How do I get rid of google redirect virus?

October 1, 2011 at 15:09:55
Specs: Windows XP

I've tried MalwareBytes pro, Avast, CC cleaner, Superantispyware free (pro edition trial expired),
TDSS killer, CureIt by Dr Web,
and run these in safe mode where possible. Just when I think I've got rid of it I find I haven't.
Janet

See More: How do I get rid of google redirect virus?

Report •


#1
October 1, 2011 at 15:18:38
JanetM,

Before we tackle the problem, please use the following tool. It gives information on what is going on in the system, and help identify the redirections.

Download DDS from one of these locations:
http://download.bleepingcomputer.co...
http://download.bleepingcomputer.co...


Save it to the Desktop
Windows 7: Right-click the dds file and select: Run as Administrator

When done, DDS opens two logs:
-DDS.txt
-Attach.txt

Save both reports to your Desktop.

Since these reports are large, please go to the Uploading website:
http://uploading.com/files/upload/

In: Select files to upload, click 'Browse', and 'Look in' the Desktop.
Select the DDS.txt, and click on 'Open'
You will see the following:
Your file has been uploaded successfully: (Name and size of the file)

Please copy the 'Download link'.

Do the same uploading for the Attach.txt.

Please copy the 'Download link', for each report, and provide them in your reply.

Thanks!

~~~~
Retired - Doin' Dis, Dat, and slapping malware.
Malware Eliminator/ Member of UNITE and the
Alliance of Security Analysis Professionals


Report •

#2
October 2, 2011 at 05:03:48
Thank you. New to this so I hope I've done it right.

MD-DOS application
File link: http://uploading.com/files/2af7e519...

DDS TEXT
File link: http://uploading.com/files/2af7e519...


Report •

#3
October 2, 2011 at 09:44:06
JanetM,

What is needed are the text reports:
DDS.txt , and Attach.txt

The file uploaded is the file you downloaded to run the program.

The reports contain a group of information, and therefore, are in text form.

Try again, please.

Thanks.

~~~~
Retired - Doin' Dis, Dat, and slapping malware.
Malware Eliminator/ Member of UNITE and the
Alliance of Security Analysis Professionals


Report •

Related Solutions

#4
October 2, 2011 at 10:48:05
Sorry. Trying again. Can only seem to save the files by pasting into word documents.


http://uploading.com/files/466f9f97...
http://uploading.com/files/782a3933...


Report •

#5
October 2, 2011 at 17:34:55
JanetM,

What browser do you normally use when you get redirected?
Does it happen in more than one browser? If so, which ones?

Next, please download ComboFix:
http://download.bleepingcomputer.co...

Save ComboFix.exe to your Desktop!!

Make sure you temporarily disable your AntiVirus, Firewall, and any other AntiSpyware applications. They may interfere with the running of CF.

Information on how to Disable Security Programs available here: http://www.bleepingcomputer.com/for...


Double-click on ComboFix.exe to run the program.

When given the option, DO install the Recovery Console . This program can come in very handy at times.

Click on Yes, to continue scanning for malware.

When finished, CF produces a report which shows on your Desktop

Please go to File > Save as, and save the ComboFix report to the Desktop..

Next, go to the Uploading website:
http://uploading.com/files/upload/

In: Select files to upload, click 'Browse', and 'Look in' the Desktop.
Select the ComboFix report, and click on 'Open'
You will see the following:
Your file has been uploaded successfully: (Name and size of the file)
Please copy the 'Download link' and provide it in your reply.


Thanks.

Notes:

1. Do not mouse-click the ComboFix window while it is running.
This action may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making IE the default browser.

3. CF disconnects your machine from the internet. However, the connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

~~~~
Retired - Doin' Dis, Dat, and slapping malware.
Malware Eliminator/Member of UNITE and the
Alliance of Security Analysis Professionals


Report •

#6
October 4, 2011 at 12:39:12
Thank you. I normally use just Firefox.

http://uploading.com/files/a95mm698...


Report •

#7
October 4, 2011 at 18:15:02
JanetM,

Since FireFox is your main browser, please do the following:

Download GooredFix:
http://jpshortstuff.247fixes.com/Go...

Save to the Desktop.

Make sure all FireFox windows are closed.

XP: Double-click the file to run the program.

When prompted to run the scan, click: Yes

GooredFix checks for infections, and, when done, a log appears.

Please post the Goored.txt log (found on the Desktop) in your reply.


Also, when done, will you give an update on whether you are still being redirected?

Thanks.

~~~~
Retired - Doin' Dis, Dat, and slapping malware.
Malware Eliminator/Member of UNITE and the
Alliance of Security Analysis Professionals


Report •

#8
October 5, 2011 at 16:54:06
GooredFix by jpshortstuff (03.07.10.1)
Log created at 00:45 on 06/10/2011 (Owner)
Firefox version 7.0.1 (en-GB)

========== GooredScan ==========

Deleting HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{B924656B-5B61-4387-8ABE-0BE23052271B} -> Success!
Deleting C:\Documents and Settings\Owner\Local Settings\Application Data\{B924656B-5B61-4387-8ABE-0BE23052271B} -> Success!
Removing Orphan:
"avg@igeared"="C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared" -> Success!

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [15:23 24/03/2011]

C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jpsaypu5.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b} [13:59 21/10/2010]
{3112ca9c-de6d-4884-a869-9855de68056c} [09:35 05/06/2011]
{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [17:42 01/05/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\Program Files\Real\RealPlayer\browserrecord" [18:41 24/04/2008]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [21:45 22/08/2009]
"{1E73965B-8B48-48be-9C8D-68B920ABC1C4}"="C:\Program Files\AVG\AVG10\Firefox4\" [12:37 30/03/2011]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [18:27 29/04/2011]

-=E.O.F=-


Thanks again. I was still getting redirected before I ran the Gored fix, but I have only just run it and haven't had chance to try google again. (12.45 am here in England) So I'll try tomorrow and see what happens.
I have quite a few word files on a series of flash drives (mainly articles copied from authors' blogs and websites) could they be infected?


Report •

#9
October 5, 2011 at 19:24:26
JanetM,

That is a good idea. Do try some searches with Google, and see how it goes. Post back on whether the problem prevails or not.

On the flash drives...you can plug a couple at a time and have avast! scan them. However, wait until we have cleared your main PC before doing so.

~~~~
Retired - Doin' Dis, Dat, and slapping malware.
Malware Eliminator/Member of UNITE and the
Alliance of Security Analysis Professionals


Report •

#10
October 8, 2011 at 04:46:12
thank you so much for your help. I spent a short while on Google yesterday and didn't get redirected :)

I'll try again to day and report back.

How do computers get the google redirect trojan?


Report •

#11
October 8, 2011 at 08:49:10
JanetM,


Any of these things could have infected your computer with the google redirect virus:
-Visiting a malicious website, unknowingly
-Clicking on a banner that, unknowingly, is malicious
-Downloading videos, music, software, etc., via file sharing networks
-Installing compromised software unknowingly
-Through eMail with links

...and there may be other ways...


The issue on these redirections is making sure the malware is all gone. Let's search for any remnants by doing the scan that follows.

You will need to use Internet Explorer for this scan, since the scanner is implemented as an ActiveX control.

However, compatibility with other browsers (Firefox, Opera, Netscape, etc.) was added if you agree to the installation of the ESET Smart Installer, an application which will install and launch ESET Online Scanner in a new browser window.

Please download the ESET Online Scanner:
http://www.eset.com/us/online-scanner

Press the 'ESET Online Scanner' download button
-In the prompt that appears, check 'Yes' to Accept Terms of Use, and click the 'Start' button
-Allow the ActiveX to download, and click: Install
http://www.eset.com/us/online-scann...

Click: Start
-Make sure that the option 'Remove found threats' is unticked/unchecked.
--Click: 'Scan', and wait for the scan to finish
-If any threats are found, click the 'List of found threats', then click 'Export to text file...'
-Save the file to your Desktop as: 'ESET Scan'.

Please provide the contents of 'ESET Scan' in your reply.

Thanks.

~~~~
Retired - Doin' Dis, Dat, and slapping malware.
Malware Eliminator/Member of UNITE and the
Alliance of Security Analysis Professionals


Report •

#12
October 9, 2011 at 12:06:01
I did that and it found 4 threats but it wouldn't let me save the file as text or even notepad. When I clicked 'save' and selected desktop nothing happened. Tried twice with 2 different scans

Noted this down
1)system Volume information\_ restore 8022B588-6DF multiple threats.
2)a variant of win32/antivirus application
3)Win 32/Adware spyware cease applicatio
4)A variant of Win 32/Adware.Spyware Cease AA application


Report •

#13
October 24, 2011 at 15:01:02
I got the redirect issue and it was driving us crazy... Read a few blogs then saw one for ehow.com and the had great information. They said that you needed to be running in Safe mode (How to get in safe mode Restart computer and when it is rebooting press F8 and then it will run something and then it will come up with the safe mode screen select the one that shows safe mode w/internet) and then down load the software and I used MalwareBytes. I ran the recommended full scan (this takes a bit of time) and yipee it found the problem rebooted and all is well. We are searching and getting where we wanted to go again,

I might add that I have Mcafee with total protection and they wanted to get in my computer and then I would need to buy a program to take care of the problem. Another free program that I downloaded also for a fee wanted to assist me with my problem or take it to Staples or Office depot and pay 199.00. I am glad I snooped around and found the answer.


Report •


Ask Question