Jump to content

Google redirects


Recommended Posts

Please help! The Google redirects are making me crazy!

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4622

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18943

9/15/2010 3:33:37 PM

mbam-log-2010-09-15 (15-33-37).txt

Scan type: Quick scan

Objects scanned: 159918

Time elapsed: 6 minute(s), 24 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

DDS (Ver_10-03-17.01) - NTFSx86

Run by Jake at 16:12:52.68 on Thu 09/16/2010

Internet Explorer: 8.0.6001.18943 BrowserJavaVersion: 1.6.0_03

Microsoft

attach.zip

Link to post
Share on other sites

Welcome to Malwarebytes!

Download ComboFix from one of these locations:

Link 2

Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. Here is a howto for some of the applications.
    They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Link to post
Share on other sites

Progress!!

Something I should point out, regarding CCleaner and similar products

It's not recommended to use of registry cleaners. These often cause more problems than they fix. One of the Administrators at Malwarebytes, miekiemoes has an excellent writeup here

Another excellent article by Bill Castner is located here.

Step 1.

Uninstall unwanted programs:

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

Azureus Vuze

Optional removals

Azureus Vuze and P2P programs in general are legal themselves, but much of the content downloaded with them is downloaded illegally. They are also a great way to infect yourself with malware.

It's up to you if you want to remove the above programs, however I recommend you do.

Step 2.

Clean temp locations:

Download TFC to your desktop

  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

Step 3.

Scan with Kaspersky Online Scanner:

Please do an online scan with Kaspersky Online Scanner

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instrutions below under Upgrading Java, to download and install the latest vesion.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure the following is checked.
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases

[*]Click on My Computer under Scan.

[*]Once the scan is complete, it will display the results. Click on View Scan Report.

[*]You will see a list of infected items there. Click on Save Report As....

[*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.

[*]Please post this log in your next reply.

Upgrading Java:

javaicon.gif Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. NOT supported for use in 9x or ME

Upgrading Java :

  • Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 21 .
  • Click the JDK 6 Update 21 (JDK or JRE) "Download JRE" button to the right.
  • Select your Platform, Register and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation ( jre-6u21-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u21-windows-i586.exe and select "Run as an Administrator.")

Step 4.

Things I would like to see in your reply:

  1. Which P2P were uninstalled in Step 1.
  2. The content of the report from Kaspersky Online Scanner from Step 3.
  3. Information on how your computer is running now.

Link to post
Share on other sites

1. Removed Azureus

2. Ran TFC

3. Kaspersky was taking forever. After 3 1/2 hours (and around 35% done) I accidentally closed the browser window, so when I ran it again I just did Critical areas, and it finished in just over 2 hours. I'll run it on the whole computer overnight. Here's the log:

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7.0: scan report

Friday, September 17, 2010

Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 2 (build 6002)

Kaspersky Online Scanner version: 7.0.26.13

Last database update: Friday, September 17, 2010 08:56:15

Records in database: 4215744

--------------------------------------------------------------------------------

Scan settings:

scan using the following database: extended

Scan archives: yes

Scan e-mail databases: yes

Scan area - Critical areas:

C:\Program Files

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

C:\Windows

D:\My Documents\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

Scan statistics:

Objects scanned: 111166

Threats found: 0

Infected objects found: 0

Suspicious objects found: 0

Scan duration: 02:18:47

No threats found. Scanned area is clean.

Selected area has been scanned.

4. Uninstalled old java instance and installed the new version. Just got done and haven't messed around too much, but things seem to be working fine... I'll let you know if anything else bad comes up. Thanks so much for all your help!

Next I'm going to have to try to clean up that slow old laptap that's running XP... :unsure:

Link to post
Share on other sites

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7.0: scan report

Saturday, September 18, 2010

Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 2 (build 6002)

Kaspersky Online Scanner version: 7.0.26.13

Last database update: Friday, September 17, 2010 19:43:35

Records in database: 4217979

--------------------------------------------------------------------------------

Scan settings:

scan using the following database: extended

Scan archives: yes

Scan e-mail databases: yes

Scan area - My Computer:

C:\

D:\

E:\

G:\

H:\

I:\

K:\

M:\

Scan statistics:

Objects scanned: 320955

Threats found: 1

Infected objects found: 1

Suspicious objects found: 0

Scan duration: 05:04:18

File name / Threat / Threats count

C:\Qoobox\Quarantine\C\Windows\system32\Drivers\volsnap.sys.vir Infected: Virus.Win32.TDSS.b 1

Selected area has been scanned.

Link to post
Share on other sites

Hey there, elvissinatra !

OK! Well done, your log is clean again! :thumbsup:

Time for some housekeeping.

Step 1.

Clean up:

We need to do is to remove all the tools that you have used. This is so that should you ever be re-infected, you will download updated versions. It will also remove the quarantined Malware from your computer.

First:

  • Click START then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
    Run_ComboFix%20{47}Uninstall.jpg

Second:

Click Here to download OTC

Double-click OTC.exe to run it.

Click the Clean up button

Click Yes to the reboot.

Now delete any tools/logs that is left over after you ran OTC.

Third:

Now lets Reset and Re-enable your System Restore to remove any infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected, but that's good news).

To turn off Windows Vista System Restore:

  • 1. Click Start.
  • 2. Right-click the Computer icon, and then click Properties.
  • 3. Click on System Protection under the Tasks column on the left side
  • 4. Click on Continue on the "User Account Control" window that pops up
  • 5. Under the System Protection tab, find Available Disks
  • 6. Uncheck the box for any drive you wish to disable system restore on
  • 7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
  • 8. Click OK
  • 9. When you have finished, restart the computer and follow the instructions in the next section to turn on System Restore.

To turn on Windows Vista System Restore:

  • 1. Click Start.
  • 2. Right-click the Computer icon, and then click Properties.
  • 3. Click on System Protection under the Tasks column on the left side
  • 4. Click on Continue on the "User Account Control" window that pops up
  • 5. Under the System Protection tab, find Available Disks
  • 6. Place a checkmark in the box for any drive you wish to enable System Restore on
  • 7. Click OK

Step 2.

Prevention:

OK, lets carry out a few preventative steps to make sure you reduce the risk of further infections.

First:

One of the essentials is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats, Microsoft releases security updates that help your computer from becoming vunerable. It is best if you have these set to download automatically.

Automatic Updates for Windows

  • Click Start.
  • Select Settings and then Control Panel.
  • Select Automatic Updates.
  • Click Automatic (recommended)
  • Choose a day and a time when you know the computer will be on and connected to the internet.
  • Click Apply then OK.

Second:

Now lets download some preventative programs that will help to keep the nasties away! We will start with Anti Spyware programs. I would advise getting a couple of them at least, and running each at least once a month.

Anti Spyware

  • SpywareBlaster to help prevent spyware from installing in the first place. A tutorial can be found here.
  • SpywareGuard to catch and block spyware before it can execute. A tutorial can be found here.

.

Note: If you find your system slows down after installing any of these, just uninstall it, or disable it from running at startup.

Third:

Next lets look at Firewalls. These help to prevent unauthorised access both to and from the internet or your local network. A firewall is considered a first line of defense in protecting private information. Below are two free firewalls to choose from, if you do not already have one. Note: You only need one firewall one your system.

Personal Firewalls

Fourth:

On to personal Anti Virus programs.

One AV is a must have! But never more than one, as this can and will cause conflicts and false readings. I have listed three free AV's below which are as good as any paid subscription AV, as long as you allow them to update themselves.

Anti Virus Programs

Fifth:

Nearly done! If you like to use chat, MSN and Yahoo have vunerabilities that can leave you open to infections. There are however a couple of very good, Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN):

Instant Messengers

Lastly:

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein.

I will keep this log open for the next couple of days, so if you have any further problems post another reply here.

OK, all the best, and stay safe!

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.