempt to remove whatever it is that's creating this behavior while web browsing, I've run tools like AVG, Avira AntiVir (after I uninstalled AVG when it reported no threats), Lavasoft Ad-Aware, Malwarebyte's' Anti-Malware, Spybot - Search & Destroy, and SUPERAntiSpyware. While some have removed a handful of threats here and there, my symptoms still remain.

I got an idea to try running some of these tools in Safe Mode. But when I attempted to boot to Safe Mode, I was shocked to discover a blue screen of death with the STOP error: 0x0000007E, 0xC0000005, 0x80537009, 0xF789E508, 0xF789E204. At first, I thought it was unrelated to my virus. But after I did a little bit of searching, I discovered that there were others out there describing the exact same symptoms I'm having with the accompanying blue screen of death, character-for-character.

So at this point I'm completely out of ideas and am in need of assistance to delve deeper into this mess. If there are any ideas or possible solutions you could offer, I am more than eager to try anything.

I have followed the preliminary removal instructions and attached log files for Malwarebytes' Anti-Malware, SUPERAntiSpyware, and Hijackthis.
 

Attachments

  • mbam-log-2010-01-19 (20-36-30).txt
    868 bytes · Views: 1
  • SUPERAntiSpyware Scan Log - 12-20-2008 - 16-08-06.log
    1.2 KB · Views: 0
  • hijackthis.log
    8 KB · Views: 1
TechSpot:

I think I solved my problem.

Since I posted my request for assistance a few days ago, I've been reading a lot about other users--on this forum and others--experiencing the very same symptoms I've been struggling with. It's come to be known as the "Google redirect virus," or "Goored." Fortunately, many of them were able to find a solution to Goored that did not involve reformatting their hard drives. What they used was a program called Hitman Pro 3.5.4 Build 86, developed by SurfRight.

I downloaded, installed, and ran Hitman Pro, and it immediately identified a Rootkit. The infected file was nvata.sys located in my C:\WINDOWS\system32\drivers directory. It was identified for removal and was subsequently removed for good after I rebooted my computer.

Much to my surprise, all of my symptoms seem to have been cured. Tabs are no longer opening by themselves linked to ad sites. My Google search results are no longer being redirected to completely different sites. And I'm very much relieved that I am finally able to boot to Safe Mode without encountering a blue screen of death.

I am certainly no expert when it comes to virus and malware removal. That said, I don't want to necessarily advocate Hitman Pro as being the "be all, end all" solution to this problem. But I will say it did the trick for me. So for the purposes of collecting data in efforts to help future victims, I really wanted to post my own personal resolution to this issue.

Thank you for hearing my original request.
 
Status
Not open for further replies.
Back