Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Google Analytics Virus

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Google Analytics Virus

Unread postby Cypher » December 17th, 2010, 4:03 pm

Hi afreihat.
Give me another update on the searches after this fix please.

Disable Avira anti-virus

  • Please navigate to the system tray on the bottom right hand corner and look for an open white umbrella on red background (looks to this: Image )
  • right click it-> untick the option AntiVir Guard enable.
  • You should now see a closed, white umbrella on a red background (looks to this: Image )
  • Note: Don't forget to re-enable it after the fix.

Next.

ComboFix - CFScript
This script is for this user and computer ONLY! Using this tool incorrectly could cause problems with your operating system... preventing it from ever starting again!
You will not have Internet access when you execute ComboFix. All open windows will need to be closed!
  1. Please open Notepad and copy/paste all the text below... into the window:
    Code: Select all
    Fcopy::
    C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe | c:\windows\system32\userinit.exe
    
  2. Save it to your desktop as CFScript.txt
  3. Please disable any Antivirus or Firewall you have active, as shown in this topic. Please close all open application windows.
    *Only* when the 2 items above (Step 3) have been taken care of...
  4. Drag the CFScript.txt (icon) into the ComboFix.exe icon... as seen in the image below:
    Image
    This will cause ComboFix to run again.
    Do Not use your keyboard or mouse click anywhere in the ComboFix window, as this may cause the program to stall or crash.
    Do Not touch your computer when ComboFix is running!
  5. When finished ComboFix will create a log file... you can save this file to a convenient place.
Please copy/paste the ComboFix log file in your next reply.


Logs/Information to Post in your Next Reply

  • ComboFix log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove

Re: Google Analytics Virus

Unread postby afreihat » December 17th, 2010, 5:33 pm

ComboFix 10-12-16.04 - Freihat 17/12/2010 15:57:18.2.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.2.1033.18.1013.290 [GMT -5:00]
Running from: c:\users\Freihat\Desktop\ComboFix.exe
Command switches used :: c:\users\Freihat\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
--------------- FCopy ---------------

c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe --> c:\windows\system32\userinit.exe
.
((((((((((((((((((((((((( Files Created from 2010-11-17 to 2010-12-17 )))))))))))))))))))))))))))))))
.

2010-12-17 21:10 . 2010-12-17 21:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-17 18:48 . 2010-11-30 23:48 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-12-17 18:48 . 2010-11-30 23:13 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-12-17 18:48 . 2010-12-17 18:48 -------- d-----w- c:\programdata\Avira
2010-12-17 18:48 . 2010-12-17 18:48 -------- d-----w- c:\program files\Avira
2010-12-17 18:20 . 2010-12-17 21:10 -------- d-----w- c:\users\Freihat\AppData\Local\temp
2010-12-17 11:48 . 2010-12-17 11:48 -------- d-----w- c:\program files\ERUNT
2010-12-17 04:07 . 2010-12-17 04:07 -------- d-----w- C:\rsit
2010-12-16 04:04 . 2010-10-12 04:25 516096 ----a-w- c:\program files\Windows Mail\wab.exe
2010-12-16 04:02 . 2010-10-20 04:54 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-12-16 04:02 . 2010-10-20 02:58 294400 ----a-w- c:\windows\system32\atmfd.dll
2010-12-16 04:02 . 2010-10-16 04:36 314368 ----a-w- c:\windows\system32\webio.dll
2010-12-16 04:01 . 2010-10-16 04:41 101760 ----a-w- c:\windows\system32\consent.exe
2010-12-16 04:01 . 2010-10-20 03:00 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-12-14 07:05 . 2010-12-14 07:05 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-12-14 07:00 . 2010-12-14 07:12 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-12-14 07:00 . 2010-12-14 07:00 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-12-14 06:59 . 2010-12-14 07:05 -------- d-----w- c:\programdata\Hitman Pro
2010-12-14 06:52 . 2010-12-17 04:07 -------- d-----w- c:\program files\Trend Micro
2010-12-14 06:52 . 2010-12-14 06:52 388096 ----a-r- c:\users\Freihat\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-12-12 08:48 . 2010-12-12 08:48 -------- d-----w- c:\program files\Essentials Codec Pack
2010-11-23 22:59 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{10BEA798-3CDC-4261-8D62-B6C1DE0222F4}\mpengine.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-29 22:42 . 2010-11-15 03:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-29 22:42 . 2010-11-15 03:22 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-17 09:23 . 2010-11-17 09:23 169320 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10135.bin
2010-10-23 07:14 . 2009-07-13 23:12 16896 ----a-w- c:\windows\system32\drivers\nsiproxy.sys
2010-10-19 15:41 . 2010-05-28 04:05 222080 ------w- c:\windows\system32\MpSigStub.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-10-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-10-05 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-10-05 150552]
"Camera Assistant Software"="c:\program files\Video Web Camera\traybar.exe" [2009-10-29 600688]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-10-07 1157640]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-12 7707168]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-10-15 233472]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"KeyAccess"="kass.exe" [2009-07-15 90816]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-30 281768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\katrack.dll c:\windows\katrack.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

R3 EUCR;EUCR;c:\windows\system32\DRIVERS\EUCR6SK.SYS [2009-11-23 103296]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-30 1343400]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-30 135336]
S2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [2009-08-24 107016]
S2 KeyAccess;KeyAccess;c:\windows\keyacc32.exe [2009-07-15 1090240]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-09-04 54784]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - AVGNTFLT
*NewlyCreated* - AVIPBB
*Deregistered* - klmd25

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.nhl.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-12-17 16:27:05
ComboFix-quarantined-files.txt 2010-12-17 21:27
ComboFix2.txt 2010-12-17 18:32

Pre-Run: 103,931,961,344 bytes free
Post-Run: 103,667,847,168 bytes free

- - End Of File - - 0AC2191E1D0850B8903B4477D2D5A4CD


Well, We're still where we were. Google works fine but results open in a new window. Nhl.com tabs or any search bar on any website such as (tribute.ca, rottentomatoes.com, imdb.com) still redirect me to some sort of google link.
afreihat
Regular Member
 
Posts: 17
Joined: December 14th, 2010, 3:49 am

Re: Google Analytics Virus

Unread postby afreihat » December 17th, 2010, 5:39 pm

This may actually be a vital piece of information and may help us figure this thing out. My brother's Macbook Pro and my iPod Touch (Safari Browser) have the similar problem, but if I change my wireless network to one in the area and not the one I have set up at home, everything on my laptop works perfectly. Google results open in the same window, and there are no additional google redirects.
afreihat
Regular Member
 
Posts: 17
Joined: December 14th, 2010, 3:49 am

Re: Google Analytics Virus

Unread postby Cypher » December 18th, 2010, 6:27 am

Hi afreihat.
Ok i need you to run another scan but first i need you to reset your router.
I don't mean just turn it off and on again, you need to reset it using the admin password.

Next.

Please download ATF Cleaner to your desktop.

  • Right-click ATF-Cleaner.exe And select " Run as administrator " to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Next.

Disable Avira anti-virus

  • Please navigate to the system tray on the bottom right hand corner and look for an open white umbrella on red background (looks to this: Image )
  • right click it-> untick the option AntiVir Guard enable.
  • You should now see a closed, white umbrella on a red background (looks to this: Image )
  • Note: Don't forget to re-enable it after the below scan.

Next.

ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Hold down Control then click on the following link to open a new window to ESET online scannner
  • Then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.


Logs/Information to Post in your Next Reply

  • ESET log.
  • Please give me an update on your computer's performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Google Analytics Virus

Unread postby afreihat » December 18th, 2010, 8:43 am

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
# OnlineScanner.ocx=1.0.0.6415
# api_version=3.0.2
# EOSSerial=cc4b305ae0dcf34eacbebd7e0a4994b7
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-12-18 12:38:04
# local_time=2010-12-18 07:38:04 (-0500, Eastern Standard Time)
# country="Canada"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777215 100 0 4792082 4792082 0 0
# compatibility_mode=1797 16775165 100 94 0 28263375 0 0
# compatibility_mode=5893 16776574 100 94 2034037 44214817 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=70168
# found=0
# cleaned=0
# scan_time=5864

Well we're back to the original problem now. Google links open other unknown search engines, I believe the one I just saw now was proseek or something along those lines. And the search bar problem still exists.
afreihat
Regular Member
 
Posts: 17
Joined: December 14th, 2010, 3:49 am

Re: Google Analytics Virus

Unread postby Cypher » December 18th, 2010, 8:51 am

Did you reset your router as instructed?
This is happening in Internet Explorer correct?
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Google Analytics Virus

Unread postby afreihat » December 18th, 2010, 8:57 am

I did reset my router through my router ip address, but it was "Restart Router" rather than reset. And yes, this is happening in Internet Explorer. However, on my brothers Mac, it is happening in Safari, and on my iPod Touch to a lesser extent, it is happening in Safari.
afreihat
Regular Member
 
Posts: 17
Joined: December 14th, 2010, 3:49 am

Re: Google Analytics Virus

Unread postby Cypher » December 18th, 2010, 12:06 pm

You say your brothers Macbook Pro has the same problem does it connect through the same router?
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Google Analytics Virus

Unread postby afreihat » December 18th, 2010, 12:45 pm

Yes it does, I set up the router to serve as a home wireless network. We have it WEP encrypted, so its weird that something could infect it.
afreihat
Regular Member
 
Posts: 17
Joined: December 14th, 2010, 3:49 am

Re: Google Analytics Virus

Unread postby Cypher » December 18th, 2010, 1:00 pm

Hi afreihat.
All of your latest logs have come back clean.
This is obviously a problem with your router, if an infection was involved resetting it would of would of fixed the problem.
As this is a dedicated Malware Removal site i will have to direct you to experts elsewhere..
Here are some excellent Tech sites (in no particular order) that may be able to help with these problems:


So as I said above your logs are clean, I hope you can resolve your other problem with the links that I provided.

This is my general post for when your logs show no more signs of malware.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Time for some housekeeping
  • Click on Start > All programs > Accessories > Run.
  • Now type in ComboFix /Uninstall into the box and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
    Image
The above procedure will reset your System Restore and clear out the backups and quarantines created during the course of this fix.

Next

OTC

Download OTC by Old Timer and save it to your Desktop. This tool will remove all the tools we used to clean your pc.

  • Right-click OTC.exe And select " Run as administrator " to run it.
  • Click the CleanUp! button
  • Select Yes when the Begin cleanup Process? Prompt appears
  • If you are prompted to Reboot during the cleanup, select Yes
  • The tool will delete itself once it finishes, if not delete it by yourself

Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

Protection Programs
Don't forget to re-enable any protection programs we disabled during your fix.

Here are some free programs I recommend that could help you improve your computer's security.

Install SiteAdvisor
SiteAdvisor is a toolbar for Microsoft Internet Explorer and Mozilla Firefox which alerts you if you're about to enter a potentially dangerous website.
You can find more information and download it from Here

Install WinPatrol
As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
For more information, please visit HERE

MVPS Hosts

Install MVPS Hosts File From Here
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
You can Find the Tutorial HERE

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Microsoft Windows Update
Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Install the updates immediately if they are found.
To update Windows
Go to Start > All Programs > Windows Update > Check for updates.
To update Office
Open up any Office program.
Go to Help > Check for Updates

I would be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Safe surfing!
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Google Analytics Virus

Unread postby afreihat » December 18th, 2010, 1:16 pm

Interesting note, the MVPS Host file fixed the problem. I'm going to try to restart my computer and see if anything changes. If its still good, then I will leave a message letting you know that you can close this case file. Google links still open in a new window, but thats a minor inconvenience.
afreihat
Regular Member
 
Posts: 17
Joined: December 14th, 2010, 3:49 am

Re: Google Analytics Virus

Unread postby afreihat » December 18th, 2010, 1:30 pm

Ok well, false alarm, still doing redirects, but I figure whenever it does, I should just take the base url and add it to the hosts file. for example www.nhl.com/player/123.html, the base url would be www.nhl.com, but the random pop ups have stopped and it seems they are gone for good. But anyways, thank you for your help, I really appreciated it.
afreihat
Regular Member
 
Posts: 17
Joined: December 14th, 2010, 3:49 am

Re: Google Analytics Virus

Unread postby Cypher » December 18th, 2010, 1:44 pm

We had already reset your Hosts file but we can try this just to rule it out.
If this doesn't resolve your problem then it is your router considering your brother connects to it also from a different PC.

Please download HostsXpert and unzip it to your desktop, Do not run it yet.

Next.

Download and run OTM

Download OTM.exe by Old Timer and save it to your Desktop.
  • Right-click OTM.exe and select " Run as administrator " to run it.
  • Right-click then copy the following code, Do not include the word Code.
    Code: Select all
    :Files
    C:\WINDOWS\system32\drivers\etc\hosts
    
    :Commands
    [EmptyFlash]
    [emptytemp]
    [start explorer]
    [Reboot]
    

    • Return to OTM, right-click then paste the code into the blank box below Image
    • Next click on the large Image button.
    • OTM may ask to reboot the machine. Please do so if asked.
    • Copy everything in the Results window (under the green bar), and paste it in your next reply.

NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Next.

  • Double click on HostsXpert.exe to launch the programme.
  • When prompted with:
    HOSTS file does not exist, press OK to create HOSTS file, Cancel to quit.
  • Select OK.
  • Check to see if top button on left hand side says Make Writable?
    • If it does. click on it then proceed to next instruction.
    • If not, just proceed to next instruction
  • Click on Restore MS Hosts File to restore your Hosts file to its default condition
  • When prompted to confirm, click OK.
  • Click on the Download button (lower left hand side)
    • Click on MVPs Hosts... button.
    • Click on Replace button.
    • Press OK in the box that pops up. (HostsXpert will now download and update your Hosts file)
  • When finished.
    • Click on File Handling button.
    • Click on Make Read Only? to secure it against infection.
  • Exit the programme.

Next.

Reset IE8:

  • Please download Microsoft FixIt and save it to the desktop.
  • Double click on MicrosoftFixit50195.exe select I Agree and click on Next.
  • Follow the on-screen prompts.
  • You may delete MicrosoftFixit50195.exe when finished and or keep it if any problems in the future with IE8.
  • Next time IE8 is launched you will be prompted to reapply settings again, this is normal.
  • Note: Any add-ons will require to be reapplied after the above reset.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Google Analytics Virus

Unread postby afreihat » December 18th, 2010, 2:35 pm

All processes killed
========== FILES ==========
C:\WINDOWS\system32\drivers\etc\HOSTS moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Freihat
->Temp folder emptied: 348163 bytes
->Temporary Internet Files folder emptied: 40912355 bytes
->Flash cache emptied: 2955494 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 1061348 bytes

Total Files Cleaned = 43.00 mb


OTM by OldTimer - Version 3.1.17.2 log created on 12182010_131333


Still as it was, but at least the search bar and random pop ups are gone. The google problem may just be google. Everything else is good. So I am happy with the result.
afreihat
Regular Member
 
Posts: 17
Joined: December 14th, 2010, 3:49 am

Re: Google Analytics Virus

Unread postby Cypher » December 18th, 2010, 2:50 pm

As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 351 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware