Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Suspected Google Redirect Virus - Logs

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Suspected Google Redirect Virus - Logs

Unread postby Nealaus » April 21st, 2011, 8:09 am

Thanks for the response and the next steps...

It seems to be working well.

As requested:

ROUTER

Yes, a 4 point wifi bizzo router (Netgear Adsl ). We only have the pc and printer hooked up usually. The last couple of days I have run a laptop to do updates etc. It was left on during the last couple of days. Also... the wifi has had a lot of use -- new apple gadgets etc on the school hols ( i can't get the sound of the Angry Birds out of my head...)



OLT LOG

All processes killed
========== FILES ==========
C:\~WipeTmp34.out moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.BUSINESS
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Owner
->Temp folder emptied: 116736 bytes
->Temporary Internet Files folder emptied: 1198539 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 562 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 105155 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 04212011_205809

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DF34D1.tmp not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DFA755.tmp not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DFC1E4.tmp not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DFC23D.tmp not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DFC359.tmp not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DFC3B1.tmp not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DFC51E.tmp not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DFC55A.tmp not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DFDA3C.tmp not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\U9URKXI3\viewtopic[1].htm not found!
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
C:\WINDOWS\temp\Perflib_Perfdata_720.dat moved successfully.

Registry entries deleted on Reboot...
Nealaus
Active Member
 
Posts: 13
Joined: April 18th, 2011, 5:41 pm
Advertisement
Register to Remove

Re: Suspected Google Redirect Virus - Logs

Unread postby Dakeyras » April 21st, 2011, 8:29 am

Hi. :)

Thanks for the response and the next steps...

It seems to be working well.
Good and you're welcome!

Yes, a 4 point wifi bizzo router (Netgear Adsl ). We only have the pc and printer hooked up usually. The last couple of days I have run a laptop to do updates etc. It was left on during the last couple of days. Also... the wifi has had a lot of use -- new apple gadgets etc on the school hols ( i can't get the sound of the Angry Birds out of my head...)
Fair play...

Router Advice:

If you are using a Router, reset it then change the Admin(login) password. Ensure the NAT(Network Address Translation) Firewall is active. If a actual Wireless Router check it is secure....Further information about this can be read here. Finally check for any firmware updates.

If the default password is retained, a remote attacker can install his own server address in between you and your Internet Service Provider. (The default passwords are published).

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go here to run the scan...Click on Scan Now
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Suspected Google Redirect Virus - Logs

Unread postby Nealaus » April 21st, 2011, 11:31 pm

All sorted by the looks of it...


Here is the ESET log:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=e1d48852593c1248b512343cfacc2d8d
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-04-22 03:24:39
# local_time=2011-04-22 01:24:39 (+1000, AUS Eastern Standard Time)
# country="Australia"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777191 100 0 2691835 2691835 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=105170
# found=3
# cleaned=0
# scan_time=7915
C:\Documents and Settings\Owner\My Documents\Applications-Downloads\AlexaInstaller.exe Win32/Adware.Alexa application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\VRE Toolbar\uninstall.exe Win32/Adware.Toolbar.DosPop application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\VRE Toolbar\update.exe Win32/Adware.Toolbar.DosPop application (unable to clean) 00000000000000000000000000000000 I
Nealaus
Active Member
 
Posts: 13
Joined: April 18th, 2011, 5:41 pm

Re: Suspected Google Redirect Virus - Logs

Unread postby Dakeyras » April 22nd, 2011, 7:52 am

Hi. :)

All sorted by the looks of it...
Aye it would appear so, two of the detections are false positives and the related software does not appear to be installed anyway.

Using Windows Explorer (to get there right-click your Start button and go to Explore), please delete this folder & file (if present):

C:\Program Files\VRE Toolbar
C:\Documents and Settings\Owner\My Documents\Applications-Downloads\AlexaInstaller.exe

Now empty the Recycle Bin.

Next:

Let myself know when completed the above and if any further issues remaining, thank you.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Suspected Google Redirect Virus - Logs

Unread postby Nealaus » April 22nd, 2011, 3:22 pm

All done!!

The issues are all resolved.

Can I say...

stepping through this in the way you have shown me, has helped my understsanding and raised my awareness to not be complacent with security.

When the problem hits the *quick fix* is demanded...but the slower, more steady, methodical procedure seems by far the best and most reassuring route home.

Thanks for all your knowledge, patience and understaning.

Regards

Neal Lohse
Nealaus
Active Member
 
Posts: 13
Joined: April 18th, 2011, 5:41 pm

Re: Suspected Google Redirect Virus - Logs

Unread postby Dakeyras » April 22nd, 2011, 4:09 pm

Hi. :)

You're most welcome and thank you for the kind words...much appreciated!

Next:

Congratulations your computer appears to be malware free!

Now I have some tasks for your good self to carry out as part of a clean up process and some advice about online safety.

Importance of Regular System Maintenance:

I advice you read both of the below listed topics as this will go a long way to keeping your Computer performing well.

Help! My computer is slow!

Also so is this:

What to do if your Computer is running slowly

Reset SR Points/Clean up with OTL:

  • Double-click OTL to start the program.
  • Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
Code: Select all
:Commands
[ClearAllRestorePoints]
  • Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
  • Then click the red Run Fix button.
  • Let the program run unhindered. When finished click on OK and close the log that appears.
  • Note: I do not need to review the log produced.
  • Now close all other programs apart from OTL as this step will require a reboot.
  • On the OTL main screen, depress the CleanUp button.
  • Say Yes to the prompt and then allow the program to reboot your computer.

The above process will flush old System Restore points and create a new clean one. It should also clean up and remove the vast majority of scanners used and logs created etc.

Any left over merely delete yourself and empty the Recycle Bin.

Now some advice for on-line safety:

Malwarebyte's Anti-Malware:

This is a excellent application and I advise you keep this installed. Check for updates and run a scan once at least once perweek.

Other installed security software:

Your presently installed security application, Titanium Maximum Security automatically checks for updates and downloads/installs them with every system reboot and or periodically if the machine is left running providing a internet connection is active.

I advise you also run a complete scan with this also once per week.

Erunt:

Emergency Recovery Utility NT, I advice you keep this installed as a means to keep a complete backup of your registry and restore it when needed.

Myself I would actually create a new back up once per week as this along with System Restore may prove to be invaluable if something unforeseen occurs!

Keep your system updated:

Microsoft releases patches for Windows and other products regularly:


Be careful when opening attachments and downloading files:

Never open email attachments, not even if they are from someone you know. If you need to open them, scan them with your antivirus program before opening.
Never open emails from unknown senders.
Beware of emails that warn about viruses that are spreading, especially those from antivirus vendors. These email addresses can be easily spoofed. Check the antivirus vendor websites to be sure.
Be careful of what you download. Only download files from known sources. Also, avoid cracked programs. If you need a particular program that costs too much for you, try finding free alternatives on Sourceforge or Pricelessware.

Stop malicious scripts:

Windows by default allow scripts (which is VBScript and JavaScript) to run and some of these scripts are malicious. Use Noscript by Symantec or Script Defender by AnalogX to handle these scripts.

Avoid Peer to Peer software:

P2P may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. My advice is avoid these types of software applications.

Hosts File:

A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your computer will look up the website's IP address before you can view the website.

Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.

Here are some Hosts files:


Only use one of the above!

Install WinPatrol:

WinPatrol alerts you about possible system hijacks, malware attacks and critical changes made to your computer without your permission.

Download it from here.

You can find information about how WinPatrol works here.

Next:

This is a very helpful/useful set of advice from Microsoft: Microsoft Safety & Security Center

Any questions? Feel free to ask, if not stay safe!
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Suspected Google Redirect Virus - Logs

Unread postby NonSuch » April 23rd, 2011, 6:44 pm

As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 392 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware