100k searches google redirects

Acer Emachines e625-5776 notebook
August 15, 2011 at 05:54:08
Specs: Windows Vista, AMD athlon TF-20
I am running windows vista and have recently been having problems when surfing online, any time I try to use a search engine on any browser, something called 100k search redirects me to random websites, I've found a few tutorials on how to get rid of it, but most of them start by using rkill, however when I use this, it always says nothing was closed whilst it was running, and I can't run any programs to try and get rid of the virus.

See More: 100k searches google redirects

August 15, 2011 at 08:08:01

Try the following:

The Kaspersky Virus Removal Tool 2011 does not require installation. You can launch the program from a USB flash drive.

Download the Kaspersky Virus Removal Tool:

Download the program distributive.

Click on 'Run' in the download prompt: setup_<build_number>_<date>_<time>.exe (example setup_9.0.0.722_22.01.2010_10-04.exe)

Wait until the program unpacks temporary files.

In the lower part of the welcome window, select the required language to use during the installation.

Read the license agreement and check the I accept the license agreement option.

Click: Start

In the ‘Automatic Scan’ tab, click the settings gear (right top)
Under 'Scan Scope', select your C:\ drive

Click the 'Start Scanning' button to launch the application.

When the scan is finished, click on: 'Reports' icon (next to the gear icon)

Select: 'Automatic Scan Report'

Click on Save, and save to the Desktop

Please provide the Kaspersky Virus Removal Tool report in your reply, and we'll proceed from there.

Thank you..

Retired - Doin' Dis, Dat, and slapping malware.
Member of: Unified Network of Instructors and Trained Eliminators (UNITE)

Report •

August 15, 2011 at 08:32:26
I get "Error, Installation failed" whenever the installation sequence starts.

Report •

August 15, 2011 at 10:46:34
Hi iTonehhh and welcome to computing.net
rkill is a great program but like you said it didn't stop any malicious malware, in that case I would suggest you go to safe mode with networking and then download malwarebytes and run it in full scan mode. That should find the problems and you can remove them.

Report •

Related Solutions

August 15, 2011 at 11:01:41
I've tried that, the virus stops malwarebytes from scanning, it lets it scan for about 20 seconds, then the whole program just closes.

Report •

August 15, 2011 at 11:08:26
You tried it in safe mode? In that case, run rkill in safe mode (even if it looks like it hasn't stopped anything) and then run the malwarebytes scan, that should take care of it.

Report •

August 15, 2011 at 11:28:13
I'm in safe mode now, for some reason everything I download to try and get rid of it, once I have tried to run it and the virus closes it down, it seems to delete it, because I've just had to redownload both rkill and malwarebytes,, I'll let you know how mbam does.

EDIT: Ran rkill in safe mode, it said nothing was ended, ran mbam, and after a few seconds it got shut down.

Report •

August 15, 2011 at 11:41:27
Looks like a deep infection. I would recommend that you remove the drive from that PC and slave it to another PC and do a virus scan on it and remove the viruses that way. Then you can pop it back into your pc and you should be able to remove all the other malware on it.

Report •

August 15, 2011 at 11:46:20
It's a laptop, and I'd have no idea how to do that.

Report •

August 15, 2011 at 12:01:54
Laptop drives are easy to remove, just check out the manual or do a google search on your brand, it will show you.
You can use a usb cable like the following http://www.newegg.com/Product/Produ...
That way you will have a cable for extra hard drives when needed.

Report •

August 15, 2011 at 12:13:49
Is there nothing else you could recommend trying without having to either spend money, or potentially break my laptop? (Which I probably would, I'm useless with things like that, add onto that impatient and heavy handed, not a good combination)

Report •

August 15, 2011 at 12:24:53
You can try combofix, it is pretty tricky but I found that if you follow instructions carefully it will be ok for you. If you are not too sure of yourself, maybe let a friend run that for you. http://www.google.ca/#hl=en&xhr=t&q...
It is a free program and some sites give good instructions on how to use it.

Report •

August 15, 2011 at 12:54:46
Like the other things, the virus closes down the program after I try to open it, it starts extracting and then closes.. So I need to try and find a way of stopping it from doing so before trying to run something to remove it, the only program I can run for some reason is Advanced System Care, but that doesn't find the virus in its malware scan.

Report •

August 15, 2011 at 16:02:24

Make sure ComboFix is downloaded to the Desktop, or the following does not have a chance...

Go to Start > Search, and type cmd.exe in the Start Search box.
Cmd.exe appears at the top of the Menu.
Windows Vista/Seven - Right-click on it and select: ‘Run as administrator’

At the prompt, copy/paste each of the following commands, one at a time, pressing 'Enter' after each:

cd "%userprofile%\desktop"
cacls combofix.exe /e /g everyone:f

Does ComboFix run now?

If so, when done, please post the >ComboFix.txt log< in your reply.

Retired - Doin' Dis, Dat, and slapping malware.

Report •

August 15, 2011 at 16:33:55
Nope, still doesn't run.

Report •

August 15, 2011 at 20:14:00
You may be infected with a Rootkit...

The following program has worked on systems with your predicament. Please give it a try:

Download AntiZeroAccess:

XP users: Double-click antizeroaccess.exe to start the program.
Vista and Windows 7 users: Right-click > run as Administrator

A command (black) window opens.
Type 'Y' to start a system scan, and then press: 'Enter'

Wait until the scan is complete.
Follow the instructions on the screen.

To close the program, press any key.
If a restart is required, do so immediately.

Please post the log file the program creates.

Retired - Doin' Dis, Dat, and slapping malware.
Malware Eliminator Member of UNITE

Report •

August 16, 2011 at 05:15:37
Webroot AntiZeroAccess 0.8 Log File
Execution time: 16/08/2011 - 13:13
Host operation System: Windows Vista X86 version 6.0.6001 Service Pack 1
13:13:30 - CheckSystem - Begin to check system...
13:13:30 - OpenRootDrive - Opening system root volume and physical drive....
13:13:30 - C Root Drive: Disk number: 0 Start sector: 0x01A04000 Partition Size: 0x11015000 sectors.
13:13:30 - PrevX Main driver extracted in "C:\Windows\system32\drivers\ZeroAccess.sys".
13:14:18 - InstallAndStartDriver - Main driver was installed and now is running.
13:14:18 - CheckSystem - Warning! Disk class driver is INFECTED.
13:14:30 - StopAndRemoveDriver - AntiZeroAccess Driver is stopped and removed.
13:14:30 - StopAndRemoveDriver - File "ZeroAccess.sys" was deleted!
13:14:30 - Execution Ended!

Report •

August 17, 2011 at 09:23:19

The program did not come up with a file...

Let's try TDSSKiller:
Save to the Desktop

To run: Vista/Seven users: Right-click tdsskiller.exe and select 'Run as Administrator'Press: 'Start Scan'

If Malicious objects are found, ensure Cure is selected (it should be, by default)
Click 'Continue' then click: 'Reboot now'

When the tool is done, a log is produced at the root drive which is normally C:\
For example, C:\TDSSKiller.

Please post the 'TDSSKiller log' in your reply.

Are you getting any notifications, or is your antivirus picking up any malicious files?
If so, please provide the info.


Retired - Doin' Dis, Dat, and slapping malware.
Malware Eliminator/ Member of UNITE

Report •

August 17, 2011 at 10:34:43
TDSSKiller doesn't work, the virus closes it down before the scan can finish, and I don't believe this laptop has an antivirus on, it was previously my sisters old laptop that nobody used as we all had our own PC's, but I'm using it at the minute until my PC gets fixed.

Report •

August 19, 2011 at 08:25:35

Sorry for the delay.

Please download DDS from one of these locations:

Save it to your Desktop

Right-click DDS, and select: 'Run as Administrator' to run the tool.

When done, DDS opens two (2) logs:
Save both reports to your Desktop.

Since these reports are quite large, please go to the Uploading website:

In: Select files to upload, click 'Browse', and 'Look in' the Desktop.
Select the DDS.txt, and click on 'Open'
You will see the following:
Your file has been uploaded successfully: (Name and size of the file)
Please copy the 'Download link'.

Do the same for the Attach.txt.

Please copy the 'Download link', for each report, and provide them in your reply.

Retired - Doin' Dis, Dat, and slapping malware.
Malware Eliminator/ Member of UNITE

Report •

August 19, 2011 at 10:14:43


I think these are the right ones, surprised that program was able to actually run the scan, every other one I've tried got closed before it could even finish. Thanks for the help.

Report •

August 19, 2011 at 21:45:48
Try this approach with ComboFix:

Download a new copy of ComboFix
(remove the old one)

Rename it in the Save prompt to: thecat.com
Save it to the ->> C:\ drive <<-

Right-click on thecat.com, and select: Run as Administrator

When CF (thecat.com) finishes, it produces a report.

Please provide the ComboFix.txt in your reply.

If ComboFix does not run in normal Windows, restart the computer in to Safe Mode, and run it from there.

If it works, immediately go to nNormal Windows and run it from there also.

You will then have two logs; one from Safe Mode, and one from Normal Windows.

Retired - Doin' Dis, Dat, and slapping malware.
Malware Eliminator/ Member of UNITE

Report •

August 20, 2011 at 03:39:28
This time it got halfway through the search (Which is more than it did before I renamed it) but then it still just suddenly disappeared, then when I tried to open it again it says that the specified file path is either empty or I don't have the rights to open it.

Report •

August 23, 2011 at 02:58:02
Now when I try and search anything from google, instead of it being 100k searches, it's saying things like "1dayoftheweek.com" then "2dayoftheweek.com" etc, all the way up to 7, then goes back down to 1.

Report •

August 23, 2011 at 08:00:23

Sorry for the delay.
Thought you were in my notifications queue, but, did not see you there.

The system is infected with the ZeroAccess Rootkit. In your case it is tough to remove because it is not allowing any removal tools to run.

We need to find a driver which is a culprit. Please check your personal messages. (Top right > My Home > Private Message Center)

A slave Scan can be a very dangerous procedure if any Registry changes are made without addressing the malware loading points.

The Windows File Protection feature is also not used when scanning a non-active partition.

There was a time when slaving was a fairly common procedure, but no longer. Slaving scans actuallly became obsolete in the dealings with the current malware.

You need to fix this problem using your infected computer, and using tools that are designed for it.


Retired - Doin' Dis, Dat, and slapping malware.
Malware Eliminator/ Member of UNITE

Report •

Ask Question