Articles

HELP!!! Annoying google hijack virus

May 31, 2009 at 20:47:10
Specs: Microsoft Windows XP Home Edition, 1.799 GHz / 1015 MB

So I know a lot of people ask for help on this...I'm another one of the victims of this incredibly irritating virus...I search on google and click a page and it redirects me to random sites.

Please help a poor victim out for a free warm fuzzy feeling. Thank you.


See More: HELP!!! Annoying google hijack virus

Report •


#1
May 31, 2009 at 22:42:44

Hi,
Can you please post your AVZ log:
Note: Run AVZ in windows normal mode. If avz.exe doesn't start, then try to rename the file avz.exe to something else and try to run it again. Make sure you have your web browser open in background before making the log.

1) To create the logfile, download AVZ by clicking HERE. Please save this file to your desktop or "My Documents" folder.

2) Next, unpack the file to a new folder using the Compressed (zipped) folders wizard built into Windows XP/Vista, or a zip utility of your choice.

3) Once you have unpacked the contents of the zip archive, please launch the file AVZ.exe by double clicking on it or right clicking and selecting Open.
Note: If you are running Windows vista launch AVZ.exe by right clicking and selecting Run as Administrator.

You should now see the main window of the AVZ utility. Please navigate to File->Custom Scripts. Copy the script below by using the keyboard shortcut CTRL+C or the corresponding option via right click.

begin
ExecuteStdScr(3);
RebootWindows(true);
end.

Paste the script into the execution window by using CTRL+V keyboard shortcut, or the "paste" option via the right click menu. Click on Run to run the script, the PC will reboot. After the reboot the LOG subfolder is created in the folder with AVZ, with a file called virusinfo_syscure.zip inside. Upload that file to rapidshare.com and paste the link here.

Image Tutorial

-------------------------------------------------


Report •

#2
June 1, 2009 at 21:02:54

alright here it is

http://rapidshare.com/files/2398316...

thanks a lot


Report •

#3
June 1, 2009 at 21:41:51

Follow these Steps in order numbered. Don't proceed to next step unless you have sucessfully completed previous step:

1) Run this script in AVZ like before, your computer will reboot:

begin
SetAVZGuardStatus(True);
SearchRootkit(true, true);
 DelBHO('{9989F1F6-70DE-4244-AC9F-6672983681A0}');
 DelBHO('{1f2b890f-e853-4092-b585-05eb46ba6b8f}');
 QuarantineFile('C:\Program Files\AntiSpyCheck 2.1\AntiSpyCheck 2.1.exe','');
 QuarantineFile('C:\Program Files\AntiSpyCheck 2.1\IEWarning32.dll','');
 QuarantineFile('C:\WINDOWS\system32\hozegupo.dll','');
 QuarantineFile('C:\WINDOWS\system32\fujehone.dll','');
 QuarantineFile('c:\windows\system32\kuvarilo.dll','');
 QuarantineFile('C:\WINDOWS\system32\fonemike.dll','');
 QuarantineFile('C:\WINDOWS\system32\dumatoma.dll','');
 QuarantineFile('C:\Program Files\Zango\bin\10.3.37.0\OEAddOn.exe','');
 QuarantineFile('C:\Program Files\Zango\bin\10.3.37.0\ZangoSA.exe','');
 QuarantineFile('C:\WINDOWS\system32\iPka77ye.exe','');
 QuarantineFile('C:\WINDOWS\system32\0Hqq4TEU.exe','');
 DeleteFile('C:\WINDOWS\system32\0Hqq4TEU.exe');
 DeleteFile('C:\WINDOWS\system32\iPka77ye.exe');
 DeleteFile('C:\Program Files\Zango\bin\10.3.37.0\ZangoSA.exe');
 DeleteFile('C:\Program Files\Zango\bin\10.3.37.0\OEAddOn.exe');
 DeleteFile('C:\WINDOWS\system32\dumatoma.dll');
 DeleteFile('C:\WINDOWS\system32\fonemike.dll');
 DeleteFile('c:\windows\system32\kuvarilo.dll');
 DeleteFile('C:\WINDOWS\system32\fujehone.dll');
 DeleteFile('C:\WINDOWS\system32\hozegupo.dll');
 DeleteFile('C:\Program Files\AntiSpyCheck 2.1\IEWarning32.dll');
 DeleteFile('C:\Program Files\AntiSpyCheck 2.1\AntiSpyCheck 2.1.exe');
 DeleteFileMask('c:\windows\tasks\','At*.job',false);
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.

2) After Reboot. Attach a Combofix log, please review and follow these instructions carefully.

Download it here -> http://download.bleepingcomputer.co...

Before Saving it to Desktop, please rename it to something like 123.exe to stop malware from disabling it.

Now, please make sure no other programs are running, close all other windows and pause Antivirus/Sypware programs (http://www.bleepingcomputer.com/forums/topic114351.html Programs to disable) until after the scanning and removal process has taken place.

Please double click on the file you downloaded. Follow the onscreen prompts to start the scan. Once the scanning process has started please DO NOT click on the Combofix window or attempt to use your computer as this can cause the scanning process to stall. It may take a while to complete scanning and this is normal.

You will be disconnected from the internet and your desktop icons/toolbars will disappear during scanning, do not worry, this is normal and it will be restored after scanning has completed.

Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please upload that file to rapidshare.com and paste the link here.

-------------------------------------------------


Report •

Related Solutions

#4
June 2, 2009 at 16:21:34


Report •

#5
June 2, 2009 at 16:57:42

Follow these Steps in order numbered. Don't proceed to next step unless you have sucessfully completed previous step:

1) Run this script in AVZ:


begin
CreateQurantineArchive('c:\quarantine.zip');
end.

2) A file called quarantine.zip should be created in C:\. Then please zip up C:\qoobox\quarantine and upload both it and C:\quarantine.zip to a filehost such as http://rapidshare.com/ Then, Private Message me the Download link to the uploaded file.

3) Lastly, uninstall Combofix by: pause Antivirus/Sypware programs (http://www.bleepingcomputer.com/forums/topic114351.html Programs to disable) > Start > run > type combofix /u > ok.

-------------------------------------------------


Report •

#6
June 4, 2009 at 22:06:28

You might still be infected if you don't reply back in 12 hours i will consider problem is solved.

-------------------------------------------------


Report •

#7
June 5, 2009 at 15:14:05

yes sir the problem is solved thank you very much i appreciate your help

Report •

#8
June 5, 2009 at 15:31:52

I doubt it but if you say so... If you still want to continue complete Response Number 5.

-------------------------------------------------


Report •

#9
June 5, 2009 at 17:54:37

you don't think so? hmm well it hasn't happened again after response four. but yeah i did response five by the time i sent reply seven. thanks a lot though. man you guys are pro i have no idea what you did

Report •

#10
June 5, 2009 at 18:12:47

Haven't gotted reply 7 yet try to send it again. There are still some suspicious driver on your PC.

-------------------------------------------------


Report •

#11
June 5, 2009 at 22:36:28

reply seven just said the problem was fixed. so..what should i do about this suspicious driver...

Report •


Ask Question