Jump to content

Google search redirect issue

vv365

By vv365
in Resolved Malware Removal Logs

 Share

Recommended Posts

vv365

vv365

Posted
  • Author
Posted

Here is Malwarebytes AntiMalware log, as you can see it is very old version and I cannot complete update. I guess that's why no infections detected.

Malwarebytes' Anti-Malware 1.41

Database version: 2775

Windows 5.1.2600 Service Pack 3

11/5/2011 10:51:09 AM

mbam-log-2011-11-05 (10-51-09).txt

Scan type: Quick Scan

Objects scanned: 106649

Time elapsed: 8 minute(s), 47 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites
  • Staff
screen317

screen317

Posted
  • Staff
Posted

Hi and welcome to Malwarebytes.

Please do the following:

  • Download and run mbam-clean.exe from here
  • It will ask to restart your computer, please allow it to do so very important
  • After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here
    • Note: You will need to reactivate the program using the license you were sent via email if using the Pro version
    • Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.
      Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or ask and we'll explain how to do it.

Link to post
Share on other sites
vv365

vv365

Posted
  • Author
Posted

Hi Chris,

Thanks for the suggestion. I was able to download latest MalwareBytes AntiMalware and run it.

1) Log of first run.

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8154

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

11/13/2011 11:43:03 AM

mbam-log-2011-11-13 (11-43-03).txt

Scan type: Quick scan

Objects scanned: 177346

Time elapsed: 6 minute(s), 32 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 3

Registry Keys Infected: 4

Registry Values Infected: 2

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 4

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

c:\documents and settings\all users\application data\intelverifierpolicy.dll (Trojan.SHarpro.PGen) -> Delete on reboot.

c:\documents and settings\Viswa\local settings\application data\traywow64.dll (Trojan.SHarpro) -> Delete on reboot.

c:\documents and settings\Viswa\local settings\application data\applicationhistory\applicationhistoryupdate\applicationhistoryup.dll (Trojan.SHarpro.PGen) -> Delete on reboot.

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{036D38F2-39B7-4341-BC3E-B2A69319CEC4} (Trojan.SHarpro) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{036D38F2-39B7-4341-BC3E-B2A69319CEC4} (Trojan.SHarpro) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{036D38F2-39B7-4341-BC3E-B2A69319CEC4} (Trojan.SHarpro) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\IntelVerifierPolicy (Trojan.SHarpro.PGen) -> Value: IntelVerifierPolicy -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Audacity Update (Trojan.SHarpro.PGen) -> Value: Audacity Update -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\documents and settings\Viswa\local settings\temp\thpm1811107842303749662.tmp (Trojan.Exploit.Drop.THPM) -> Quarantined and deleted successfully.

c:\documents and settings\all users\application data\intelverifierpolicy.dll (Trojan.SHarpro.PGen) -> Delete on reboot.

c:\documents and settings\Viswa\local settings\application data\traywow64.dll (Trojan.SHarpro) -> Quarantined and deleted successfully.

c:\documents and settings\Viswa\local settings\application data\applicationhistory\applicationhistoryupdate\applicationhistoryup.dll (Trojan.SHarpro.PGen) -> Delete on reboot.

2) Removed affected items and restarted computer. Log of second run:

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8154

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

11/13/2011 12:16:16 PM

mbam-log-2011-11-13 (12-16-16).txt

Scan type: Quick scan

Objects scanned: 176890

Time elapsed: 12 minute(s), 15 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

3) Am still getting Google search redirects. Please advise next steps.

Thanks!

Link to post
Share on other sites
  • Staff
screen317

screen317

Posted
  • Staff
Posted

Hi,

My apologies for the delay.

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites
  • 2 weeks later...
vv365

vv365

Posted
  • Author
Posted

Hi,

I ran into another big issue. My laptop doesn't boot up in any mode. Gives blue screen with following error:

Stop: c0000218 {Registry File Failure} The registry cannot load the hive (file): \SystemRoot\System32\Config\SOFTWARE or its log or alternate

Browsing internet, there are different approches to fix this. I have OEM installed XP SP2. Can you please advise what needs to be done? Can "google redirect malware" be related to the registry corruption?

Of many articles I read, this one seems helpful. Didn't try it yet. Please advise.

http://www.technibble.com/how-to-fix-windows-registry-hive/

Thanks!

Link to post
Share on other sites
  • 2 weeks later...
  • 1 month later...
  • Staff
screen317

screen317

Posted
  • Staff
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.