Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Google Redirect

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Google Redirect

Unread postby SDub2032 » September 7th, 2010, 1:21 pm

It still seems to be finding a lot of problems, will it make any difference if we just delete the infected music files?

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Tuesday, September 7, 2010
Operating system: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, September 07, 2010 09:37:33
Records in database: 4202184
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Objects scanned: 78787
Threats found: 10
Infected objects found: 24
Suspicious objects found: 0
Scan duration: 02:42:00


File name / Threat / Threats count
C:\Qoobox\Quarantine\C\explorer.exe.vir Infected: Trojan.Win32.Patched.kl 1
C:\Qoobox\Quarantine\C\WINDOWS\explorer.exe.vir Infected: Trojan.Win32.Patched.kl 1
C:\System Volume Information\_restore{736B8453-93FE-477D-9F4C-E9DBA07C5B6E}\RP7\A0004602.exe Infected: Trojan.Win32.Patched.kl 1
C:\System Volume Information\_restore{736B8453-93FE-477D-9F4C-E9DBA07C5B6E}\RP7\A0004603.exe Infected: Trojan.Win32.Patched.kl 1
C:\System Volume Information\_restore{736B8453-93FE-477D-9F4C-E9DBA07C5B6E}\RP7\A0004604.exe Infected: Trojan.Win32.Patched.kl 1
C:\System Volume Information\_restore{736B8453-93FE-477D-9F4C-E9DBA07C5B6E}\RP7\A0004794.exe Infected: Trojan.Win32.Patched.kl 1
C:\System Volume Information\_restore{736B8453-93FE-477D-9F4C-E9DBA07C5B6E}\RP7\A0004809.exe Infected: Trojan.Win32.Patched.kl 1
C:\System Volume Information\_restore{736B8453-93FE-477D-9F4C-E9DBA07C5B6E}\RP8\A0006029.exe Infected: Trojan.Win32.Patched.kl 1
C:\System Volume Information\_restore{736B8453-93FE-477D-9F4C-E9DBA07C5B6E}\RP8\A0006030.exe Infected: Trojan.Win32.Patched.kl 1
C:\System Volume Information\_restore{736B8453-93FE-477D-9F4C-E9DBA07C5B6E}\RP8\A0006045.exe Infected: Trojan.Win32.Patched.kl 1
C:\System Volume Information\_restore{736B8453-93FE-477D-9F4C-E9DBA07C5B6E}\RP8\A0006107.exe Infected: Trojan.Win32.Patched.kl 1
C:\System Volume Information\_restore{736B8453-93FE-477D-9F4C-E9DBA07C5B6E}\RP8\A0007086.exe Infected: Trojan.Win32.Patched.kl 1
C:\WINDOWS\system32\dllcache\winlogon.exe Infected: Trojan-Downloader.Win32.Small.attu 1
C:\WINDOWS\system32.winlogon.exe Infected: Trojan-Downloader.Win32.Small.attu 1
C:\winlogon.bad1 Infected: Trojan.Win32.Patched.kl 1
C:\_OTL\MovedFiles\09062010_102634\C_Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\61\80e447d-65663560 Infected: Exploit.Java.Agent.cw 1
C:\_OTL\MovedFiles\09062010_102634\C_Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\61\80e447d-65663560 Infected: Exploit.Java.Agent.cu 1
C:\_OTL\MovedFiles\09062010_102634\C_Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\61\80e447d-65663560 Infected: Exploit.Java.Agent.cv 1
C:\_OTL\MovedFiles\09062010_102634\C_Documents and Settings\Owner\Local Settings\Temp\jar_cache4715165559904827035.tmp Infected: Exploit.Java.Agent.de 1
C:\_OTL\MovedFiles\09062010_102634\C_Documents and Settings\Owner\My Documents\My Music\bring me to life evanessence.mp3 Infected: Trojan-Downloader.WMA.Wimad.r 1
C:\_OTL\MovedFiles\09062010_102634\C_Documents and Settings\Owner\My Documents\My Music\dallas green [new single].au Infected: Trojan-Downloader.WMA.GetCodec.u 1
C:\_OTL\MovedFiles\09062010_102634\C_Documents and Settings\Owner\My Documents\My Music\excited janet jackson pop - bonus track.mp3 Infected: Trojan-Downloader.WMA.GetCodec.u 1
C:\_OTL\MovedFiles\09062010_102634\C_Documents and Settings\Owner\My Documents\My Music\guess who king.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\_OTL\MovedFiles\09062010_102634\C_Documents and Settings\Owner\My Documents\My Music\Team Sleep - Death By Plane.wma Infected: Trojan-Downloader.WMA.GetCodec.a 1

Selected area has been scanned.
SDub2032
Regular Member
 
Posts: 17
Joined: September 3rd, 2010, 7:14 pm
Advertisement
Register to Remove

Re: Google Redirect

Unread postby deltalima » September 7th, 2010, 2:28 pm

Hi SDub2032,

It still seems to be finding a lot of problems


It looks bad, but it is fine, all those detections can be explained as copies we made during the fix that we can remove, or quarantine / system restore items that we will remove once all clean.

Please use Windows Explorer to navigate to c:\sp2\i386\winlogon.exe right click and copy then past into the folder C:\WINDOWS\system32\dllcache.

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :files
    C:\WINDOWS\system32.winlogon.exe
    C:\winlogon.bad1 
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Please go here and download then install Windows XP Service Pack 3. This is vital to repair the damage done by the infection.

Once you have done that please turn on automatic updates and ensure all updates are applied then let me know and we can continue with the clean up.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Google Redirect

Unread postby SDub2032 » September 7th, 2010, 4:06 pm

Hi, just a quick question, I've done the first part and am installing the Service Pack 3, which I have been for some time. It has done the installation, I think. It says in the box "Finishing Installation" and in the 'Details' box it says 'Performing Cleanup'. The status bar is about 95% completed but it hasn't moved for the last 15 minutes or so, should I just keep waiting or has it frozen?
SDub2032
Regular Member
 
Posts: 17
Joined: September 3rd, 2010, 7:14 pm

Re: Google Redirect

Unread postby deltalima » September 7th, 2010, 4:08 pm

Yes just keep waiting - SP3 is a big update so can take a while to complete.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Google Redirect

Unread postby SDub2032 » September 7th, 2010, 5:32 pm

Hi, finally finished! It seemed to go okay after the long delay and restarted the computer. The Updates are the ones in the Control Panel? Those are on the recommended, daily.

This is the log for the Fix I ran before the windows update (I hope, I've got so many logs now I'm getting confused!)

========== FILES ==========
C:\WINDOWS\system32.winlogon.exe moved successfully.
C:\winlogon.bad1 moved successfully.

OTL by OldTimer - Version 3.2.11.0 log created on 09072010_133620
SDub2032
Regular Member
 
Posts: 17
Joined: September 3rd, 2010, 7:14 pm

Re: Google Redirect

Unread postby deltalima » September 8th, 2010, 4:09 am

Hi SDub2032,

The Updates are the ones in the Control Panel? Those are on the recommended, daily.


Good, always apply the updates as soon as they become available.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure


Remove GMER

Delete the GMER icon from your desktop, it will be named rr3l07ss.exe

Uninstall ComboFix

  • Click START then RUN
  • Now type Combofix /Uninstall in the runbox and click OK

Clean up with OTL

  • Double-click OTL.exe to start the program. This will remove all the tools we used to clean your pc.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.


Update your AntiVirus Software and keep your other programs up-to-date
Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check


Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:

Using SpywareBlaster to protect your computer from Spyware and Malware


Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety


Also, please read this great article by Tony Klein So How Did I Get Infected In First Place

You may wish to run a final scan with Kaspersky to confirm all the infected objects have now been removed.

Happy surfing and stay clean!
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Google Redirect

Unread postby SDub2032 » September 8th, 2010, 2:24 pm

Hi deltalima,
Thanks for all of the help, I've just run the Kaspersky scan again and it's showing 0 infections or problems. The computer seems to be running fine now, not sure if it's just my imagination but even the fan seems to be coming on less (it used to be on constantly and the laptop was getting quite hot).

I'm now going to download the programs you've suggested and have been reading the links so something like this never happens again.

Once again, thank you so much for all of the help, for a while I was thinking I would just have to give up on this laptop! You had a lot more patience over the days than even I had sometimes, it's very much appreciated to know that there are people who volunteer to help others online, rather than just those who create these viruses to annoy others!

Thanks again!
SDub2032
Regular Member
 
Posts: 17
Joined: September 3rd, 2010, 7:14 pm

Re: Google Redirect

Unread postby deltalima » September 8th, 2010, 3:13 pm

Thanks for all of the help


You're welcome!

The computer seems to be running fine now, not sure if it's just my imagination but even the fan seems to be coming on less (it used to be on constantly and the laptop was getting quite hot).


Good to hear, it is likely that the fan will be quieter now all the hidden background processes have been removed.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Google Redirect

Unread postby muppy03 » September 9th, 2010, 3:25 am

As your problems appear to have been resolved, this topic is now closed.
We are pleased we could help you resolve your computer's malware issues.

If you are satisfied with our assistance and wish to donate to help with the costs of this volunteer site, please read :
Donations For Malware Removal
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4798
Joined: December 4th, 2007, 5:30 am
Location: Australia
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 504 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware