Google redirect, blocked AV pages

Toshiba / SATELLITE A 105
January 12, 2009 at 03:05:41
Specs: Windows XP, Intel Centrino Duo
A few days ago, my computer began to act as though it had been infected with some rather serious viruses/spyware. My Norton's liveupdate was disabled. I then found that I can't access most AV type websites (the ones for all the major AV software as well as the ones for Malwarebytes, spybot, etc).

At the same time as all this, I noticed that Google was redirecting me to various 3rd party ad sites (which seems to be the kind of virus most people have. I got the hijack this log and was wondering if anyone out there on the web would have any idea as to what I should do?


See More: Google redirect, blocked AV pages

Report •


#1
January 12, 2009 at 03:44:45
Try downloading, installing and running these scans per the directions provided.

Please download Malwarebytes' Anti-Malware from one of these sites:

MalwareBytes1

MalwareBytes2

Rename the setup file, mbam-setup.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename mbam-setup.exe to tool.exe> click save.

1. Double Click tool.exe to install the application.
2. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
3. If an update is found, it will download and install the latest version.
4. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient.
5. When the scan is complete, click OK, then Show Results to view the results.
6. Make sure that everything found is checked, and click Remove Selected.
7. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
8. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
9. Copy&Paste the entire report in your next reply.


Please download and install the latest version of HijackThis v2.0.2:


Download the "HijackThis" Installer from this link:
Hijack This

Rename the setup file, HJTInstall.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename HJTInstall.exe to tools.exe> click save.
1. Save " tools.exe" to your desktop.
2. Double click on tools.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
8. Paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.


Report •

#2
January 12, 2009 at 04:03:05
I can't access either of the malwarebytes sites. Both of them give me a "Failed to Connect" screen rather than the page.

Report •

#3
January 12, 2009 at 14:41:14
Try to download them from Safe Mode with Networking. Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select Safe Mode with Networking, then press "Enter".
Choose your usual account.

Now try to download them while in safe mode with networking.

If that did not work try downloading both programs to a cd or jump drive from an uninfected computer then run them on the infected computer. Don't worry about updating malwarebtes just run it and post the results.


Report •

Related Solutions

#4
January 12, 2009 at 16:21:01
I had the same problem and I managed to download it from non AV pages i.e. Google search it and don't click the link just copy it to the address bar. I got Malwarebytes from download.com for example.

Cheers


Report •

#5
January 13, 2009 at 02:15:33
Malwarebytes' Anti-Malware 1.32
Database version: 1646
Windows 5.1.2600 Service Pack 3

1/12/2009 4:42:37 PM
mbam-log-2009-01-12 (16-42-37).txt

Scan type: Quick Scan
Objects scanned: 56516
Time elapsed: 3 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\ -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\ -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Administrator\Desktop\antispyware.exe (Rogue.Antispyware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Paul Richard\My Documents\My Music\My Music.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\Paul Richard\My Documents\My Pictures\My Pictures.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\Paul Richard\My Documents\My Videos\My Video.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\Paul Richard\My Documents\My Documents.url (Trojan.Zlob) -> Quarantined and deleted successfully.


Here is the Malwarebytes log. I performed the scan a few times and there are 4 of them that keep coming back just as soon as I delete them.


Report •

#6
January 13, 2009 at 06:29:26
Actually I got it all sorted out (I hope). Thank you all for the help!

Report •

#7
January 13, 2009 at 15:30:40
Glad we could help.

Report •

#8
January 14, 2009 at 11:18:21
Can you please elaborate how you manage to sort it out. I have the same problem. Should I just follow the procedure above?

Report •


Ask Question