Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Google Search Result Redirect

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Google Search Result Redirect

Unread postby tbziegler » December 9th, 2009, 11:35 am

I ran Avenger and McAfee said it removed a trojan called clean.exe or cleanup.exe. When computer rebooted, critical stop saying it could not find that file and there was no txt file generated. I disabled McAfee, and ran again. This time a txt file was generated. Do I need to disable McAfee everytime I run these programs? I have in the past when it has told me to do so. Thanks
You do not have the required permissions to view the files attached to this post.
tbziegler
Regular Member
 
Posts: 31
Joined: November 23rd, 2009, 7:49 pm
Advertisement
Register to Remove

Re: Google Search Result Redirect

Unread postby Blade81 » December 9th, 2009, 1:03 pm

Hi,

Do I need to disable McAfee everytime I run these programs?

Yes, it's generally recommended to keep protection software disabled while running the tools. Anyway, seems that file move failed so we need to use different ways here.

Print these instructions since you won't be able to access them in recovery console.

1. Restart your computer
2. Before Windows loads, you will be prompted to choose which Operating System to start
3. Use the up and down arrow key to select Microsoft Windows Recovery Console
4. You must enter which Windows installation to log onto. Type 1 and press enter.
5. At the C:\Windows prompt, type the following bolded text, and press Enter:

set allowallpaths = true

6. At the next prompt, type the following bolded text, and press Enter:

copy /y c:\windows\system32\drivers\atapi.sys c:\windows\system32\drivers\atapi.bad

You should get message 1 file(s) copied.

7. At the next prompt, type the following bolded text, and press Enter:

copy /y c:\atapi.sys.bak c:\windows\system32\drivers\atapi.sys

That command should give similar output message as the previous one did.

8. If that went well type exit to exit from recovery console.

Windows will now begin loading. When back in normal mode, run ComboFix (let it update itself if asked for permission) and post back the resultant log.
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: Google Search Result Redirect

Unread postby tbziegler » December 9th, 2009, 2:02 pm

Did - set allowallpaths = true, but during - copy /y c:\windows\system32\drivers\atapi.sysc:\windows\system32\drivers\atapi.bad with no space between atapi.sys and c:\windows...I received message saying "the system cannot find the file specified". I looked in the directory and the file atapi.sys is there. The text for the command also wrapped off the screen and then showed below the first line. Is my syntax bad? Sorry.
tbziegler
Regular Member
 
Posts: 31
Joined: November 23rd, 2009, 7:49 pm

Re: Google Search Result Redirect

Unread postby Blade81 » December 9th, 2009, 2:19 pm

with no space between

Kindly note that white space has to be included.

The text for the command also wrapped off the screen and then showed below the first line. Is my syntax bad?
It's ok that command gets partly below the line if command is too long to fit on one line.
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: Google Search Result Redirect

Unread postby tbziegler » December 9th, 2009, 2:27 pm

I also tried with space and the repl is "the parameter is not valid"
tbziegler
Regular Member
 
Posts: 31
Joined: November 23rd, 2009, 7:49 pm

Re: Google Search Result Redirect

Unread postby Blade81 » December 9th, 2009, 2:39 pm

Did you have it typed exactly as shown here:
Code: Select all
copy /y c:\windows\system32\drivers\atapi.sys c:\windows\system32\drivers\atapi.bad


(Picture would tell the truth but unfortunately screenshots can't be taken in recovery console)
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: Google Search Result Redirect

Unread postby tbziegler » December 9th, 2009, 3:48 pm

I left out the /y parameter and was able to copy the files. I hope I did not subvert the process. Here is the Combofix log. Thanks.
You do not have the required permissions to view the files attached to this post.
tbziegler
Regular Member
 
Posts: 31
Joined: November 23rd, 2009, 7:49 pm

Re: Google Search Result Redirect

Unread postby tbziegler » December 9th, 2009, 4:42 pm

I have tried both Internet Explorer and Mozilla google searches and have not been redirected yet. I am still leery about clicking as freely as I did before. I am very grateful for your time, expertise and patience. Any ideas on the source of the virus?. I have seen numerous post about this same problem, but with little similarities and fewer solutions. I would like to prevent this from happening again.
tbziegler
Regular Member
 
Posts: 31
Joined: November 23rd, 2009, 7:49 pm

Re: Google Search Result Redirect

Unread postby Blade81 » December 10th, 2009, 3:46 am

Hi,

I suspect either some dubious p2p download or then malware took advantage of outdated and vulnerable software. Among outdated Windows and Internet Explorer such software could had been outdated Flash or Java for example.

Remove P2P software
While looking over your log, I have noticed the following Peer-to-Peer filesharing programs are present on your computer:

Limewire

These programs are the #1 source of infected systems. Although the software itself can be clean, the files you download are often infected with malware. Because of this, we do not allow P2P software present on machines we're cleaning anymore..

This means you must remove the above Peer-to-Peer filesharing programs and any others present on your machine. For an fully explanation of our policy, please read the following P2P Program Policy.

You can uninstall these programs in the Control Panel -> Add/remove Programs.


Uninstall your current shockwave player and get the fresh one here if needed.

Check here to see if your Flash is up-to-date (do it separately with each of your browsers). If not, uninstall vulnerable versions by following instructions here. Fresh version can be obtained here.

Uninstall these vulnerable applications too:
Java 2 Runtime Environment, SE v1.4.2_19
Macromedia Flash Player


When these are done, post fresh dds log.
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: Google Search Result Redirect

Unread postby tbziegler » December 10th, 2009, 11:17 am

I completed the requested tasks and here is the DDS file. I also have been getting a yellow shield in my system tray that says I have an update. When I try to install it, it is unable. (KB976098). I have update KB970653 v3. The Microsoft site says I have the updated files I need, but the update manager is not getting the message. I tried to remove KB970653, but it will not let me remove out of sequence.
You do not have the required permissions to view the files attached to this post.
tbziegler
Regular Member
 
Posts: 31
Joined: November 23rd, 2009, 7:49 pm

Re: Google Search Result Redirect

Unread postby Blade81 » December 10th, 2009, 11:53 am

Hi,

Have you tried to disable McAfee antivirus+firewall and see if that allowed the update getting installed?
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: Google Search Result Redirect

Unread postby tbziegler » December 10th, 2009, 1:58 pm

Yes, I think it started after I did a system restore to fix the redirect problem. My theory is it is installed, but the record of it being installed is gone.
tbziegler
Regular Member
 
Posts: 31
Joined: November 23rd, 2009, 7:49 pm

Re: Google Search Result Redirect

Unread postby Blade81 » December 10th, 2009, 5:05 pm

Hi,

Since the system appears to be clean I'm going to give you the final instructions. For that update issue I recommend to ask at Windows Update area of Microsoft forums :)

THESE STEPS ARE VERY IMPORTANT

Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
NOTE: only do this ONCE,NOT on a regular basis



Now lets uninstall ComboFix:
  • Click START then RUN
  • Now copy-paste Combofix /uninstall in the runbox and click OK


Please download OTC and save it to desktop.
  • Double-click OTC.exe.
  • Click the CleanUp! button.
  • Select Yes when the
    Begin cleanup Process?
    prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.

Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.


UPDATING WINDOWS AND INTERNET EXPLORER

IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site to get the critical updates.

If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.


Make your Internet Explorer more secure

This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.



The following are recommended third party programs that are designed to keep your computer clean. A link as well as a brief description is included with each item.

  • hosts file:
    • Every version of windows has a hosts file as part of them.
    • In a very basic sense, they are used to locate webpages.
    • We can customize a hosts file so that it blocks certain webpages.
    • However, it can slow down certain computers.
    • This is why using a hosts file is optional!!
    Download it here. Make sure you read the instructions on how to install the hosts file. There is a good tutorial here
    If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
    1. Click the start button (at the lower left hand corner of your screen)
    2. Click run
    3. In the dialog box, type services.msc
    4. hit enter, then locate dns client
    5. Highlight it, then double-click it.
    6. On the dropdown box, change the setting from automatic to manual.
    7. Click ok


Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


Once again, please post and tell me how things are going with your system... problems etc.

Have a great day,
Blade 8)
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: Google Search Result Redirect

Unread postby NonSuch » December 13th, 2009, 2:53 am

As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27302
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 31 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware