Google Redirect Virus

July 4, 2009 at 05:05:49
Specs: Windows XP
I've been having problems with the Google Redirect Virus and have been trying to find a way to remove it all day. I know you have to look through logs and such but I don't know what I'm looking for exactly. Any help at all would be appreciated as I'm completely lost on what to do.

See More: Google Redirect Virus

Report •


#1
July 4, 2009 at 07:29:06

Report •

#2
July 4, 2009 at 07:52:41
Yes. I have Firefox & Internet Explorer and it's happening in both.

Report •

#3
July 4, 2009 at 07:56:38
What have you tried up till now? Tried Antivirus, malwarebytes?

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

Related Solutions

#4
July 4, 2009 at 08:00:33
I've tried Malwarebytes but it didn't catch anything.

Report •

#5
July 4, 2009 at 08:05:49
Note: I can help you remove malware manually. Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible. First Track this topic. Then follow:

1) Can you please post your AVZ log:
Note: Run AVZ in windows normal mode. If avz.exe doesn't start, then try to rename the file avz.exe to something else and try to run it again. Make sure you have your web browser open in background before following the steps below.

i) To create the log file, download AVZ by clicking HERE. Please save this file to your desktop or "My Documents" folder.

ii) Next, unpack the file to a new folder using the Compressed (zipped) folders wizard built into Windows XP/Vista, or a zip utility of your choice.

iii) Once you have unpacked the contents of the zip archive, please launch the file AVZ.exe by double clicking on it or right clicking and selecting Open.
Note: If you are running Windows vista launch AVZ.exe by right clicking and selecting Run as Administrator.

You should now see the main window of the AVZ utility. Please navigate to File->Custom Scripts. Copy the script below by using the keyboard shortcut CTRL+C or the corresponding option via right click.

begin
ExecuteAVUpdateEx( 'http://avz.virusinfo.info/avz_up/', 1, '','','');
ExecuteStdScr(3);
RebootWindows(true);
end.


Paste the script into the execution window by using CTRL+V keyboard shortcut, or the "paste" option via the right click menu. Click on Run to run the script, the PC will reboot. After the reboot the LOG subfolder is created in the folder with AVZ, with a file called virusinfo_syscure.zip inside. Upload that file to rapidshare.com and paste the link here.

Image Tutorial

2) Download and Run DDS which will create a Pseudo HJT Report as part of its log: DDS Tool Download Link. When done, DDS will open two (2) logs

   1. DDS.txt
   2. Attach.txt

Upload the logs to rapidshare.com and paste download link in your next reply.
Note: Disable any script-blocking programs and then double-click on the DDS.scr icon to start the program. If you did not disable a script-blocker that may be part of your antimalware program, you may receive a warning from your antimalware product asking if you would like DDS.scr to run. Please allow it to do so.

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#6
July 4, 2009 at 08:57:34
virusinfo_syscure.zip - here

dds.txt - here

attach.txt - here


Report •

#7
July 4, 2009 at 09:22:47
Follow these Steps in order numbered. Don't proceed to next step unless you have successfully completed previous step:

1) Run this script in AVZ like before, your computer will reboot:

begin
SetAVZGuardStatus(True);
SearchRootkit(true, true);
 StopService('drvdrv');
 DeleteService('drvdrv');
 DelBHO('{10C2C2C0-1C16-4CD1-A234-E64596998826}');
 QuarantineFile('C:\WINDOWS\system32\pmnlm.dll','');
 QuarantineFile('C:\WINDOWS\system32\jkkji.dll','');
 QuarantineFile('C:\WINDOWS\system32\geeby.dll','');
 QuarantineFile('C:\Documents and Settings\RICHIE_BONALLIE\Application Data\Google\afuya1119762.exe','');
 QuarantineFile('C:\windows\ld12.exe','');
 QuarantineFile('C:\WINDOWS\system32\eLock2BurnerLockDriver.sys','');
 QuarantineFile('C:\WINDOWS\system32\eLock2FSCTLDriver.sys','');
 QuarantineFile('C:\WINDOWS\system32\drivers\pbsaudrv.sys','');
 QuarantineFile('C:\Program Files\drv\drv.sys','');
 QuarantineFile('c:\program files\drv\drv.dll','');
 DeleteFile('c:\program files\drv\drv.dll');
 DeleteFile('C:\Program Files\drv\drv.sys');
 DeleteFile('C:\windows\ld12.exe');
 DeleteFile('C:\Documents and Settings\RICHIE_BONALLIE\Application Data\Google\afuya1119762.exe');
 DeleteFile('C:\WINDOWS\system32\geeby.dll');
 DeleteFile('C:\WINDOWS\system32\jkkji.dll');
 DeleteFile('C:\WINDOWS\system32\pmnlm.dll');
BC_ImportAll;
ExecuteSysClean;
ExecuteRepair(7);
ExecuteRepair(13);
BC_Activate;
SetAVZPMStatus(true); 
RebootWindows(true);
end.

2) After reboot execute following script in AVZ:

begin
CreateQurantineArchive('C:\quarantine1.zip');    
end.


A file called quarantine1.zip should be created in C:\. Upload that file to rapidshare.com and Private message me download link.

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#8
July 4, 2009 at 10:13:48
Download Security Check by screen317 from here or here.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt.
Please post the contents of that document.

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#9
July 4, 2009 at 10:23:10
Results of screen317's Security Check version 0.98.4
Windows XP Service Pack 3
[b]``````````````````````````````
Antivirus/Firewall Check:
``````````````````````````````[/b]
Windows Firewall Enabled!
NortonSecurityScan(SymantecCorporation)
NortonSecurityScan
ECHO is off.
[color=red]Error obtaining update status for antivirus![/color]
[b]``````````````````````````````
Anti-malware/Other Utilities Check:
``````````````````````````````[/b]
Ad-Aware
Spybot - Search & Destroy
Malwarebytes' Anti-Malware
CCleaner (remove only)
Java(TM) 6 Update 11
[color=red][b]Out of date Java installed![/b][/color]
Adobe Flash Player 10
[b]``````````````````````````````
Process Check:
objlist.exe by Laurent
``````````````````````````````[/b]
Ad-Aware AAWService.exe
[color=red][b]Ad-Aware AAWTray.exe is disabled![/b][/color]
[color=red][b]Spybot SDHelper is disabled![/b][/color]
[b]``````````````````````````````
DNS Vulnerability Check:
``````````````````````````````[/b]
GREAT! (Very random)

Scan took 21565 seconds.
[b]`````````End of Log```````````[/b]


Report •

#10
July 4, 2009 at 10:31:42
Are you still getting redirected? Follow these Steps in order numbered. Don't proceed to next step unless you have successfully completed previous step:

1) Run complete scan with: http://onecare.live.com/site/en-Us/...

2) Install, update database and run full scan with Malwarebytes' Anti-Malware. Attach malwarebyte full scan log, fix anything detected.

3) House cleaning. Run full Scan with SuperAntispyware : http://www.superantispyware.com/dow... . Fix what it detects and post summary scan log.

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#11
July 4, 2009 at 10:37:56
No, the redirecting has stopped. Should I still follow the three steps?

Report •

#12
July 4, 2009 at 11:24:13
Yes its recommended you still follow Response Number 10. It will clean up remaining files and other benefits.

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •


Ask Question