Google redirect in mozilla

June 8, 2009 at 08:00:42
Specs: Windows Vista Ultimate 32bit, 1.6 GHz / 3061 MB
Hi
I have a problem with my laptop. Initially i had a virus with avira antivirus poping up every 30 secs detecting a trojan horse/dropper which would not dissapear for about 2 weeks. Now it seems to be gone but i am left with a google redirect virus which only affects mozilla firefox.

I have tried various malware/antivirus software but non of them can detect it. Any help would be most appreciated.


See More: Google redirect in mozilla

Report •


#1
June 8, 2009 at 08:08:28
Can you make a new HijackThis log and upload it to rapidshare.com. HijackThis: Here

-------------------------------------------------


Report •

#2
June 8, 2009 at 08:18:04

Report •

#3
June 8, 2009 at 08:28:01
1) Can you please post your AVZ log:
Note: Run AVZ in windows normal mode. If avz.exe doesn't start, then try to rename the file avz.exe to something else and try to run it again. Make sure you have your web browser open in background before following the steps below.

i) To create the logfile, download AVZ by clicking HERE. Please save this file to your desktop or "My Documents" folder.

ii) Next, unpack the file to a new folder using the Compressed (zipped) folders wizard built into Windows XP/Vista, or a zip utility of your choice.

iii) Once you have unpacked the contents of the zip archive, please launch the file AVZ.exe by double clicking on it or right clicking and selecting Open.
Note: If you are running Windows vista launch AVZ.exe by right clicking and selecting Run as Administrator.

You should now see the main window of the AVZ utility. Please navigate to File->Custom Scripts. Copy the script below by using the keyboard shortcut CTRL+C or the corresponding option via right click.

begin
ExecuteStdScr(3);
RebootWindows(true);
end.


Paste the script into the execution window by using CTRL+V keyboard shortcut, or the "paste" option via the right click menu. Click on Run to run the script, the PC will reboot. After the reboot the LOG subfolder is created in the folder with AVZ, with a file called virusinfo_syscure.zip inside. Upload that file to rapidshare.com and paste the link here.

Image Tutorial

-------------------------------------------------


Report •

Related Solutions

#4
June 8, 2009 at 08:42:33

Report •

#5
June 8, 2009 at 08:55:16
Follow these Steps in order numbered. Don't proceed to next step unless you have sucessfully completed previous step:

1) Run this script in AVZ like before, your computer will reboot:

begin
SetAVZGuardStatus(True);
SearchRootkit(true, true);
 QuarantineFile('C:\WINDOWS\system32\SysUdisk.exe','');
 DeleteFile('C:\WINDOWS\system32\SysUdisk.exe');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.

2) After Reboot. Attach a Combofix log, please review and follow these instructions carefully.

Download it here -> http://download.bleepingcomputer.co...

Before Saving it to Desktop, please rename it to something like 123.exe to stop malware from disabling it.

Now, please make sure no other programs are running, close all other windows and pause Antivirus/Sypware programs (http://www.bleepingcomputer.com/forums/topic114351.html Programs to disable) until after the scanning and removal process has taken place.

Please double click on the file you downloaded. Follow the onscreen prompts to start the scan. Once the scanning process has started please DO NOT click on the Combofix window or attempt to use your computer as this can cause the scanning process to stall. It may take a while to complete scanning and this is normal.

You will be disconnected from the internet and your desktop icons/toolbars will disappear during scanning, do not worry, this is normal and it will be restored after scanning has completed.

Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please upload that file to rapidshare.com and paste the link here.

-------------------------------------------------


Report •

#6
June 8, 2009 at 10:04:55
I'm posting this message from a different computer.

I have done step 1. When i run combofix it took about 5mins for the command window to load and for the past 35 mins it is stuck on the following message:

Attempting to create a new System Restore point.


Report •

#7
June 8, 2009 at 10:08:00
Yes let it finish it will take some time. Might take few hours.

-------------------------------------------------


Report •

#8
June 8, 2009 at 12:49:23
It has been three and a half hours now and it still says

Attempting to create a new System Restore point.

It seems to be stuck, what should i do?


Report •

#9
June 8, 2009 at 13:34:37
Is rest of your computer froze or its working?

-------------------------------------------------


Report •

#10
June 8, 2009 at 13:36:09
rest of the computer is ok, but it has been on the same message for 4 hours

Report •

#11
June 8, 2009 at 13:40:10
How big are your drives?

-------------------------------------------------


Report •

#12
June 8, 2009 at 13:41:29
120 gb

Report •

#13
June 8, 2009 at 13:45:34
If you can post picture of your desktop with combo fix and windiws task manager open (process page) .

-------------------------------------------------


Report •

#14
June 8, 2009 at 13:55:42
Here's the pic

http://rapidshare.com/files/2423836...


Report •

#15
June 8, 2009 at 14:05:41
Close combofix and try to run it in safe mode.

-------------------------------------------------


Report •

#16
June 8, 2009 at 14:14:43
OK. I will leave it running in safemode overnight and let you know tomorrow. You have been extremely helpful

Report •

#17
June 9, 2009 at 00:41:35
here is the combofix log file

http://rapidshare.com/files/2425132...


Report •

#18
June 9, 2009 at 05:30:29
Follow these Steps in order numbered. Don't proceed to next step unless you have sucessfully completed previous step:

1) Run this script in AVZ:

begin
CreateQurantineArchive('c:\quarantine.zip');
end.

2) A file called quarantine.zip should be created in C:\. Then please zip up C:\qoobox\quarantine and upload both it and C:\quarantine.zip to a filehost such as http://rapidshare.com/ Then, Private Message me the Download link to the uploaded file.

3) Lastly, uninstall Combofix by: pause Antivirus/Sypware programs (http://www.bleepingcomputer.com/forums/topic114351.html Programs to disable) > Start > run > type combofix /u > ok. Or Start > run > type 123 /u > ok.

-------------------------------------------------


Report •

#19
June 9, 2009 at 05:41:41
Google redirect is due to a Browser Hijacker infection. your pc has got a browser hiajcker that hijacks and redirects search engine search queries to other sites (adverts). manaual removal guide can help you remove this browser hijacker http://darfuns.com/remove-google-se...

Report •

#20
June 9, 2009 at 08:22:43
Follow these steps again:
1) Can you please post your AVZ log:
Note: Run AVZ in windows normal mode. If avz.exe doesn't start, then try to rename the file avz.exe to something else and try to run it again. Make sure you have your web browser open in background before following the steps below.

i) To create the logfile, download AVZ by clicking HERE. Please save this file to your desktop or "My Documents" folder.

ii) Next, unpack the file to a new folder using the Compressed (zipped) folders wizard built into Windows XP/Vista, or a zip utility of your choice.

iii) Once you have unpacked the contents of the zip archive, please launch the file AVZ.exe by double clicking on it or right clicking and selecting Open.
Note: If you are running Windows vista launch AVZ.exe by right clicking and selecting Run as Administrator.

You should now see the main window of the AVZ utility. Please navigate to File->Custom Scripts. Copy the script below by using the keyboard shortcut CTRL+C or the corresponding option via right click.

begin
ExecuteStdScr(3);
RebootWindows(true);
end.


Paste the script into the execution window by using CTRL+V keyboard shortcut, or the "paste" option via the right click menu. Click on Run to run the script, the PC will reboot. After the reboot the LOG subfolder is created in the folder with AVZ, with a file called virusinfo_syscure.zip inside. Upload that file to rapidshare.com and paste the link here.

Image Tutorial

2) Download and Run DDS which will create a Pseudo HJT Report as part of its log: DDS Tool Download Link. Upload the log to rapidshare.com and paste download link in your next reply.
Note: Disable any script-blocking programs and then double-click on the DDS.scr icon to start the program. If you did not disable a script-blocker that may be part of your antimalware program, you may receive a warning from your antimalware product asking if you would like DDS.scr to run. Please allow it to do so.

-------------------------------------------------


Report •

#21
June 9, 2009 at 09:25:10
Step 1

http://rapidshare.com/files/2426614...


Report •

#22
June 9, 2009 at 09:29:00
Step 2

http://rapidshare.com/files/2426628...


Report •

#23
June 9, 2009 at 10:09:08
Please download ATF-Cleaner by Atribune and Save it to your Desktop.

* Double-click ATF-Cleaner.exe to run the program.
* Under Main choose: Select All
* Click the Empty Selected button.

If you use Firefox browser

* Click Firefox at the top and choose: Select All
* Click the Empty Selected button.
* NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

1) Install, update database and run full scan with Malwarebytes' Anti-Malware. Attach malwarebyte full scan log, but Please Don't fix anything yet, until the log is reviewed.

2) Run full Scan with SuperAntispyware : http://www.superantispyware.com/dow... . Fix what it detects and post summary scan log.

3) Update your vista to SP2.


-------------------------------------------------


Report •

#24
June 9, 2009 at 10:28:56
Here is Malwarebyes log

http://rapidshare.com/files/2426836...


Report •

#25
June 9, 2009 at 11:10:43
Response Number 23 changed please complete those steps and report back.

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •


Ask Question