Tom's Guide | Tom's Hardware | Tom's Games

Computing.Net > Forums > Security and Virus > Google redirect popup virus

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

Google redirect popup virus

Reply to Message Icon

Name: zoli004
Date: March 15, 2009 at 13:47:39 Pacific
OS: Microsoft Windows Vista Édition Familiale Basique
CPU/Ram: 1.6 GHz / 1013 MB
Product: Lenovo / 8922bgf
Subcategory: Viruses
Comment:

Hi,
like many I seem to have a google redirect popup virus.

When I click on a google links a popup apear of some spyware detector or some wierd search engine.

Also when I run AVG and Ad-aware, i'm not able to do the automatic update. It's blocked

I've read some other post and tried some advise but now, i'm stock.

I hop some body can help me

I've run Malwarebyte and hijack this

Here are the log:

Malwarebytes' Anti-Malware 1.34
Version de la base de données: 1749
Windows 6.0.6001 Service Pack 1

2009-03-15 15:38:27
mbam-log-2009-03-15 (15-38-27).txt

Type de recherche: Examen rapide
Eléments examinés: 62290
Temps écoulé: 7 minute(s), 4 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 4
Valeur(s) du Registre infectée(s): 11
Elément(s) de données du Registre infecté(s): 12
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 8

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8ca5ed52-f3fb-4414-a105-2e3491156990} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\fqbewlna.bemv (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\fqbewlna.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MicroAV (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur66d9.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur686f.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur6ce2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur708a.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yurf6d8.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur66d9.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur686f.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur6ce2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur708a.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yurf6d8.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\SSDPSRV (Backdoor.Bot) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.146,85.255.112.76 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{629517ec-8fca-4436-9c63-26da7052b482}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.146,85.255.112.76 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9c260e6b-e5f9-4353-b3e0-8e59e6cac4d8}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.146,85.255.112.76 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9c260e6b-e5f9-4353-b3e0-8e59e6cac4d8}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.146,85.255.112.76 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.146,85.255.112.76 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{629517ec-8fca-4436-9c63-26da7052b482}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.146,85.255.112.76 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{9c260e6b-e5f9-4353-b3e0-8e59e6cac4d8}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.146,85.255.112.76 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{9c260e6b-e5f9-4353-b3e0-8e59e6cac4d8}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.146,85.255.112.76 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.146,85.255.112.76 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{629517ec-8fca-4436-9c63-26da7052b482}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.146,85.255.112.76 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{9c260e6b-e5f9-4353-b3e0-8e59e6cac4d8}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.146,85.255.112.76 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{9c260e6b-e5f9-4353-b3e0-8e59e6cac4d8}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.146,85.255.112.76 -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Program Files\PCHealthCenter (Trojan.Fakealert) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Program Files\PCHealthCenter\2.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\3.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\sc.html (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\autorun.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\RECYCLER\S-7-6-47-100003619-100007141-100013396-9323.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\ssdpsrv.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Users\Olivier\AppData\Local\Temp\windfr.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Olivier\AppData\Local\Temp\sfsrv.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.



Sponsored Link
Ads by Google

Response Number 1
Name: SongCloud
Date: March 15, 2009 at 17:43:22 Pacific
Reply:

Please post your HijackThis log as well.

Did you reboot after scanning with MalwareBytes?


------
MOS Master Certified
MCP Certified
CCNA Certificate Pending
A+ Certificate Pending

"I have gone to find myself. If I get back before I return, please tell myself to wait." :


0
Reply to Message Icon

Related Posts

See More



Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.


Go to Security and Virus Forum Home


Sponsored links
Ads by Google


Results for: Google redirect popup virus
google redirect and virus updates www.computing.net/answers/security/google-redirect-and-virus-updates/24048.html

google redirecting/email virus www.computing.net/answers/security/google-redirectingemail-virus/25908.html

Google redirect virus www.computing.net/answers/security/google-redirect-virus/26157.html