Jump to content

Infected with Google Redirect Virus

Recommended Posts

Hi everyone,

I've become infected with the Google Redirect virus. Sometimes I click a link and get taken to sites like click.livesearchnow or something else. I had this problem occur on another computer. The one that is infected I built about 14 months ago. I have AVG Free and Malware Bytes.

Anyway, here are my logs from MBAM and DDS

Thanks for your help

mbam-log-2012-10-12 (15-06-45).txt



Link to post
Share on other sites

Hello and welcome. Please follow these guidelines while we work on your PC:

  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.” Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.

icon11.gif Download aswMBR.exe to your desktop.

  • Double click the aswMBR.exe to run it
  • You will be asked if you want to use Avast! Free anti virus for scanning - select No
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post in your next reply.

Please include the following in your next post:

  • aswMBR log

Link to post
Share on other sites

Please do this next:

icon11.gif Download TDSSKiller.zip and extract TDSSKiller.exe to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
  • If Malicious objects are found then ensure Cure is selected. Important - If there is no option to "Cure" it is critical that you select "Skip"
  • Then click Continue > Reboot now
  • Once complete, a log will be produced in c:\. It will be named for example, TDSSKiller.
  • Post that log, please.

icon11.gif Download Combofix from either of the links below, and save it to your desktop.

Link 1

Link 2

**Note: It is important that it is saved directly to your desktop**


IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link


Double click on ComboFix.exe & follow the prompts.

  • If you have trouble, stop and post back. Do not try to repeatedly run comboFix!
  • When finished, it will produce a report for you.


Note: If after running ComboFix you receive a message stating, "Illegal Operation Attempted on a registry key that has been marked for deletion" rebooting your computer will resolve the problem.

Please include the following in your next post:

  • TDSSKiller log
  • ComboFix log

Link to post
Share on other sites

Are you still being redirected? Please do this next:

icon11.gifYour Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please follow these steps to remove older version Java components and update.

  • Go to Start > Control Panel > Programs > Uninstall a program, and remove all older versions of Java.
  • Click (highlight) any item with Java Runtime Environment (JRE or J2SE or Java 6) in the name and select "uninstall".
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Go to this page to download the latest version. Press the download button under JRE and follow the prompts. Accept the agreement and choose the Windows x86 offline option.
  • Run the installer you just downloaded

icon11.gif Go to thisLINK to run an online scannner from ESET.

  • Note: For browsers other than Internet Explorer, you will need to download and install esetsmartinstaller_enu.exe. Click on it and save the file to a convenient location. Double click on it to install and a new window will open.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • If you are using Internet Explorer, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic.

Please include the following in your next post:

  • How is the computer running now?
  • ESET log

Link to post
Share on other sites

Next Post::

It looks like you are using a dodgy copy of Adobe Photoshop CS4. Please remove that from your system and see this POST for important information. Please do this next:

icon11.gif Download OTL to your desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of the OTL.txt log and paste them into your next post. I don't need to see Extras.txt

Please include the following in your next post:

  • OTL log

Link to post
Share on other sites

Please do this next:

icon11.gif Run OTL.exe

  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
    FF - prefs.js..extensions.enabledAddons: nurafotmah@nurafotmah.org:1.0
    [1832/11/29 00:30:07 | 000,004,819 | ---- | M] () (No name found) -- C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\5k1xjr8k.default\extensions\nurafotmah@nurafotmah.org.xpi
    @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:1CE11B51

  • Then click the Run Fix button at the top
  • Let the program run unhindered, it will reboot when it is done and produce a log

Please include the following in your next post:

  • OTL fix log

Link to post
Share on other sites

Great! All I have left for you is some very important cleanup:

icon11.gif Uninstall ComboFix

  • Press the Windows key + R on your keyboard or click Start -> Run. Copy and past the following text into the run box that opens and press OK:
    Combofix /Uninstall


icon11.gif Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.
  • Manually delete any remaining logs or tools.

icon11.gif Finally, I'd like to make a couple of suggestions to help you stay clean in the future:

  • Restart any anti-malware programs that we disabled while we were cleaning your machine.
  • Keep your antivirus application and MBAM current and updated. Scan with them at least weekly.
  • Please read this post for some helpful information.

Please post once more so I know you are all set and I can mark this thread resolved. Good luck and stay safe!

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

This topic is now closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.