google redirect, no internet, trojans

Microsoft Windows xp professional w/serv...
June 10, 2010 at 08:40:18
Specs: Windows XP
I have the google redirect virus and other stuff, and I need help! I can't get on the internet without disabling my proxy server. Also, by doing that I think it's allowing all sorts of trojans, etc on the computer, either that or there is something on my computer allowing them in. I believe it all started with this AV software virus and now I get all sorts of internet pages opening up, etc. I'm constantly running McAfee and Ad-Aware and they are finding new things everytime...... I am not a computer person and so need step by step help. Please help!!!

See More: google redirect, no internet, trojans

Report •

#1
June 10, 2010 at 15:15:05
Most google redirects use the same removal tools. You can check the results below your post.
These are some of the free tools used:
1- Malwarebytes
2- Trojan Remover
3- Hitman Pro
4- combofix
all these can be found using google.com.
That is a good place to start ;-)

Some HELP in posting on Computing.net plus free progs and instructions Cheers


Report •

#2
June 16, 2010 at 09:33:04
Hello,

I've used Spybot, Adaware, McAfee, Malwarebytes, etc and I am still have the google redirect, and I still have to disable my proxy to get on the internet. I don't think they are finding it, or if they are, something is on my computer that is allowing it to reload. Any suggestions?

thanks!


Report •

#3
June 16, 2010 at 09:49:39
Sorry..one more thing. I also looked device manager and did not find TDSSserv.sys, like some of the other forums posts have suggested. Could it be my Java? How do I disable in Internet explorer or on my XP computer? I think I removed it from my computer, so not sure if that is the problem........just a thought.

Thanks!!!


Report •

Related Solutions

#4
June 16, 2010 at 10:29:27
bscompute, you are correct on the Java issue, as that is what the Google Redirect usually uses as an exploit via a plugin. To disable Javascript in I.E. go to the following: Tools > Internet Options > Security click on Custom Level, and in the security settings list, you should see a scripting option, click "disable", if you have I.E. 8, go to Tools > Internet Options > Programs > Manage Add On's, highlight "Java plugin", and click "disable", then download TDSS Killer from here: http://support.kaspersky.com/viruse...

If this doesn't work, let me know please.

Helpful tips before getting started: http://www.computing.net/howtos/sho...


Report •

#5
June 16, 2010 at 11:09:01
doing this now. on the 'helpful tips before getting started' it wants me to load the lasted java. Do I really need java?

Report •

#6
June 16, 2010 at 11:40:00
I would worry about that after you've removed the virus. I also suggest switching to Firefox, as it's a lot safer than I.E. Granted, it still doesn't protect you from the Google Redirect virus, but still.

Helpful tips before getting started: http://www.computing.net/howtos/sho...


Report •

#7
June 17, 2010 at 07:19:30
xryanx,
I think that worked!!!! Now however, I can't use some of the drop down boxes on the web pages. For example, I can't sign out of netflix because you have to use a drop down box to log out. Also, in my email, it used to auto fill the email addresses when I would start typing their names, but it won't do that anymore. Is this from disabling the scripts or from java? Does any of that need to be enabled or go back on my computer?
One last thing, hopefully, mcAfee keeps saying that the file C:\windows\muspbc.dll is a trojan and deleting it, but I get an error on my computer when it starts up saying it's missing that file. Any idea if this is a good file that I should be allowing and stopping McAfee from deleting??
You are awesome, thanks for all the help!!!

Report •

#8
June 17, 2010 at 07:34:09
Bscompute,

If you get missing file message Hijackthis would normally show this file under O4 line.

You can fix it by searching in registry for the muspbc.dll or through hijackthis.

You have this file mentioned in the registry for startup, but it was deleted.

Post log here.

;) Security Made Easy ;)


Report •

#9
June 17, 2010 at 12:27:03
Becompute, sorry I didn't respond right away, yes, that is most likely due to Javascript being disabled, you can re-enable it now. I would also recommend upgrading to a newer version of Java as well.

Helpful tips before getting started: http://www.computing.net/howtos/sho...


Report •

#10
June 21, 2010 at 10:55:39
Hello Xryanx and SSHGuy,

My google seems to be working still...wahoo! However, 2 things happened this morning when I logged on.

1: I got a warning pop up saying: "windows system error: There is an IP address conflict with another system on the network" Does this mean someone has hacked into my LAN? I shut down and restarted my computer and did not see it again, but I am concerned.

2: I received an email from someone named Sivisoglu with the email titled: "Hijacked Email Address." I am scared to open it because I am afraid it might actually be a virus. Weird that is it from someone that is not a contact, and only has one name right? What do y'all think?

Thanks!!!


Report •

#11
June 23, 2010 at 19:23:55
I think it could be a bogus email. So do NOT open it. As for the IP issue, I'm not sure of to tell you the truth.

Helpful tips before getting started: http://www.computing.net/howtos/sho...


Report •

#12
June 24, 2010 at 04:26:44
'I also suggest switching to Firefox, as it's a lot safer than I.E'

Now that is funny!

Some HELP in posting on Computing.net plus free progs and instructions Cheers


Report •

#13
June 24, 2010 at 20:37:44

Report •

Ask Question