Google Redirects - Trojan

August 21, 2009 at 20:16:37
Specs: Vista 32 SP1

I recently picked up a Trojan and am having a very difficult time getting rid of it. I've tried to follow the instructions from other posts I've seen here but am not having any success.

Symptoms: Google redirects, multiple instances of SVCHOST.exe, continuous attempts to contact outside IPs.

AVG blocks most of these and shuts down the rogue SVCHOSTs but is unable to clean it out permanently. SUPERantispyware, Malwarebytes, Spydoctor and Combofix have had no success either.

I'm hoping I simply overlooked something or missed a step. Any assistance would be greatly appreciated.

See More: Google Redirects - Trojan

Report •

August 21, 2009 at 21:06:31
Deleted logs. I have them for when/if requested.

Report •

August 21, 2009 at 21:28:26
good luck with your post. I hope someone requested you to post your logs. I guess Justin should make the warning LARGER so it is easier to read.

Some HELP in posting on plus free progs and instructions Cheers

Report •

August 21, 2009 at 21:44:15
Didn't see a warning about posting logs, was just following the other examples I've seen. I'll take your word for it and have deleted them. Also, your link didn't have a warning either, just a bunch of links for helpful programs.

Maybe I'm blind? :)

Report •

Related Solutions

August 22, 2009 at 04:34:19
I did a scan with Kaspersky and it came up with the following infection:


First time I've seen this out of all the scans I've done. It appears to be the only thing left on my system but nothing is able to remove it. Could really use some help on this one.


Report •

August 22, 2009 at 06:46:14
will probably help you. But instead of using AVG, download Avast Free:
and allow it to do a bootscan on reboot. Move ALL it finds to the chest

Some HELP in posting on plus free progs and instructions Cheers

Report •

August 22, 2009 at 20:06:57
Thanks for the suggestions.

The first link is broken.

Did the bootscan with Avast and am currently running thru the regular scan. Got my fingers crossed. This'll be the 3rd day I've been working on this; getting a little disheartening.

Report •

August 22, 2009 at 20:25:47
sorry about the broken link, I did copy the whole address but this site software may have condensed it and made it unuseable. I looked and couldn't locate that site again, sorry.

You can copy and paste your HJT log ino
and then google the questionable items.

Some HELP in posting on plus free progs and instructions Cheers

Report •

August 23, 2009 at 05:11:32

I am almost sure, that this is rootkit infection. Thats why SUPERantispyware, Malwarebytes, Spydoctor and Combofix failed. Can you send Gmer log?

- Go to

- Download .exe file
- Launch it
- Wait a while until fast scan is finished
- Run full scan using "Scan" button
- Save log file
- Post it here


Report •

August 23, 2009 at 06:06:52
Here is one precaution about gmer found on this website:

>>One thing to note though, if you don’t think your computer
infected any malware better not to download it and play with
it. When I use GMER it deleted one of the very important
system files Kernal32.dll from my windows directory. My
computer can not boot at all. Fortunately there are usually
many copies of Kernal32.dll located in different places in the
system. I can use a boot cd to boot the system to DOS
command mode and copy Kernal32.dll from other place to
c:\windows\sytem32. If you don’t have boot disk on hand then
most likely you have to reinstall windows and all other
programs on the system.<<<

F-Secure Blacklight is a pretty safe root-kit remover:
I've used it many times

Some HELP in posting on plus free progs and instructions Cheers

Report •

August 23, 2009 at 07:38:01
XpUser4Real: Thats BS...

a) Kernal32.dll is not system file. Of course you cannot delete it if virus created some registry key and infected file is necessary for system boot.

b) Gmer does NOT delete any files automatically.

c) You can play with hijacks etc, but none of these applications will be able delete rootkit.

Report •

Ask Question