google redirect virus

May 25, 2009 at 00:17:46
Specs: Windows XP media center edition SP3
I've picked up an annoying virus that redirects me from google search results to ad sites. Ran Malwarebytes and have a hijack this log. Can someone take a look at the log for me?

See More: google redirect virus

Report •


#1
May 25, 2009 at 03:09:52
Sure upload both the logs to rapidshare.com and post the link.

--------------------------------------------
To Private Message me Click Here


Report •

#2
May 25, 2009 at 13:00:07
Thanks.
Here's the rapidshare link

Report •

#3
May 25, 2009 at 13:06:16
Can you please post your AVZ log:
Note: Run AVZ in windows normal mode. If avz.exe doesn't start, then try to rename the file avz.exe to something else and try to run it again. Also make sure web browser you use is open in background when you follow directions below.

1) To create the logfile, download AVZ by clicking HERE. Please save this file to your desktop or "My Documents" folder.

2) Next, unpack the file to a new folder using the Compressed (zipped) folders wizard built into Windows XP/Vista, or a zip utility of your choice.

3) Once you have unpacked the contents of the zip archive, please launch the file AVZ.exe by double clicking on it or right clicking and selecting Open.
Note: If you are running Windows vista launch AVZ.exe by right clicking and selecting Run as Administrator

You should now see the main window of the AVZ utility. Please navigate to File->Custom Scripts. Copy the script below by using the keyboard shortcut CTRL+C or the corresponding option via right click.

begin
ExecuteStdScr(3);
RebootWindows(true);
end.

Paste the script into the execution window by using CTRL+V keyboard shortcut, or the "paste" option via the right click menu. Click on Run to run the script, the PC will reboot. After the reboot the LOG subfolder is created in the folder with AVZ, with a file called virusinfo_syscure.zip inside. Upload that file to rapidshare.com and paste the link here.

Image Tutorial

--------------------------------------------
To Private Message me Click Here


Report •

Related Solutions

#4
May 25, 2009 at 13:28:25
Here's the log file

Report •

#5
May 25, 2009 at 14:12:26
Follow this steps in order numbered.

1) Run this script in AVZ your computer will reboot.

begin
SetAVZGuardStatus(True);
SearchRootkit(true, true);
 QuarantineFile('C:\WINDOWS\System32\Drivers\SPTD1613.SYS','');
 QuarantineFile('ohbnse.sys','');
 QuarantineFile('.sys','');
 DeleteFile('.sys');
 DeleteFile('ohbnse.sys');
 DeleteFile('C:\WINDOWS\System32\Drivers\SPTD1613.SYS');
BC_ImportAll;
ExecuteSysClean;
ExecuteRepair(14);
ExecuteRepair(15);
BC_Activate;
RebootWindows(true);
end.

2) After Reboot attach a Combofix log, please review and follow these instructions carefully.

Download it here -> http://download.bleepingcomputer.co...

Before Saving it to Desktop, please rename it to something like 123.exe to stop malware from disabling it.

Now, please make sure no other programs are running, close all other windows and pause Antivirus/Sypware programs (http://www.bleepingcomputer.com/forums/topic114351.html Programs to disable) until after the scanning and removal process has taken place.

Please double click on the file you downloaded. Follow the onscreen prompts to start the scan. Once the scanning process has started please DO NOT click on the Combofix window or attempt to use your computer as this can cause the scanning process to stall. It may take a while to complete scanning and this is normal.

You will be disconnected from the internet and your desktop icons/toolbars will disappear during scanning, do not worry, this is normal and it will be restored after scanning has completed.

Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please upload that file to rapidshare.com and paste the link here.

3) Switch DNS server to opendns.com: http://www.opendns.com/start/


--------------------------------------------
To Private Message me Click Here


Report •

#6
May 25, 2009 at 15:07:34
combo fix log

OK, done with the steps


Report •

#7
May 25, 2009 at 15:15:20
Is your google redirect problem solved? Follow these steps in order numbered next:

1) Run this script in AVZ:


begin
CreateQurantineArchive('c:\quarantine.zip');
end.

2) A file called quarantine.zip should be created in C:\. Then please zip up C:\qoobox\quarantine and upload both it and C:\quarantine.zip to a filehost such as http://rapidshare.com/ Then, Private Message me the Download link to the uploaded file.

3) Lastly, uninstall Combofix by: pause Antivirus/Sypware programs (http://www.bleepingcomputer.com/forums/topic114351.html Programs to disable) > Start > run > type combofix /u > ok. Or Start > run > type CFinstall /u > ok.

--------------------------------------------
To Private Message me Click Here


Report •

#8
May 25, 2009 at 15:23:37
nope, still getting redirected. Not every time I click a link but still the occasional redirect.

Report •

#9
May 25, 2009 at 15:34:21
Which Ad-site doesn't it redirect too? Can you post URL of it. Also possible post a screen shot.

--------------------------------------------
To Private Message me Click Here


Report •

#10
May 25, 2009 at 15:49:56
Did a simple search for "yes" on google. attempts to get to wikipedia page redirects me to me to these sites among others that generally say no results found:
http: //ragoutingdesilvering.com/results.php?q=yes
http: //blattellaisobathythermal.com/results.php?q=yes
http ://downloadtoolsforfree.com/ins...
http ://www.thetop10.com/search/default.aspx?kwd=yes&subid=65456-11774-2970" http ://woggishparsed.com/results.php?q=yes

screenshots:
http://rapidshare.com/files/2372193...
http://rapidshare.com/files/2372179...


Report •

#11
May 25, 2009 at 16:06:13
Does it only happen in firefox or same thing happens in other browser?

--------------------------------------------
To Private Message me Click Here


Report •

#12
May 25, 2009 at 16:13:19
IE seems to be fine. So just Firefox as far as I can tell.

Report •

#13
May 25, 2009 at 16:24:30
Best way would be to back up your plugins and reinstall firefox. You can also try this method.

Download ATF Cleaner by Atribune: http://www.atribune.org/ccount/clic... .This program is for XP and Windows 2000 only

* Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button.

* Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Reboot and see if problem still exists.

--------------------------------------------
To Private Message me Click Here


Report •

#14
May 25, 2009 at 16:41:23
Done, rebooted, still got the problem.

Report •

#15
May 25, 2009 at 17:08:57
tdsblog.ru and v1.adwarefeed.com? I see these flash on the bottom left of my browser window. The v1adware.com flashed when I hit the search button and the tdsblog.ru flashes when I select a search result but only occasionally, maybe every 10 times I try to click through a link.

Report •

#16
May 25, 2009 at 17:20:53
Download http://www.superantispyware.com/dow... , Run full scan, fix what it detects and post scan log at the end.

--------------------------------------------
To Private Message me Click Here


Report •

#17
May 25, 2009 at 18:31:39
Log file:
http://rapidshare.com/files/2372518...

Looks like I might be clean. I really appreciate the help, really.


Report •

#18
May 25, 2009 at 18:39:45
Seems like culprit is firefox or one of its plugins since it only happens in firefox. Best way is to reinstall firefox and see if it still happens. You might also want to scan with bitdefender/eset online scanner to eliminate trojan possibilities before you reinstall firefox.

--------------------------------------------
To Private Message me Click Here


Report •


Ask Question