Jump to content

MalwareByte and AdwCleaner can't detect google CSE redirect virus


Recommended Posts

Hi @Aritro   :welcome:

My name is Maurice.  I will be helping and guiding you on this case.

IF this machine runs on Windows XP, please stop and tell me about that.

We need to get information from this machine in order to have the proper detail to help you forward.
 NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

    Download Malwarebytes Support Tool
    
    
    Once the file is downloaded, open your Downloads folder/location of the downloaded file
    Double-click mb-support-1.4.0.615.exe to run the report
        You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
        
    Place a checkmark next to Accept License Agreement and click Next
    You will be presented with a page stating, "Get Started!"

    Do NOT use the button “Start repair” !
    Click the Advanced tab on the left column
    
    Click the Gather Logs button
    
    A progress bar will appear and the program will proceed with getting logs from your computer
   
    Upon completion, click a file named mbst-grab-results.zip will be saved to your Desktop. Click OK
    Please attach the ZIP file in your next reply.

 

Thank you.

 

Link to post
Share on other sites

I've added the logs and since Sunday I haven't run MalwareByte or AdwCleaner in my computer. I must also add that due to this virus its is not only redirecting google to cse.google but whenever I'm on a website for example this, forum.malware, and I click anywhere then I'm redirected to another ad page. Kindly see, I'm in great trouble. 

mbst-grab-results.zip

Link to post
Share on other sites

Hi.  Thanks for the support tool report.  Please have patience.   And minimize any online browser use until after we get this case cured.

I see the most recent Adwcleaner run just showed some P U P  with Firefox browser.

***** [ Firefox URLs ] *****

PUP.Optional.Legacy             suggestqueries.google.com
PUP.Optional.Legacy             suggestqueries.google.com

Question, please, before we do anything:   Do you use mail (dot) ru ?    I see a few mentions of that on Firefox settings / preferences.

Please advise.

Sincerely,

Link to post
Share on other sites

No, I do not.

In fact there's a random folder under favorites with this name Искать в Интернете, no idea what that is. Also for some weird reason I can actually access Google.com now, but I've a feeling that it's only temporary.

Link to post
Share on other sites

Hello.

Lets do a special custom fix.  This will remove "mail.ru" from the Start / home page setting in Firefox.  Later on, you can set your own choice.

I am sending a   custom Fix script which is going to be used by the FRSTENGLISH tool. They will both work together as a pair.

Please RIGHT-click the (attached file named) FIXLIST and select SAVE AS and save it directly ( as is) in the Downloads folder 

The tool named FRSTENGLISH is already on the Downloads folder.

Start the Windows Explorer and then, open the Downloads folder.


Double click FRSTENGLISH to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
Click the Fix button just once, and wait.

 

FRST_Fixl.png.c4c1c0dddcc49b11fa400590f070bd5e.png

 

PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. Some machines take longer than others.
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after restart.
When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run.

 

[ 2 ]

Download ComboFix from here and save it to your desktop.

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Be real sure you SAVE it first. Save it to the DESKTOP.

Double click on ComboFix.exe & follow the prompts.

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

When finished, it shall produce a log for you, C:\ComboFix.txt. Attach that log in your next reply.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

 

Also, please, attach the Fixlog.txt   from the first part ( above ).   Let me know how the situation is at that point.

Thank you.

fixlist.txt

Link to post
Share on other sites

UPDATE: It seems that cse.google for now is gone but the google search results come blank. The homepage for Google comes up, but when I search anything on it the results are blank. Blank white page.

Also, Искать в Интернете this thing is still there on my computer.

Link to post
Share on other sites

Thank you for the reports.  Those runs were worthwhile.

You had said before

Quote

In fact there's a random folder under favorites with this name Искать в Интернете

Delete the folder.

[ 2 ]

Reset Your Chrome Browser Settings

 

  1. In the top-right corner of the browser window, click the "Chrome Menu" icon (Three horizontal lines)
  2.  
  3. At the bottom, click "advanced "
  4. Scroll down until you see "Reset", Then click where it says "restore settings to their original defaults".
  5. In the dialog that appears, click "Reset".

image.png.c1e1d7242c270cfa5e8be8cdc3aec756.png


Close Chrome and restart it

You then can put back in your Preferences for Start / Home page / Search engine preference.

 

By the way, if using Google search has issues, switch to BING as the preferred search engine.

 

Link to post
Share on other sites

Yes, I did everything you said but looks like cse.google is back and I'm still redirected to different websites when I click anywhere on the screen. 

Also, brother, I am accustomed to Google and don't want to switch. So, kindly help me sort this problem in Google itself.

Also, now my browser has a "Managed By Organisation" thing written on it.

Link to post
Share on other sites

On Chrome,

See this Chrome support page    

https://support.google.com/chrome/answer/95314?hl=en

Select your own preference.

For the default Search engine, see   https://support.google.com/chrome/answer/95426

.

I would suggest a new scan as follows.

I would suggest to download, Save, and then run Malwarebytes ADWCLEANER.

Please close Chrome and all other open web browsers after you have saved the Adwcleaner and before you start Adwcleaner.

 

Please download the  Malwarebytes AdwCleaner from here:
Click the blue Download button.   ( do not pay attention to the other text displayed on that screen).

Be sure to Save the file first, to your system.  Saving to the Downloads folder should be the default on your system.

 

Go to the folder where you saved Adwcleaner. Double click AdwcleanerGUI  to start it.

At the prompt for license agreement, review and then click on I agree.

 

You will then see a main screen for Adwcleaner. ( if you do not see it right away, minimized the other open windows, so you can see Adwcleaner).

Then click on Dashboard button.

Click the blue button "Scan Now".

 

allow it a few minutes to finish the Scan.   Let it remove what it finds.

NOTE:  When it comes to the section "

Pre-installed applications

 

You can skip that.

Please find and send the Adwcleaner "C" clean report.

In Adwcleaner, click the "Reports" button.  Look at the list of reports for the latest date & type "Clean".

Double Click that line & it will open in Notepad.   Save the file to your system and then Attach that with your reply.

.

The .Net Framework cleanup has no relation to the Chrome browser issue.

Sincerely,

Link to post
Share on other sites

Hi,    Thanks for the reports.

I would suggest to be sure to turn off the Google Chrome "Sync" feature.

Please use Chrome  to go to https://www.google.com/settings/chrome/sync and sign into your account.
Scroll down until you see the "reset sync" button and click on the button
At the prompt click on "Ok".


.

[ 2 ]

See this article on our Malwarebytes Blog
https://blog.malwarebytes.com/security-world/technology/2019/01/browser-push-notifications-feature-asking-abused/

 

You want to disable the ability of each web browser on this machine from being able to allow "push ads". That means Chrome, Firefox, or Edge browser (on Windows 10), or on Opera.

Scroll down to the tips section "How do I disable them".

also, if you use Chrome or Firefox browser, install the Malwarebytes beta browser extension.  There is one for Chrome & another for Firefox.

To get & install the Malwarebytes beta Chrome extension,

Open this link in your Chrome browser: https://chrome.google.com/webstore/detail/malwarebytes/ihcjicgdanjaechkgeegckofjjedodee

Then proceed with the setup.

 

To get & install the Malwarebytes beta Firefox extension.

Open this link in your Firefox browser: https://addons.mozilla.org/en-US/firefox/addon/malwarebytes/

Then proceed with the setup.

Sincerely,

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.