Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Google Redirect Virus

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Google Redirect Virus

Unread postby melboy » February 10th, 2010, 6:58 pm

Hi

Ok, give me a little time to check up on it.

Initially it looks like the latest round of MS updates may be the cause.

Are you presented with the option to start via the Recovery Console?
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK
Advertisement
Register to Remove

Re: Google Redirect Virus

Unread postby jmartin075 » February 10th, 2010, 7:07 pm

Yea, I do get that option.
jmartin075
Regular Member
 
Posts: 23
Joined: February 2nd, 2010, 9:39 pm

Re: Google Redirect Virus

Unread postby melboy » February 10th, 2010, 7:14 pm

Hi

Good. Like I said, give me a little time to check up on it.

I've my own PC wanting to restart to finish installing the updates as well.

I think I'll wait a while first. ;)
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Google Redirect Virus

Unread postby jmartin075 » February 10th, 2010, 7:25 pm

Haha, ok. No problem.
jmartin075
Regular Member
 
Posts: 23
Joined: February 2nd, 2010, 9:39 pm

Re: Google Redirect Virus

Unread postby melboy » February 10th, 2010, 7:48 pm

Hi

Right, it does look like it is the MS updates that have caused this - there are numerous reports of this happening.

1. Restart your computer
2. Before Windows loads, you will be prompted to choose which Operating System to start
3. Use the up and down arrow key to select Microsoft Windows Recovery Console
4. You must enter which Windows installation to log onto. Type 1 and press enter.
5. At the C:\Windows prompt, type the following bolded text, and press Enter:

CD $NtUninstallKB977165$\spuninst

6. At the next prompt, type the following bolded text, and press Enter:

BATCH spuninst.txt

7.At the next prompt, type the following bolded text, and press Enter:

Exit

Restart the PC.

Let me know how it goes.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Google Redirect Virus

Unread postby jmartin075 » February 10th, 2010, 8:56 pm

I'm amazed. That did the trick. Should everything be alright with that now? I'll post the two logs you asked for a couple posts ago when it's running smoothly again.
jmartin075
Regular Member
 
Posts: 23
Joined: February 2nd, 2010, 9:39 pm

Re: Google Redirect Virus

Unread postby jmartin075 » February 10th, 2010, 9:04 pm

Also, it's saying that updates are ready. Would I be safe updating?
jmartin075
Regular Member
 
Posts: 23
Joined: February 2nd, 2010, 9:39 pm

Re: Google Redirect Virus

Unread postby jmartin075 » February 11th, 2010, 12:53 am

I just ran Malwarebytes and it came up clean. Here's the log.


Malwarebytes' Anti-Malware 1.44
Database version: 3717
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/10/2010 10:50:40 PM
mbam-log-2010-02-10 (22-50-40).txt

Scan type: Full Scan (C:\|)
Objects scanned: 185479
Time elapsed: 1 hour(s), 41 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



Here's the combofix log.

ComboFix 10-02-09.03 - John 02/10/2010 23:15:32.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.287 [GMT -5:00]
Running from: c:\documents and settings\John\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\John\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

FILE ::
"C:\backup.reg"
"C:\cleanup.bat"
"C:\zip.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\backup.reg
C:\cleanup.bat
c:\windows\system32\_000005_.tmp.dll
C:\zip.exe

.
((((((((((((((((((((((((( Files Created from 2010-01-11 to 2010-02-11 )))))))))))))))))))))))))))))))
.

2010-02-11 00:59 . 2010-02-11 00:59 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-02-11 00:56 . 2010-02-11 00:56 -------- d-----w- c:\windows\LastGood
2010-02-10 20:19 . 2009-08-04 15:13 2145280 ----a-w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-02-10 20:19 . 2009-08-05 00:44 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-10 20:19 . 2009-08-05 00:44 2189184 ----a-w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-02-10 20:19 . 2009-08-04 14:20 2023936 ----a-w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-02-10 20:19 . 2009-08-04 14:20 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-10 20:19 . 2009-08-04 14:20 2066048 ----a-w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-02-10 04:14 . 2010-02-10 04:14 -------- d-----w- c:\windows\system32\Adobe
2010-02-10 03:57 . 2010-02-10 03:57 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-02-10 03:57 . 2010-02-10 04:45 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-02-08 04:05 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2010-02-03 01:41 . 2010-02-03 01:41 -------- d-----w- c:\program files\Trend Micro
2010-02-02 23:44 . 2010-02-02 23:44 -------- d-----w- c:\documents and settings\John\Application Data\ArcSoft
2010-02-02 23:36 . 2006-11-01 19:52 765952 ----a-w- c:\windows\system32\xvidcore.dll
2010-02-02 23:36 . 2006-11-01 19:54 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2010-02-02 23:34 . 2004-02-03 20:09 41984 ----a-w- c:\windows\system32\CoachWia.dll
2010-02-02 23:34 . 2004-01-06 18:10 8192 ----a-w- c:\windows\system32\CoachWrp.dll
2010-02-02 23:34 . 2003-11-03 22:31 44256 ----a-w- c:\windows\system32\drivers\CoachVc.sys
2010-02-02 23:34 . 2010-02-02 23:34 -------- d-----w- c:\windows\Options
2010-02-02 23:34 . 2010-02-02 23:34 -------- d-----w- c:\program files\Digital Video
2010-02-02 23:34 . 2004-01-22 17:41 46944 ----a-w- c:\windows\system32\drivers\CoachUsb.sys
2010-02-02 23:34 . 2003-11-04 22:54 16896 ----a-w- c:\windows\system32\CoachDlg.dll
2010-02-02 23:33 . 2010-02-02 23:33 -------- d-----w- c:\documents and settings\John\Application Data\InstallShield
2010-02-01 23:27 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-01 23:27 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-01 20:20 . 2010-02-01 23:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-30 22:55 . 2010-01-30 23:28 -------- d-----w- c:\program files\Common Files\PC Tools
2010-01-30 16:27 . 2010-01-30 16:27 125952 ----a-w- c:\documents and settings\All Users\Application Data\ParetoLogic\UUS2\Temp\Update.exe
2010-01-30 16:19 . 2010-01-30 23:29 23584 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-01-30 16:19 . 2010-01-30 23:29 2297376 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-01-30 15:43 . 2010-01-30 22:27 -------- d-----w- c:\program files\Common Files\ParetoLogic
2010-01-30 15:43 . 2010-01-30 22:27 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2010-01-30 15:40 . 2010-01-30 15:40 -------- d-----w- c:\documents and settings\John\Local Settings\Application Data\Downloaded Installations
2010-01-29 22:16 . 2010-01-29 22:16 2 --shatr- c:\windows\winstart.bat
2010-01-29 18:02 . 2010-01-29 18:02 127 ----a-w- c:\documents and settings\John\Local Settings\Application Data\fusioncache.dat
2010-01-29 17:59 . 2010-01-29 17:59 -------- d-----w- c:\program files\MSSOAP
2010-01-29 17:31 . 2010-01-29 17:32 164 ----a-w- c:\windows\install.dat
2010-01-29 17:08 . 2010-02-03 01:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-29 16:15 . 2008-04-14 01:12 23552 ----a-w- c:\windows\system32\wdmaud.drv
2010-01-29 16:15 . 2008-04-14 01:12 23552 ----a-w- c:\windows\system32\dllcache\wdmaud.drv
2010-01-27 20:49 . 2010-01-27 20:49 61440 ----a-w- c:\documents and settings\John\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-77897cf8-n\decora-sse.dll
2010-01-27 20:49 . 2010-01-27 20:49 12800 ----a-w- c:\documents and settings\John\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-77897cf8-n\decora-d3d.dll
2010-01-27 20:49 . 2010-01-27 20:49 503808 ----a-w- c:\documents and settings\John\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-423ef17a-n\msvcp71.dll
2010-01-27 20:49 . 2010-01-27 20:49 499712 ----a-w- c:\documents and settings\John\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-423ef17a-n\jmc.dll
2010-01-27 20:49 . 2010-01-27 20:49 348160 ----a-w- c:\documents and settings\John\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-423ef17a-n\msvcr71.dll
2010-01-22 00:21 . 2010-01-23 03:58 -------- d-sh--w- c:\windows\system32\winsys
2010-01-12 20:47 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-11 03:09 . 2004-08-04 04:59 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-02-11 00:55 . 2007-07-07 01:51 -------- d---a-w- c:\documents and settings\All Users\Application Data\temp
2010-02-11 00:52 . 2008-06-23 23:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-02-10 04:12 . 2005-12-16 05:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-10 04:08 . 2006-04-26 23:57 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-07 15:18 . 2008-10-06 00:43 -------- d-----w- c:\documents and settings\John\Application Data\LimeWire
2010-02-07 04:19 . 2006-06-02 20:57 -------- d-----w- c:\program files\Google
2010-02-02 04:34 . 2005-12-16 05:31 -------- d-----w- c:\program files\Java
2010-01-30 23:29 . 2010-01-30 16:19 3260 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-01-30 23:29 . 2010-01-30 16:19 31844 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-01-30 15:25 . 2009-01-14 20:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-01-29 16:35 . 2005-12-16 05:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2010-01-29 16:34 . 2005-12-16 05:36 -------- d-----w- c:\program files\Viewpoint
2010-01-29 16:33 . 2009-03-11 21:39 -------- d-----w- c:\documents and settings\John\Application Data\Move Networks
2010-01-29 16:32 . 2005-12-16 05:43 -------- d-----w- c:\program files\Dell
2010-01-27 20:49 . 2005-12-16 05:31 -------- d-----w- c:\program files\Common Files\Java
2010-01-11 00:21 . 2010-01-11 00:21 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\AdobeUM
2009-12-31 16:50 . 2005-12-16 05:14 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14 . 2004-08-10 18:51 916480 ------w- c:\windows\system32\wininet.dll
2009-12-19 15:21 . 2005-12-16 05:46 -------- d-----w- c:\program files\McAfee
2009-12-17 22:14 . 2008-12-19 03:32 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-16 18:43 . 2004-08-10 19:01 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2004-08-10 18:50 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 09:23 . 2009-12-08 09:23 474112 ----a-w- c:\windows\system32\SET74.tmp
2009-12-05 17:01 . 2009-12-05 17:01 152576 ----a-w- c:\documents and settings\John\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-05 17:01 . 2009-12-05 17:01 79488 ----a-w- c:\documents and settings\John\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-04 18:22 . 2005-12-16 05:14 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:11 . 2004-08-10 18:51 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:11 . 2004-08-04 06:56 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:07 . 2004-08-10 18:51 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07 . 2001-08-18 04:36 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07 . 2004-08-10 18:51 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:07 . 2004-08-10 18:50 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07 . 2004-08-04 06:56 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-25 16:19 . 2009-12-09 16:29 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-11-24 23:28 . 2009-11-04 02:30 63 ----a-w- c:\documents and settings\John\jagex_runescape_preferences2.dat
2009-11-24 23:28 . 2009-06-19 16:17 38 ----a-w- c:\documents and settings\John\jagex_runescape_preferences.dat
2009-11-21 15:51 . 2004-08-10 18:50 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2008-09-03 01:38 . 2006-04-18 03:54 56 --sh--r- c:\windows\system32\E1136D42D7.sys
2008-09-03 01:38 . 2006-04-18 03:54 3558 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"VerizonServicepoint.exe"="c:\program files\Verizon\VSP\VerizonServicepoint.exe" [2007-05-11 2061816]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [9/28/2009 7:05 PM 93320]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/29/2009 12:57 AM 135664]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [10/19/2006 10:11 AM 10664]
S3 NETR33X;D-Link Air Wireless Adapter(RTL) NT Driver;c:\windows\system32\drivers\NETR33X.sys [11/11/2003 5:20 PM 183680]
.
Contents of the 'Scheduled Tasks' folder

2010-01-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:34]

2010-02-11 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-06-23 21:01]

2010-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-29 05:56]

2010-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-29 05:56]

2006-02-05 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-10 00:12]

2009-09-28 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-09-28 16:22]

2009-09-28 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-09-28 16:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/mywaybiz
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: buy-internetsecurity10.com
FF - ProfilePath - c:\documents and settings\John\Application Data\Mozilla\Firefox\Profiles\e3cqc6jo.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npvirtools.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-10 23:32
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0x82F3C618]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf85fbf28
\Driver\ACPI -> ACPI.sys @ 0xf856ecb8
\Driver\atapi -> atapi.sys @ 0xf8526852
IoDeviceObjectType -> ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
\Device\Harddisk0\DR0 -> ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
NDIS: Intel(R) PRO/100 VE Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xf841fbb0
PacketIndicateHandler -> NDIS.sys @ 0xf840ea0d
SendHandler -> NDIS.sys @ 0xf8422b40
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(628)
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(692)
c:\windows\system32\WININET.dll
.
Completion time: 2010-02-10 23:39:57
ComboFix-quarantined-files.txt 2010-02-11 04:39
ComboFix2.txt 2010-02-09 23:58
ComboFix3.txt 2010-02-08 04:26

Pre-Run: 57,845,993,472 bytes free
Post-Run: 57,845,698,560 bytes free

- - End Of File - - 483398134889337B0329AAF84F7898D1
jmartin075
Regular Member
 
Posts: 23
Joined: February 2nd, 2010, 9:39 pm

Re: Google Redirect Virus

Unread postby melboy » February 11th, 2010, 1:33 pm

Hi

I'm glad your up and running again.

jmartin075 wrote:Also, it's saying that updates are ready. Would I be safe updating?

I would hold off for now - It could give us additional complications (As it already has...) that may hinder the malware removal process.

Go to Add/Remove programs (Start > Control Panel > Add or Remove programs), check Show Updates, and if an entry exists for "Security update for XP" (KB977165), Click Remove and follow the prompts to completely uninstall the hotfix. Any problems at this point, stop and let me know.


How are things running? Have the re-directs stopped? Any more problems that you would attribute to a possible malware infection?

Give me a fresh DDS log and we'll take it from there.


Re-run DDS

Please disable any anti-malware program that will block scripts from running before running DDS.
  • Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, Please copy & paste the contents of :
    • DDS.txt
And post it in your next reply.


In your next reply:
  1. DDS.txt
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Google Redirect Virus

Unread postby jmartin075 » February 11th, 2010, 5:16 pm

My computer is acting very strange now. It looks like an older version of windows (98 or Millenium). The task bar, internet explorer, start menu all look this way. Also, I got this notification from McAffee.

McAfee has detected a potentially unauthorized registry change to your computer.

About this Registry Change
SystemGuards: Winlogon User Init
Program: Nemounumodfuixseer
Location: C:\WINDOWS\Temp\gntr.tmp\svchost.exe


Not sure what that is but I've been getting them occasionally. The redirects have stopped though so that's a plus.


Here's the dds.txt


DDS (Ver_09-12-01.01) - NTFSx86
Run by John at 16:11:10.76 on Thu 02/11/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.150 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Documents and Settings\John\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/mywaybiz
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
mWinlogon: userinit=c:\windows\system32\userinit.exe,c:\windows\system32\sdra64.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SoundMAXPnP] "c:\program files\analog devices\core\smax4pnp.exe"
mRun: [igfxtray] "c:\windows\system32\igfxtray.exe"
mRun: [igfxhkcmd] "c:\windows\system32\hkcmd.exe"
mRun: [igfxpers] "c:\windows\system32\igfxpers.exe"
mRun: [VerizonServicepoint.exe] "c:\program files\verizon\vsp\VerizonServicepoint.exe" /AUTORUN
mRun: [MSKDetectorExe] "c:\program files\mcafee\spamkiller\MSKDetct.exe" /uninstall
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McENUI] "c:\progra~1\mcafee\mhn\McENUI.exe" /hide
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
Trusted Zone: buy-internetsecurity10.com
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemydsl.verizon.net/sdcCo ... gctlcm.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?LinkID=39204
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/share ... insctl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftup ... 1397117859
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/aut ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/aut ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/f ... wflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\john\applic~1\mozilla\firefox\profiles\e3cqc6jo.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-9-28 214664]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-9-28 93320]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-9-28 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-9-28 144704]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-9-28 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-9-28 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-9-28 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-9-28 40552]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-29 135664]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [2006-10-19 10664]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-9-28 34248]
S3 NETR33X;D-Link Air Wireless Adapter(RTL) NT Driver;c:\windows\system32\drivers\NETR33X.sys [2003-11-11 183680]

=============== Created Last 30 ================

2010-02-11 20:54:57 0 d-sh--w- c:\windows\system32\lowsec
2010-02-10 20:19:32 2145280 ----a-w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-02-10 20:19:31 2189184 ----a-w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-02-10 20:19:31 2189184 ------w- c:\windows\system32\ntoskrnl.exe
2010-02-10 20:19:31 2066048 ----a-w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-02-10 20:19:31 2066048 ------w- c:\windows\system32\ntkrnlpa.exe
2010-02-10 20:19:31 2023936 ----a-w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-02-10 04:14:01 0 d-----w- c:\windows\system32\Adobe
2010-02-08 04:05:16 50176 ----a-w- c:\windows\system32\proquota.exe
2010-02-08 03:43:39 0 d-sha-r- C:\cmdcons
2010-02-08 03:40:34 98816 ----a-w- c:\windows\sed.exe
2010-02-08 03:40:34 77312 ----a-w- c:\windows\MBR.exe
2010-02-08 03:40:34 261632 ----a-w- c:\windows\PEV.exe
2010-02-08 03:40:34 161792 ----a-w- c:\windows\SWREG.exe
2010-02-03 01:41:50 0 d-----w- c:\program files\Trend Micro
2010-02-02 23:36:20 765952 ----a-w- c:\windows\system32\xvidcore.dll
2010-02-02 23:36:19 77824 ----a-w- c:\windows\system32\xvid.ax
2010-02-02 23:36:19 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2010-02-02 23:34:12 8192 ----a-w- c:\windows\system32\CoachWrp.dll
2010-02-02 23:34:12 44256 ----a-w- c:\windows\system32\drivers\CoachVc.sys
2010-02-02 23:34:12 41984 ----a-w- c:\windows\system32\CoachWia.dll
2010-02-02 23:34:11 46944 ----a-w- c:\windows\system32\drivers\CoachUsb.sys
2010-02-02 23:34:11 16896 ----a-w- c:\windows\system32\CoachDlg.dll
2010-02-02 23:34:11 0 d-----w- c:\windows\Options
2010-02-02 23:34:11 0 d-----w- c:\program files\Digital Video
2010-02-01 23:27:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-01 23:27:35 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-01 20:20:45 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-30 22:55:11 0 d-----w- c:\program files\common files\PC Tools
2010-01-30 16:19:00 3260 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-01-30 16:19:00 31844 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-01-30 16:19:00 23584 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-01-30 16:19:00 2297376 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-01-30 16:18:20 1751 ----a-w- C:\rollback.ini
2010-01-30 15:43:07 0 d-----w- c:\program files\common files\ParetoLogic
2010-01-30 15:43:07 0 d-----w- c:\docume~1\alluse~1\applic~1\ParetoLogic
2010-01-29 22:16:55 2 --shatr- c:\windows\winstart.bat
2010-01-29 17:59:38 0 d-----w- c:\program files\MSSOAP
2010-01-29 17:31:55 164 ----a-w- c:\windows\install.dat
2010-01-29 17:08:07 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-01-29 16:15:27 23552 ----a-w- c:\windows\system32\wdmaud.drv
2010-01-29 16:15:27 23552 ----a-w- c:\windows\system32\dllcache\wdmaud.drv
2010-01-22 00:21:26 0 d-sh--w- c:\windows\system32\winsys

==================== Find3M ====================

2010-02-11 03:09:03 96512 ----a-w- c:\windows\system32\dllcache\atapi.sys
2010-02-11 03:09:03 96512 ------w- c:\windows\system32\drivers\atapi.sys
2009-12-31 16:50:03 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-31 16:50:03 353792 ------w- c:\windows\system32\dllcache\srv.sys
2009-12-21 13:19:18 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2009-12-17 22:14:00 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-16 18:43:27 343040 ------w- c:\windows\system32\dllcache\mspaint.exe
2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-14 07:08:23 33280 ------w- c:\windows\system32\dllcache\csrsrv.dll
2009-12-08 09:23:28 474112 ----a-w- c:\windows\system32\SET74.tmp
2009-12-08 09:23:28 474112 ------w- c:\windows\system32\SET4D.tmp
2009-12-08 09:23:28 474112 ------w- c:\windows\system32\dllcache\shlwapi.dll
2009-12-04 18:22:22 455424 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2009-11-27 17:11:44 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 17:11:44 17920 ------w- c:\windows\system32\dllcache\msyuv.dll
2009-11-27 17:11:44 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:11:44 1291776 ------w- c:\windows\system32\dllcache\quartz.dll
2009-11-27 16:07:35 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07:35 8704 ------w- c:\windows\system32\dllcache\tsbyuv.dll
2009-11-27 16:07:35 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07:35 28672 ------w- c:\windows\system32\dllcache\msvidc32.dll
2009-11-27 16:07:34 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07:34 84992 ------w- c:\windows\system32\dllcache\avifil32.dll
2009-11-27 16:07:34 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:07:34 48128 ------w- c:\windows\system32\dllcache\iyuv_32.dll
2009-11-27 16:07:34 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:07:34 11264 ------w- c:\windows\system32\dllcache\msrle32.dll
2009-11-24 23:28:28 63 ----a-w- c:\documents and settings\john\jagex_runescape_preferences2.dat
2009-11-24 23:28:27 38 ----a-w- c:\documents and settings\john\jagex_runescape_preferences.dat
2009-11-21 15:51:04 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2008-09-03 01:38:47 56 --sh--r- c:\windows\system32\E1136D42D7.sys
2008-09-03 01:38:50 3558 --sha-w- c:\windows\system32\KGyGaAvL.sys
2008-08-23 21:34:39 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082320080824\index.dat

============= FINISH: 16:14:09.42 ===============
jmartin075
Regular Member
 
Posts: 23
Joined: February 2nd, 2010, 9:39 pm

Re: Google Redirect Virus

Unread postby melboy » February 11th, 2010, 5:59 pm

Hi

Yes, you're re-infected.


Malwarebytes' Anti-Malware (MBAM)

As you have Malwarebytes' Anti-Malware installed on your computer. Could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform Quick scan scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Check all items then click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply.

    The log can also be found here:
    1. C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    2. Or via the Logs tab when the application is started.

Note: MBAM may ask to reboot your computer so it can continue with the removal process, please do so immediately.
Failure to reboot will prevent MBAM from removing all the malware.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Google Redirect Virus

Unread postby jmartin075 » February 11th, 2010, 6:05 pm

I decided to restart my computer to see if that would do anything and then it crashed at startup, just like it did yesterday. I used recovery console again and typed in the information you provided in the earlier post. I looked in add/remove programs, but the update wasn't there (after the first set of crashes and this time.) Is it reinstalling itself? If so, how do I stop it? Is it what caused my computer to look like windows 98? :x
jmartin075
Regular Member
 
Posts: 23
Joined: February 2nd, 2010, 9:39 pm

Re: Google Redirect Virus

Unread postby melboy » February 11th, 2010, 6:11 pm

Hi
I looked in add/remove programs, but the update wasn't there (after the first set of crashes and this time.) Is it reinstalling itself?


For the time being turn off automatic updates. Start > Control Panel >Automatic Updates > Turn off Automatic updates > Apply > OK


Then run the Malwarebytes scan.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Google Redirect Virus

Unread postby jmartin075 » February 11th, 2010, 6:22 pm

Ok, I just disabled the updates and I'm starting the Malwarebytes scan but a window came up that said:

Generic Host Process for Win32 services has encountered a problem and needs to close.



Malwarebytes just found 8 infected items and it's been 3 minutes...
jmartin075
Regular Member
 
Posts: 23
Joined: February 2nd, 2010, 9:39 pm

Re: Google Redirect Virus

Unread postby melboy » February 11th, 2010, 6:58 pm

jmartin075 wrote:Malwarebytes just found 8 infected items and it's been 3 minutes...

Do you have the log, or are you having problems?
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 47 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware