Google search redirect virus/trojan

March 23, 2011 at 13:16:53
Specs: Windows Vista
I'm running Vista.
My google seraches keep getting redirected to places like localpages.com and mevio.com and ocassionally, a random window will just pop up.
I have followed countless instructions and nothing seems to be getting rid of this thing.
I've done a system restore as far back as I can.
I have the latest version of HIjack this - I saw something called wormradar.com and removed it.
I have AVG 2011.
I downloaded the latest Norton
I have the lastest Malwarebtyes
I've tried Avira.
I've tried spybot search and destroy -found a few things, but upon removal, prolem still persists.
I tried something called stopzilla, that detected threats the other programs missed and that just makes me suspicious of it.
I just now ran ESET online and it didn't find anything.
I've done all this in safe mode as well.

This is driving me crazy. This is nasty one, please help.


See More: Google search redirect virus/trojan

Report •


#1
March 23, 2011 at 13:25:44
Have you looked at your Host file for problems? And your Proxy settings?
Remove Stopzilla its not very good.

Report •

#2
March 23, 2011 at 13:55:07
Host file is clear. only 127.0.0.1 and ::1 localhost ( which I had to look up and seems to be okay)

I've had my proxy on manual and on no proxy and it doesn't seem to matter.

Stopzilla is not very good, agreed, but I've tried just about everything else.


Report •

#3
March 23, 2011 at 14:05:19
Cool, download and run Rkill use version iExplore.exe from this link:
http://www.bleepingcomputer.com/for...
Then download and run TDSSkiller from this link:
http://support.kaspersky.com/viruse...
Then download Malwarebytes from this link:
http://www.malwarebytes.org/
Then download and run HitmanPro3.5 from this link:
http://download.cnet.com/Hitman-Pro...

You said you have AVG 2011, have you removed Norton and Avira?


Report •

Related Solutions

#4
March 23, 2011 at 14:33:57
I forgot that I have rkill, too. Whenever I run it I get a BSOD that says I think pfn-list corrupt.
I also have already run Malwarebytes.

I ran AVG and Malware first and when that didn't catch anything I ran Norton and Avira.
I will try rkill again. Download the other software you suggested and uninstall norton and avira.


Report •

#5
March 23, 2011 at 15:00:47
Hitpro is finding a lot. The way these is shaping up it may have been dormant on machine for a long time because everything listed as a rootkit are really old programs. Nothing new is triggering.

Hitpro has finished, but It looks like I have to buy it in order for it to clean my machine.


Report •

#6
March 23, 2011 at 15:04:31
HitmanPro3.5 should be free for a 30 day trial, so unless you have used it already it will be free for the trial period.

Report •

#7
March 23, 2011 at 15:06:19
See if TDSSkiller will work for you.
http://support.kaspersky.com/viruse...

Report •

#8
March 23, 2011 at 15:32:40
Is the Rkill version you have an old one? Try downloading a new one from the Rkill link in post #3.
The BSOD pfn-list corrupt error can be caused by memory corruption, or is a problem with a misbehaving Driver. This can be checked using the Driver Verifier tool.
Here is a link to read through and it might just help.
http://www.techrepublic.com/blog/wi...

Report •

#9
March 23, 2011 at 15:42:07
Thank you. I found the trial activation under the license tab. TDSS found one and Hitman found 44.

I'm going to restart my computer and run both again and try to surf.
Thank you very much for all of your help!


Report •

#10
March 23, 2011 at 15:49:15
Cool sounds like were getting somewhere.

Report •

#11
March 23, 2011 at 17:07:33
Actually I've been browsing and searching for 45 minutes and no issues so far. I think you may have fixed me :) No random pop ups yet and I redid my previous searches and was not redirected to any bizarre site.

Thank you so much!


Report •

#12
March 23, 2011 at 17:13:45
Your most welcome, glad your pc running better :-)
Heres a safe browsing tool I recommend you install, here's the How To I did for it.
http://www.computing.net/howtos/sho...

Report •

#13
June 3, 2011 at 13:49:42
Thanks from me too Mr. G; same issues, and your solutions worked like a charm. Much appreciated.

Report •

#14
June 9, 2011 at 07:30:55
THANK YOU from me as well!!!

Report •

#15
June 9, 2011 at 23:42:58
You can try this method: http://www.spywarehelpcenter.com/th...

It works for some, not for others. Requires checking the hosts file and making any changes. You must have admin privileges to edit the hosts file.

Visit my website www.spywarehelpcenter.com for more virus and spyware help.


Report •

#16
July 28, 2011 at 17:36:48
So I have the same EXACT "symptoms" as the other posts on here and I have tried every single thing listed. None of it works! RKill finds nothing. Malwarebyte finds nothing. AVG nothing. TDSS Killer nothing. Hitman Pro Nothing. I can't do a system restore because there is no restore date... and do I have the CD nope course not. I have no idea what I can do!!! Help please!

Report •

#17
July 28, 2011 at 17:38:03
Also I'm to the point of deleting everything on my computer. So I have no worries about deleting anything... it's mostly all backed up.

Report •

#18
July 28, 2011 at 19:38:10
lasarahann,

We can use Anti-Malware scanners over and over, but the infection will return if its source is the Master Boot Record. It loads the infection will load as soon as you boot into Windows!

For this reason, please download aswMBR:
http://public.avast.com/~gmerek/asw...
Save it to the Desktop.

XP users - Double-click aswMBR.exe to start the tool.
Vista/Windows 7 users - Right-click and select: Run as Administrator

Click Scan

Upon completion of the scan, click ‘Save log’ and save it to the Desktop,
Note - Do NOT attempt any fix anything!!.

Please post the log produced by aswMBR in your next reply.
However, instead of doing so in this topic, which belongs to somebody else, start your own topic and post the info there. If you title the topic: "Redirections - continuation, for aaflac44", I will be glad to help you in your own topic.


Also, you will notice that another file is created on the Desktop. It is named MBR.dat.

If you have a USB flash drive, please move the mbr.dat file to it.
If not, move the mbr.dat from the Desktop, to the C:\ drive.

This is important, just in case we need to have access to the MBR information!!

~~~~
Retired - Doin' Dis, Dat, and slapping malware.


Report •

#19
July 31, 2011 at 00:31:03
After having previously manually removed a malware infection picked up from a website, I noticed the Firefox search redirect nuisance. I opened up services (Control Panel -> Administrative Tools -> Services) and disabled "DNS Client" and so far the problem seems to be gone.

Report •

#20
August 8, 2011 at 08:34:21
OK, Like so may neophytes here I am searching for a way to get this THING off of my precious computer! I have done everything posted up to this point to no avail, and am very frustrated. I will now check to see of there has been any change to my Google stuff,(technical term "stuff" :] )

Report •

#21
August 8, 2011 at 08:37:41
Nope, still getting that d**n re-direct crap and Thankfully I am getting the WOT warning "this site has a poor reputation. No surprise there, however I just want the re-direct stuff to STOP!

Report •

#22
August 8, 2011 at 10:00:56
Hello, there!!

It is in everyone's best interest to post and start your own topic, and get individual help.

Each system is different, and it can get very confusing to help more than one person at a time. What applies to one system may not apply to another.

Please start your own topic!

Thanks

~~~~
Retired - Doin' Dis, Dat, and slapping malware.


Report •

#23
August 22, 2011 at 05:24:25
I have tried every tool I could think of - Malware Bytes, Hitman Pro, Spybot, Norton removal tool, Kaspersky TDSSKiller - none of them could find the problem. I did notice that only Firefox was affected, IE was still working fine on google searches. If your problem is similar, try doing what I did. Save your Firefox passwords, then completely uninstall Firefox and when propmted, remove all personal settings. Then download and install the latest version of Firefox (6.0). That was all it took for me to get it fixed. Hope this helps some people here.

Report •

#24
August 22, 2011 at 05:37:04
I tried Malware Bytes, Kaspersky, Hitman Pro, Norton - none found my virus. I did notice that IE was not infected with google redirect, only Firefox was. So just in case, I completely uninstalled Firefox, then downloaded and installed Firefox 6.0, and that fixed my problem (at least for now). If your problem is similar, try this solution (don't forget to save your passwords somewhere before you uninstall, and during uninstall pick the option to remove all personal settings).

Report •

#25
August 30, 2011 at 09:44:38
I wish I had read this ealier, sorry, I am a new member, It may have worked for me. I have had this same problem and have been unable to find anyone out there to help with it, I keep getting redirected to strange sites completely un-related to what I am browsing for. I think in my case it had something to do with a tool bar called IObit. I am now in the process of deleting everything and putting my computer back to its original factory settings. I hope this works!!

Report •

#26
October 4, 2011 at 02:22:07
There are a lot of good antivirus programs, I personally prefer nod32.
small investment opportunities

Report •

#27
October 4, 2011 at 04:57:09
Will some one get rid of this Spam!

Stuart


Report •


Ask Question