Jump to content

Recommended Posts

Hi, I recently became a full-fledged member of those suffering the google redirect virus.

I've been following the "What do I do now?" guide, but running the GMER Rootkit Scanner freezes my laptop.

I've run Malwarebytes, which didn't detect anything, I ran Avira AntiVir Personal, which didn't detect anything. I skipped DeFogger, because I have no CD-emulation software at all. I ran DDS with no problem.

I uninstalled McAfee so there were no conflicts with GMER, and switched off windows defender and AntiVir before I ran GMER, but it has frozen my laptop twice, and I don't really wanna risk it freezing it irreparably.

So I have the Malwarebytes log, and the two DDS logs:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6253

Windows 6.0.6001 Service Pack 1

Internet Explorer 7.0.6001.18000

03/04/2011 14:03:02

mbam-log-2011-04-03 (14-03-02).txt

Scan type: Quick scan

Objects scanned: 149203

Time elapsed: 11 minute(s), 7 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

---------------------------------------

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by Eric at 13:05:07.46 on 03/04/2011

Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_22

Microsoft

Attach.zip.zip

Link to post
Share on other sites

Hello Eric! Welcome to Malwarebytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Follow my instructions step by step if there is a problem somewhere, stop and tell me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install or uninstall any software or hardware, while work on.
  • Keep me informed about any changes.
  • Post all of your log files, don't attach them.

Step 1

Going over your logs I noticed that you have

Link to post
Share on other sites

Just to check, for any following steps, Avira AntiVir and Windows Defender should be disabled, right?

Yes, before working with ComboFix, your AV should be disable.

Open Notepad and copy and paste the text in the code box below into it:

Folder::
c:\programdata\aJgHcIiGcFm28602
c:\programdata\bDnGjFnElGi06504
c:\programdata\kGcDeKlFiPi06504

Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.

Link to post
Share on other sites

Glad I could help! :)

Last steps:

Step 1

Go to Start => Run... and copy & paste next command in the field:

ComboFix /uninstall

Then hit Enter button.

This procedure will do the following:

  • Uninstall ComboFix
  • Delete its related folders and files
  • Reset your clock settings
  • Hide file extensions
  • Hide the system/hidden files
  • Resets System Restore again

Note: Make sure there's a space between ComboFix and /uninstall

Step 2

Please manually delete DDS.

Step 3

Keep your software up-to-date:

http://www.bleepingcomputer.com/tutorials/tutorial174.html

Some malware preventions:

http://forums.malwarebytes.org/index.php?showtopic=9365

Safe surfing! :)

Link to post
Share on other sites

Borislav, thanks so much for your help! Everytime I've followed advice in the past, it's either made things worse, frozen a pc, or done nothing at best. I'm so glad this worked. Will be much more careful about online security from now on. Seriously, thanks, if you ever find yourself in London, I owe you a pint :)

Link to post
Share on other sites

  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.