Search Engine Pop Up Virus- Please Help!

Dell Dimension e310 desktop
July 27, 2009 at 04:45:50
Specs: Windows XP

My mother's computer is experiencing similar, if not exactly the same problems as described in the posting I've quoted below:

"I'm pretty sure there's a virus on my (desktop computer); I've tried to get rid of it but nothing so far has worked; I'd very much appreciate any help that can be offered.

1) If I click on a link from a google search, or yahoo search, or likely any search, (this is with both Firefox AND Internet Explorer, although Internet Explorer is in worse shape,) a new tab opens up to some seemingly random other site, usually different search engines that I've never seen before. The search link that I actually pressed never opens.

2) The computer has become much slower, various pages take longer to open up, or won't even open at all, such as trendmicro, whose "housecall" online virus detection/removal program I was going to try and use, and another site for spyware removal.

I think this virus came from simply clicking on a site that should have been safe--it was some site for downloading comics, but I never even clicked on anything on the site before popups started and things seemed a bit glitchy. The problems started after that."

Another symptom is the windows that pop up when I click on any search result asking me to type in verification words before I can continue.

I'd really like to get this fixed for my mom. Your help is greatly appreciated.

See More: Search Engine Pop Up Virus- Please Help!

Report •

July 27, 2009 at 08:38:30
1) Install, update database and run full scan with Malwarebytes' Anti-Malware. Attach malwarebyte full scan log, fix anything detected.

2) Run full Scan with SuperAntispyware : . Fix what it detects and post summary scan log.

If I'm helping you and I don't reply within 24 hours send me a PM.

Report •

July 27, 2009 at 09:11:49

I downloaded both of these programs and neither one will open on my computer. The download and installation of both was successful. Malwarebytes does not do anything when I try to open it, and SuperAntiSpyware gives me an error message saying an unkown error is preventing it from opening.

Is there anything else I can do?

Report •

July 27, 2009 at 09:47:20
Note: I can help you remove malware manually. Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible. First Track this topic. Then follow:

1) Can you please post your AVZ log:
Note: Run AVZ in windows normal mode and make sure you are connect to internet. If avz.exe doesn't start, then try to rename the file avz.exe to something else and try to run it again. Make sure you have your web browser open in background before following the steps below.

i) To create the log file, download AVZ by clicking HERE. Please save this file to your desktop or "My Documents" folder.

ii) Next, unpack the file to a new folder using the Compressed (zipped) folders wizard built into Windows XP/Vista, or a zip utility of your choice.

iii) Once you have unpacked the contents of the zip archive, please launch the file AVZ.exe by double clicking on it or right clicking and selecting Open.
Note: If you are running Windows vista launch AVZ.exe by right clicking and selecting Run as Administrator.

You should now see the main window of the AVZ utility. Please navigate to File->Custom Scripts. Copy the script below by using the keyboard shortcut CTRL+C or the corresponding option via right click.


Paste the script into the execution window by using CTRL+V keyboard shortcut, or the "paste" option via the right click menu. Click on Run to run the script, the PC will reboot. After the reboot the LOG subfolder is created in the folder with AVZ, with a file called inside. Upload that file to and paste the link here.

Image Tutorial

2) Download and Run DDS which will create a Pseudo HJT Report as part of its log: DDS Tool Download Link. When done, DDS will open two (2) logs

   1. DDS.txt
   2. Attach.txt

Upload the logs to and paste download link in your next reply.
Note: Disable any script-blocking programs and then double-click on the DDS.scr icon to start the program. If you did not disable a script-blocker that may be part of your antimalware program, you may receive a warning from your antimalware product asking if you would like DDS.scr to run. Please allow it to do so.

If I'm helping you and I don't reply within 24 hours send me a PM.

Report •

Related Solutions

July 27, 2009 at 10:31:25
Hello and thank you so much for taking the time to help me.

Here is everything you've requested:

AVZ file:

DDS Log:


Again, I cannot thank you enough for helping me, and more importantly, my mom with this.

Report •

July 27, 2009 at 11:18:13
Follow these Steps in order numbered. Don't proceed to next step unless you have successfully completed previous step:

1) Run this script in AVZ like before, your computer will reboot:

SearchRootkit(true, true);

2) Attach a Combofix log, please review and follow these instructions carefully.

Download it here ->

Before Saving it to Desktop, please rename it to something like 123.exe to stop malware from disabling it.

Now, please make sure no other programs are running, close all other windows and pause Antivirus/Sypware programs ( Programs to disable) until after the scanning and removal process has taken place.

Please double click on the file you downloaded. Follow the onscreen prompts to start the scan. Once the scanning process has started please DO NOT click on the Combofix window or attempt to use your computer as this can cause the scanning process to stall. It may take a while to complete scanning and this is normal.

You will be disconnected from the internet and your desktop icons/toolbars will disappear during scanning, do not worry, this is normal and it will be restored after scanning has completed.

Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please upload that file to and paste the link here.

3) Please zip up C:\qoobox\quarantine and upload it, to a filehost such as Then, Private Message me the Download links to the uploaded files.

If I'm helping you and I don't reply within 24 hours send me a PM.

Report •

July 27, 2009 at 12:07:52
Hi again,

Here is the ComboFix log:

Thank you so much.

Report •

July 27, 2009 at 14:31:09
Uninstall Combofix by: pause Antivirus/Sypware programs ( Programs to disable) > Start > run > type combofix /u > ok.

Then follow Response Number 1.

If I'm helping you and I don't reply within 24 hours send me a PM.

Report •

July 28, 2009 at 04:16:52
Thank you for all of your help. I won't be able to get a response to you for a few days most likely. I will not be at my mom's house during the week, but possibly this coming weekend. The computer is working well enough for her needs to get her through these next few days.

Report •

Ask Question