Google Redirecting

April 8, 2010 at 12:41:29
Specs: Windows 16.09.2009
I posted this a little while ago but I didnt get any real response from it. I had a virus on my computer but most of it is removed now. However whenever I try to search on google everything is directed through Searchclick66 or something like that. I tried to run the DSS but for some reason its not working on my computer, is there any other fixes out there for me?

See More: Google Redirecting

Report •

April 8, 2010 at 19:48:34
That means you are still infected, probably more that one baddie.

Run these two programs then try to run DDS and Malwarebytes then post their logs.

Please download exeHelper to your desktop.
Double-click on to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of exehelperlog.txt (Will be created in the directory where you ran, and should open at the end of the scan)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

You may need to download these to a cd, external drive, or usb drive and run it on the infected computer but first try to run it from the infected computer.

Please download Rkill from the following link.


Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. This link will help you disable them:

Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)

A black screen will appear and then disappear. Please do not worry, that is normal.

If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by the malware when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate the malware . So, please try running Rkill until malware is no longer running. You will then be able to proceed with the rest of the guide.

Do not reboot your computer after running rkill as the malware programs will start again.

Please download Malwarebytes' Anti-Malware from one of these sites:



Rename the setup file, mbam-setup.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename mbam-setup.exe to tool.exe> click save.

1. Double Click tool.exe to install the application.
2. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
3. If an update is found, it will download and install the latest version.
4. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient.
5. When the scan is complete, click OK, then Show Results to view the results.
6. Make sure that everything found is checked, and click Remove Selected.
7. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
8. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
9. Copy&Paste the entire report in your next reply.

Report •

April 9, 2010 at 05:39:36
exeHelper by Raktor
Build 20100329
Run at 08:38:39 on 04/09/10
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...

Report •

April 9, 2010 at 06:01:29
Malwarebytes' Anti-Malware 1.45

Database version: 3972

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18904

09/04/2010 8:50:55 AM
mbam-log-2010-04-09 (08-50-55).txt

Scan type: Quick scan
Objects scanned: 116141
Time elapsed: 4 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msplyi4d (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Andrew\mpod.exe (Trojan.Suspicious.Gen) -> Quarantined and deleted successfully.

Report •

Related Solutions

April 9, 2010 at 06:02:41
I also have alot of stuff in quarantine and a few logs from before. Should I post those?

Report •

April 9, 2010 at 11:30:56
No need to post the old Malwarebytes log.

See if you can runn DDS and post its two logs.

Report •

April 9, 2010 at 12:24:56
I tried again and once more it gave me a jumbled mess of stuff, here's the first few lines

MZ   ÿÿ ¸ @ € º ´ Í!¸LÍ!This program cannot be run in DOS mode.

$ PE L +I à  2 n Z    @     0  f       Ô   ´ .code   î  PEC2FO à.rsrc   ð à ¸¨$R Pdÿ5 d‰% 3À‰PECompact2 VÒËK¬Ç Ñžç†ì¸oTN<N<Tƒ#™®=L34w
ül©TS`M6lŠÕ[ÐåNP‘áHˆr_0)a´ã þòؾ,íf½úÙ)|‚ü®BÅ£˜˜¨¥§3]Ë£oKj„v›©hÕ¸ª-–…PÛØw4l4’¼òåâ`ªµ¾å \¤¹3ïnféwp‰"ns„Åe€Xc˜åÝDgòñϨ«ýÄ|¢0 O ü·E öôÄ J\#2\üÇçbNê\MkÊ(Õ^EK¥] m
Ã<Ð_À@ƒt½•‰HŽÓw,KÚÄíØ{²³Y®wCÈd•Aýœ§Ej]…vWªbÚ°Í.çÏ“cF §(C&{Ÿ™;Ùçy U2ø)[)g*æ®u¼¬ÅŠ¡0ʫ䜁¬Mõ•å‘Žsÿ¼
PKÚŸ}C’b{/¬p=øžÏ_¯ýI«ÐÅѶ_÷º²À'Ô Ö`ãVS™JYg«ØÇĹ¡¹ç|_KwžÈD ;6àИ•¢ož†OªñGÞSÌ·c7äK €ÓgB-‘6XfvâôžÑ-§pĝǼšŽš]úPméÚUuó ¤;âê’Çïÿ&ƲoÉÉYú-00
+—=ïC<%#ÉšxÉužÌ ñÎC1y4jS†ôT»³)åðšÅü<HÞçž]Šëðnõ¢ÛwÑèPâ§Èmq*?>òË?ÍÆ244½ ¿i)míÞK‚᪆­Ï+:@óîC

Report •

April 9, 2010 at 12:41:49

Please download Combofix with internet explorer instead of any other browser if possible.

Remember..your Antivirus and any realtime antispyware program that you may have must be turned off or disabled before running ComboFix. The clickable link "This Link" in the ComboFix tutorial will help you get them disabled.

Please download ComboFix to the desktop from one of the following links:


Rename the setup file, combofix.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename combofix.exe to to Combo-Fix> click save.
Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop.
If you are using Firefox, make sure that your download settings are as follows:
Tools->Options->Main tab
Set to "Always ask me where to Save the files".

Please do not rename Combofix to other names, but only to the one indicated.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Double click on Combo-Fix.exe & follow the prompts.
Install the recovery console when asked.
When finished, it will produce a report for you.
Please post the "C:\Combo-Fix.txt" .
Note: Do not mouseclick combo-fix's window while it's running. That may cause it to hang.

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything unless told to do so while we are fixing your problem.

Report •

April 9, 2010 at 12:47:10
I got an error that came up which said Incompatible OS. Combo Fix Only works for workstations with Windows 2000 and XP. I'm running on Vista.

Report •

April 9, 2010 at 19:29:40
It must be 64 bit vista, do you know if it is 32 bit or 64 bit?

Report •

April 9, 2010 at 21:29:24
Hello Faulkyn,
this google redirect virus is a browser hijacker, i dont think its so complicated. anyways, to remove this browser hijacker that leads your search queries and web links to unwanted websites, download and run Malware Bytes or UNHACK-ME tool or the third option is to remove this virus manually, see the manual removal procedure or programs to remove this vrius here

Happy Virus Free Computing(.net)
Virus Removal tutorials and Softwares

Report •

April 10, 2010 at 07:16:28
It says 64 bit but something had happened after I cleaned off the first virus that wasnt allowing me to run 64bit applications like AIM or MSN I had to uninstall and reinstall them.

Report •

April 10, 2010 at 10:28:19
I think Malwarebytes remove the baddie but lets be sure.

Download Hitman Pro 64 bit free trial from this link and run it.

HitMan Pro 64bit Free Trial

Report •

Ask Question