Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Google Search Result Redirect

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Google Search Result Redirect

Unread postby tbziegler » December 5th, 2009, 8:15 pm

Here they are: Thanks for your patience.

Todd
You do not have the required permissions to view the files attached to this post.
tbziegler
Regular Member
 
Posts: 31
Joined: November 23rd, 2009, 7:49 pm
Advertisement
Register to Remove

Re: Google Search Result Redirect

Unread postby Blade81 » December 6th, 2009, 7:24 am

@lamedmem: I've deleted your post. Don't post to other users' topics, please.

@Todd:
Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.


  • Read the requirements and privacy statement then click on the Accept button.

  • The program will launch and start to download the latest definition files.

  • You will be prompted to install an application from Kaspersky. Click Run

  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
  • Spyware, Adware, Dialers, and other potentially dangerous programs
    Archives

  • Click on My Computer under Scan.

  • Once the scan is complete, it will display the results. Click on View Scan Report.

  • Click on Save Report As....

  • Change the Files of type to Text file (.txt) before clicking on the Save button.

  • Save this report to a convenient place.

  • Copy and paste that information into your topic.

  • The scan will take a while so be patient and let it run. As it scans your machine very deeply it could take hours to complete, Kaspersky suggests running it during a time of low activity.
If you need a tutorial, see here


Please run Notepad (start > All Programs > Accessories > Notepad) and copy and paste the text in the quote box into a new file:

@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
ping -n 2 google.com
route print
)
start Log1.txt
del %0


  • Go to the File menu at the top of the Notepad and select Save as.
  • Select save in: desktop
  • Fill in File name: test.bat
  • Save as type: All file types (*.*)
  • Click save.
  • Close the Notepad.
  • Locate and double-click tast.bat on the desktop.
  • A notepad opens, copy and paste the content it (log1.txt) to your reply.
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: Google Search Result Redirect

Unread postby tbziegler » December 7th, 2009, 1:40 am

Here is the report from Kaspersky:

KASPERSKY ONLINE SCANNER 7.0: scan report
Sunday, December 6, 2009
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Sunday, December 06, 2009 19:33:42
Records in database: 3337124
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
Z:\

Scan statistics:
Objects scanned: 133114
Threats found: 3
Infected objects found: 2
Suspicious objects found: 2
Scan duration: 02:40:41


File name / Threat / Threats count
C:\2.js Suspicious: Trojan-Downloader.JS.gen 1
C:\4.js Suspicious: Trojan-Downloader.JS.gen 1
C:\Documents and Settings\Todd\Application Data\Sun\Java\Deployment\cache\6.0\44\3efada6c-5b5e90c5 Infected: Trojan-Downloader.Java.OpenStream.ad 1
C:\Documents and Settings\Todd\Application Data\Sun\Java\Deployment\cache\6.0\58\7b79707a-27e4ca01 Infected: Trojan-Downloader.Java.Agent.ab 1

Selected area has been scanned.
tbziegler
Regular Member
 
Posts: 31
Joined: November 23rd, 2009, 7:49 pm

Re: Google Search Result Redirect

Unread postby Blade81 » December 7th, 2009, 2:37 am

Did you do other part of instructions yet?
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: Google Search Result Redirect

Unread postby tbziegler » December 7th, 2009, 12:10 pm

Sorry. It was late when I responded. I missed that part.
You do not have the required permissions to view the files attached to this post.
tbziegler
Regular Member
 
Posts: 31
Joined: November 23rd, 2009, 7:49 pm

Re: Google Search Result Redirect

Unread postby Blade81 » December 7th, 2009, 1:22 pm

Hi,

Upload c:\windows\system32\ws2_32.dll file to http://www.virustotal.com and post back the results.

Run ComboFix with the following script and post back the results (let ComboFix update itself if asked for a permission):
Code: Select all
Folder::
c:\documents and settings\Todd\Application Data\LimeWire
FileLook::
c:\windows\system32\Drivers\SSPORT.sys
File::
C:\2.js
C:\4.js
C:\Documents and Settings\Todd\Application Data\Sun\Java\Deployment\cache\6.0\44\3efada6c-5b5e90c5
C:\Documents and Settings\Todd\Application Data\Sun\Java\Deployment\cache\6.0\58\7b79707a-27e4ca01
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: Google Search Result Redirect

Unread postby tbziegler » December 7th, 2009, 1:32 pm

Here is results from Virustotal:

MD5: 2ccc474eb85ceaa3e1fa1726580a3e5a
First received: 2009.02.17 13:15:24 UTC
Date: 2009.12.06 00:12:42 UTC [+1D]
Results: 0/38
Permalink: analisis/6e99d2fb4997e54e8b1b7d769cf2c0fae296a6441dc39984850ea26bfeb7e500-1260058362
tbziegler
Regular Member
 
Posts: 31
Joined: November 23rd, 2009, 7:49 pm

Re: Google Search Result Redirect

Unread postby tbziegler » December 7th, 2009, 2:18 pm

I ran Combofix, but did not know to run that scipt with Combofix. Here is the log though.
You do not have the required permissions to view the files attached to this post.
tbziegler
Regular Member
 
Posts: 31
Joined: November 23rd, 2009, 7:49 pm

Re: Google Search Result Redirect

Unread postby Blade81 » December 7th, 2009, 3:41 pm

Please run ComboFix with the provided script and let ComboFix update itself.
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: Google Search Result Redirect

Unread postby tbziegler » December 7th, 2009, 8:54 pm

Sorry, but I do not know how to run Combofix with the earlier provided script. When I started Combofix, it said there was an update and I pressed "Yes". It loaded and Combofix started the scan. I did not have an opportunity to run that script.
tbziegler
Regular Member
 
Posts: 31
Joined: November 23rd, 2009, 7:49 pm

Re: Google Search Result Redirect

Unread postby Blade81 » December 8th, 2009, 2:00 am

Hi,

Open notepad and copy/paste the text in the quotebox below into it:

Code: Select all
Folder::
c:\documents and settings\Todd\Application Data\LimeWire
FileLook::
c:\windows\system32\Drivers\SSPORT.sys
File::
C:\2.js
C:\4.js
C:\Documents and Settings\Todd\Application Data\Sun\Java\Deployment\cache\6.0\44\3efada6c-5b5e90c5
C:\Documents and Settings\Todd\Application Data\Sun\Java\Deployment\cache\6.0\58\7b79707a-27e4ca01



Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

Image

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log. Let me know about the remaining issues.
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: Google Search Result Redirect

Unread postby tbziegler » December 8th, 2009, 2:37 pm

Here is the information you wanted. Thank You.
You do not have the required permissions to view the files attached to this post.
tbziegler
Regular Member
 
Posts: 31
Joined: November 23rd, 2009, 7:49 pm

Re: Google Search Result Redirect

Unread postby Blade81 » December 8th, 2009, 3:31 pm

Hi,

You're still getting redirected by Google search results, right?

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    atapi.sys
    

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: Google Search Result Redirect

Unread postby tbziegler » December 8th, 2009, 7:15 pm

Yes, problem still here. This is the text file you needed.
You do not have the required permissions to view the files attached to this post.
tbziegler
Regular Member
 
Posts: 31
Joined: November 23rd, 2009, 7:49 pm

Re: Google Search Result Redirect

Unread postby Blade81 » December 9th, 2009, 3:29 am

Hi,

Click start->run->type cmd.exe and press enter. Type following command in command prompt window:
copy /y C:\WINDOWS\ServicePackFiles\i386\atapi.sys c:\atapi.sys.bak

You should get confirmation message 1 file(s) copied. Let me know if you didn't and stop following instructions below any further.


  • Download The Avenger by Swandog46 from here.
  • Unzip/extract it to a folder on your desktop.
  • Double click on avenger.exe to run The Avenger.
  • Click OK.
  • Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
  • Copy all of the text in the below textbox to the clibpboard by highlighting it and then pressing Ctrl+C.
    Code: Select all
    Files to move:
    c:\atapi.sys.bak|C:\WINDOWS\system32\drivers\atapi.sys

  • In the avenger window, click the Paste Script from Clipboard, Image button.
  • Click the Execute button.
  • You will be asked Are you sure you want to execute the current script?.
  • Click Yes.
  • You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.
  • Click Yes.
  • Your PC will now be rebooted.
  • Note: If the above script contains Drivers to delete: or Drivers to disable:, then The Avenger will require two reboots to complete its operation.
  • If that is the case, it will force a BSOD on the first reboot. This is normal & expected behaviour.
  • After your PC has completed the necessary reboots, a log should automatically open. If it does not automatically open, then the log can be found at %systemdrive%\avenger.txt (typically C:\avenger.txt).
  • Please post this log in your next reply.
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 18 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware