Google Redirect Virus I believe

[Nightlurker]

Hey everyone I beleive I caught the google redirect virus on my PC. (Using a friends PC)

I bought a domain name 2 days ago but something weird started happening to it. It started redirecting automatically to a website which as an out dated layout of PayPal.com. I guess it's a phishing attempt.

Anyways I contacted support about this and they said that everything was fine inside the cpanel and that it was most likely a problem inside my computer.

I ran a scan and got the report from malware bytes below.

After the malware bytes I ran the TDSSKiller and it found 8 threats. I deleted all of them and clicked reboot PC. After this my keyboard and mouse do not work. They only work at start up so I can login to safe mode but even there the keyboard and mouse do not work.

I don't have the TDSSKiller report seeing as I can't open any files on my computer since my keyboard and mouse don't do anything. (I have tried using my mouse on another PC and it worked fine)

I remember that one of the threats that TDSSKiller reported was "sptd". Then it had other 7 that I don't remember the name.

I've read around about using rkill or combofix but the thing is, without my keyboard and mouse working on my PC I don't know how to run these.

If anyone could help regain access to my keyboard and mouse so that I can run these things maybe I could clear the viruses.

I leave the malwarebytes reprot below but it only popped up a couple of PUP.casino which I believe to be harmless.

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Versão da base de dados: 8327

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.19154

12-12-2011 20:10:15

mbam-log-2011-12-12 (20-10-09).txt

Tipo de pesquisa: Completa (C:\|D:\|E:\|F:\|G:\|H:\|)

Objectos verificados: 538833

Tempo decorrido: 5 hora(s), 28 minuto(s), 17 segundo(s)

Processos de memória infectados: 0

módulos de Memória infectados: 0

Chaves do Registo Infectadas: 1

Valores do Registo infectados: 0

Itens de dados do Registo Infectados: 0

Pastas Infectadas: 0

Ficheiros Infectados: 1

Processos de memória infectados:

(Nenhum item malicioso detectado)

módulos de Memória infectados:

(Nenhum item malicioso detectado)

Chaves do Registo Infectadas:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\William Hill CASINO CLUB (PUP.Casino) -> No action taken.

Valores do Registo infectados:

(Nenhum item malicioso detectado)

Itens de dados do Registo Infectados:

(Nenhum item malicioso detectado)

Pastas Infectadas:

(Nenhum item malicioso detectado)

Ficheiros Infectados:

c:\Casino\william hill casino club\_setupcasino_73279d_pt.exe (PUP.Casino) -> No action taken.

I was wondering if anyone could help handling this report since I’m not really good at this. I tried downloading the DSS from

bleepingcomputer.com 

but I cannot access the website, I don’t know if it’s down or if it’s just me.

Thanks You In Advance.

Forget this last part of the thread where I say and i quote "I was wondering if anyone could help handling this report since I’m not really good at this. I tried downloading the DSS from bleepingcomputer.com but I cannot access the website, I don’t know if it’s down or if it’s just me."

I am able to access that site it on my friends PC.

Hey everyone,

I did a few scans and I would be very thankfull if someone could take a look at these.

First I used malwarebytes to scan the PC and it only detected 2 PUP which were harmless. I still removed them just in case. I decided to go deeper and used the TDSSKiller it caught 8 threats. 1 of them was the sptd usually related to the google redirect virus. I don't remember the name of the other 7.

I deleted all of them and I was told to reboot the system. I rebooted, everything booted normally, however, my keyboard and mouse do not work. They are completely frozen and only work before windows starts in BIOS.

I realized that the only thing I could use was my DVD/CD so I used Avira rescue disk. Unfortunately, I can't copy the log to this PC exactly how it looks like but I copied the most important things and will list them below in a sec.

Avira was able to rename a couple of HTML/IFrame.JA.1 and Trojans such as TR/Dropper.GEN

But other it says archive scan aborted. I decided to try the AVG rescue disk next. I used the scan I could only due it half way because the light went off...yeah I know lucky me.

I will leave the half report below right after the Avira one. After all of this I'm still in the situation and my keyboard and mouse (USB) still don't work. I tried using an old non USB keyboard but no luck.

I'm going to use the bit defender rescue disk next meanwhile I leave the reports since I'm not very good at handling these things I was hopping for assistance.

My major problem is not being able to use my keyboard and mouse inside windows.

Thank you.

AVIRA SCAN:

TR/Crypt-XPACK.Gen [archive scan abort]

TR/Dropper.GEN [renamed]

BDS/Gendal-654428 - renamed

BDS/Gendal-683423.2 - renamed

Java/Fester.L - archive scan abort

Java/Exdoer.DH.2 - archive scan abort

JAVA/Exdoer.EX - archive scan abort

SPR/Autolt.Gen - renamed

HTML/IFrame.JA.1 - renamed

HTML/IFrame.JA.1 - renamed

HTML/IFrame.JA.1 - renamed

HTML/IFrame.JA.1 - renamed

HTML/IFrame.JA.1 - renamed

HTML/IFrame.JA.1 - renamed

HTML/IFrame.JA.1 - renamed

HTML/IFrame.JA.1 - renamed

SPR/Hacktool.231936 - archive scan abort

TR/Gendal.kdv.294349 - archive scan abort

TR/Agent.339896 - renamed

TR/Agent.155648.30 - renamed

TR/Gendal 6690843 - renamed

TR/Gendal 6690843 - archive scan abort

BDS/Gendal.662620 - archive scan abort

invalid or corrupt - rarnew.dat

archive type- left 4 dead

end of file - keyword elite uninstallexe

bad compressed data- proxy checker unistallexe

end of file- gamers first uninstall exe

end of file - GrindSoft/Lines/Uninstall

A malformed archive header was detected - Serif/WebPlus Starter Edition/3-0/Data/FillTableconical.zip

end of file - SpeedFan/uninstall.exe

end of file - StumbleUpon/PostInstall.exe

end of file - StumbleUpon/PreUninstall.exe

bad archive header - AppData Plus500

AVG HALF SCAN:

AVG command line Anti-Virus scanner

/mnt/sdd1/

PUP Tool.LN

/Program Files/Counter-Strike/platform/Friends/friendsUI.dll Runtime packed nspack

/Program Files/HideMyMac/mxid.dll Runtime packed nspack

/AppData/Local/Microsoft/Windows Defender/Filetracker/{051080FB-A0F8-4A77-B818-580411353E41} Virus Found Hosts

/AppData/Local/Microsoft/Windows Defender/Filetracker/{CED2FB3F-C2D8-474B-A179-2DA772753A80} Virus Found Hosts

Trojan Horse Generic3_c.CLFX

Trojan Horse Backdoor.Generic14.NAX

Trojan Horse Java/Agent.GX

Trojan Horse Java/Agent.FL

Trojan Horse Java/Agent.GX

Trojan Horse Java/Exploit.LJ

Trojan Horse Java/Agent.FB

Trojan Horse Java/Agent.FA

Trojan Horse Java/Exploit.LJ

Trojan Horse Java/Exploit.HS

Trojan Horse Java/Exploit.HP

Trojan Horse Java/Exploit.HS

Trojan Horse Java/Agent.EW

Trojan Horse Java/Agent.EW

/AppData/Local/Roaming/Octoshape/ Corrupeted executable file

/AppData/Local/Roaming/Octoshape/ Corrupeted executable file

PUP Tool.LN

PUP Tool.LN

Trojan Horse Generic3_c.CJNK

Trojan Horse Generic3_c.CJNK

hosts.txt Virus Found Hosts

PUP Tool.LN

PUP Tool.LN

ALL RENAMED SUCCESS ACCORDING TO AVG.

Hey everyone, first things first, here is the bit defender scan:

BIT DEFENDER SCAN:

4 threats in 25 still present in your system

Backdoor.Generic.654428

joke.NoClose.IS.A

Trojan.Generic.6690843

Trojan.HTML.Iframe.T

--------------------------------------------

I then clicked disnfect all 4 but only Backdoor.Generic.654428 and Trojan.Generic.6690843 were success.

I than clicked delete both joke.Noclose.IS.A and Trojan.HTML.Iframe.T and they were deleted successfuly.

All 25 success.

I tried logging in in safe mode. Booted successfully as always but again as always mouse and keyboard do not work inside windows vista.

I ran a second bit defender a scan and it came out clean.

In order to fix the keyboard and mouse issues, I copies the usb drivers from my friends PC (who also runs Vista) and copied them into my PC but with no luck. Mouse and keyboard still not working inside windows vista.

I am, however, able to use mouse and keyboard and internet on my PC using bitdefender. I was able to get the TDSSKiller logs below.

TDSSKiller.2.6.22.0_13.12.2011_03.04.30_log.txt

TDSSKiller.2.6.22.0_13.12.2011_03.06.14_log.txt

TDSSKiller.2.6.22.0_13.12.2011_03.08.05_log.txt

[screen317]

Hi and welcome to Malwarebytes.

In the future, please post all logs directly into your reply instead of attaching them unless otherwise indicated. With that said, please update MBAM, run a Quick Scan, and post its log.

Next, run DDS again and post DDS.txt directly in your reply.

[Maurice Naggar]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!