Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Google redirect malware

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Google redirect malware

Unread postby Tatzumi » March 16th, 2011, 4:13 pm

WoW the redirects stopped! THANK YOU SO MUCH!!!!

If you don't mind could you please explain what we did and if its secure to leave the new connection set-up the way it is?

PS: also what should I do to avoid this happening again, and what torrent program would be the safest?

PPS: sorry about all the questions and thank you again for all your help so far.
Tatzumi
Regular Member
 
Posts: 15
Joined: March 13th, 2011, 9:39 pm
Advertisement
Register to Remove

Re: Google redirect malware

Unread postby deltalima » March 16th, 2011, 4:48 pm

Hi Tatzumi,

If you don't mind could you please explain what we did and if its secure to leave the new connection set-up the way it is?


DNS is the service that converts domain names (e.g. http://www.google.com) into the numbers (e.g. 74.125.230.116) that computers use to communicate.

Your ISP normally provides this service and your router should automatically use the settings of your ISP.

What has happened here is that some malicious program has run on your computer and changed the settings in your router to use alternate DNS servers that give the wrong information and therefore force your connection to the redirected pages.

The best solution would be to reset the router to it's factory defaults and then reconfigure it to work with your ISP. We set your computer to bypass the settings in your router and use the OpenDNS service, this service is free and works very well, you may even find it faster that the service provided by your ISP.

There are no security issues to leaving the settings as they are, the only problem is that if you connect another computer to the router it will also suffer from the redirects and so the best way would be to reset the router. You may need contact your ISP if you choose to do this.

PS: also what should I do to avoid this happening again, and what torrent program would be the safest?


Once we are through I will give instructions to remove the tools we have used and offer some advice on avoiding infections in the future. One point I will make is that there are no safe torrent programs, all forms of P2P are dangerous.

Please let me know if you would like to reset the router or continue using the OpenDNS settings.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Google redirect malware

Unread postby Tatzumi » March 16th, 2011, 5:16 pm

I would like to reset the Router, and keep using the DNS on this computer if possible.
Tatzumi
Regular Member
 
Posts: 15
Joined: March 13th, 2011, 9:39 pm

Re: Google redirect malware

Unread postby deltalima » March 16th, 2011, 5:48 pm

Hi Tatzumi,

I would like to reset the Router, and keep using the DNS on this computer if possible.


That will be fine, keep the DNS settings that is a good idea.

Before reseting the router please contact your ISP help line as some ISPs need you to configure certain settings in the router after it has been reset

Resetting Router

Let’s try to reset the router to its default configuration.
  • This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router.
  • Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).
  • If you don’t know the router's default password, you can look it up. Here
  • You also need to reconfigure any security settings you had in place prior to the reset.
Note: After resetting your router, it is important to set a non-default password, and if possible, username, on the router. This will assist in eliminating the possibility of the router being hijacked again.

Let me know once the router has been reset and we can remove the tools that we have used.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Google redirect malware

Unread postby Tatzumi » March 16th, 2011, 6:27 pm

I am done with the reset, but how can I do these:

1) reconfigure any security settings you had in place prior to the reset.

2) set a non-default password, and if possible, username, on the router. (Will this affect all my computers? and will I need to use the user name and password all the time?)
Tatzumi
Regular Member
 
Posts: 15
Joined: March 13th, 2011, 9:39 pm

Re: Google redirect malware

Unread postby deltalima » March 16th, 2011, 6:39 pm

Hi Tatzumi,

I am done with the reset, but how can I do these:

1) reconfigure any security settings you had in place prior to the reset.

2) set a non-default password, and if possible, username, on the router. (Will this affect all my computers? and will I need to use the user name and password all the time?)


The main thing is to reset the password to access the router, this is the password you use when you connect to the router to configure it and you will not need to change any settings on any of your computers. This is to prevent any malicious program accessing your router by using the default password and making changes again.

Let me know the make and model of the router and I will find out what needs to be done to change the password.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Google redirect malware

Unread postby Tatzumi » March 16th, 2011, 6:42 pm

Make:linksys
Model:WRT54G-TM
Tatzumi
Regular Member
 
Posts: 15
Joined: March 13th, 2011, 9:39 pm

Re: Google redirect malware

Unread postby deltalima » March 17th, 2011, 5:11 am

Hi Tatzumi,

First we need to make sure you can access the configuration page on your router.

Please click here. You should be prompted for a username and password.

Username is admin
Passsword is admin

  • This should take you to the web page where you can configure the router.
  • At the top of the Web page, click the Administration option in the menu bar.
  • On the Management Web page, you should see two password text boxes. This is where you should change your administrative password. Type in a new secure password into both boxes.
  • Once you have changed your password, click Save Settings at the bottom of the Web page.

Next time you log into the router the username will be admin and the password will be the password you have just set.

Let me know how you get on.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Google redirect malware

Unread postby Tatzumi » March 17th, 2011, 3:36 pm

The link does not work...
Tatzumi
Regular Member
 
Posts: 15
Joined: March 13th, 2011, 9:39 pm

Re: Google redirect malware

Unread postby deltalima » March 17th, 2011, 3:44 pm

Hi Tatzumi,


Create a batch file
  1. Open Notepad.
  2. Copy/paste the following text into the empty Notepad window.
    Code: Select all
    @echo off
    ipconfig /all >> results.txt 2>>&1
    start notepad results.txt
    Del %0
    
  3. Save the file as xxx.bat on your desktop. Save it with the file type... all types *.*.
  4. Double click the file xxx.bat to execute.

results.txt should open in Notepad automatically when the script has complete, post the contents of this file in your next response.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Google redirect malware

Unread postby Tatzumi » March 17th, 2011, 3:54 pm

Windows IP Configuration

Host Name . . . . . . . . . . . . : Daniel-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : hsd1.fl.comcast.net.

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : hsd1.fl.comcast.net.
Description . . . . . . . . . . . : Marvell Yukon 88E8059 PCI-E Gigabit Ethernet Controller
Physical Address. . . . . . . . . : 20-CF-30-32-F1-E6
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::418c:7dac:2b2:72cc%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.101(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Thursday, March 17, 2011 3:15:37 PM
Lease Expires . . . . . . . . . . : Thursday, March 24, 2011 3:15:37 PM
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 237031216
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-06-75-7C-20-CF-30-32-F1-E6
DNS Servers . . . . . . . . . . . : 208.67.222.222
208.67.220.220
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.hsd1.fl.comcast.net.:

Connection-specific DNS Suffix . : hsd1.fl.comcast.net.
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::5efe:192.168.0.101%12(Preferred)
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 208.67.222.222
208.67.220.220
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:ca8:21e8:3f57:ff9a(Preferred)
Link-local IPv6 Address . . . . . : fe80::ca8:21e8:3f57:ff9a%13(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Tatzumi
Regular Member
 
Posts: 15
Joined: March 13th, 2011, 9:39 pm

Re: Google redirect malware

Unread postby deltalima » March 17th, 2011, 3:59 pm

Hi Tatzumi,

Please click here. You should be prompted fro a username and password.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Google redirect malware

Unread postby Tatzumi » March 17th, 2011, 4:05 pm

It worked perfectly I used my new password and same user name.
Tatzumi
Regular Member
 
Posts: 15
Joined: March 13th, 2011, 9:39 pm

Re: Google redirect malware

Unread postby deltalima » March 17th, 2011, 4:09 pm

Hi Tatzumi,

Now that you are clean, please follow these steps in order to keep your computer clean and secure.

Remove all used tools

Please download OTC and save it to desktop.
  • Double-click OTC.exe..
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.

Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

Update your AntiVirus Software and keep your other programs up-to-date
Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Security Updates for Windows, Internet Explorer & Microsoft Office
Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.


Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:

Using SpywareBlaster to protect your computer from Spyware and Malware


Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety


Also, please read this great article by Tony Klein So How Did I Get Infected In First Place

Happy surfing and stay clean!
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Google redirect malware

Unread postby Tatzumi » March 17th, 2011, 4:15 pm

Thank you so much! you were of great help!
Tatzumi
Regular Member
 
Posts: 15
Joined: March 13th, 2011, 9:39 pm
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 54 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware