Solved I have the Google redirect virus

August 29, 2011 at 19:03:08
Specs: Windows 7 Home Professional, Intel Core2 Duo CPU, 3GB RAM
how do I remove the Google redirect virus?

I have tried, without success, malwarebytes and Kaspersky.


See More: I have the Google redirect virus

Report •

#1
August 30, 2011 at 15:50:42
✔ Best Answer
Chuck Pierpont,

Please download DDS from one of these locations:
http://download.bleepingcomputer.co...
http://download.bleepingcomputer.co...


Save it to your Desktop

Right-click the dds file and select: 'Run as Administraror'

When done, DDS opens two logs:
-DDS.txt
-Attach.txt

Save both reports to your Desktop.

Since these reports are large, please go to the Uploading website:
http://uploading.com/files/upload/

In: Select files to upload, click 'Browse', and 'Look in' the Desktop.
Select the DDS.txt, and click on 'Open'
You will see the following:
Your file has been uploaded successfully: (Name and size of the file)

Please copy the 'Download link'.

Do the same uploading for the Attach.txt.

Please copy the 'Download link', for each report, and provide them in your reply.

Once the reports are available, we can determine what needs to be done to get rid of the malware.

Thanks!

~~~~
Retired - Doin' Dis, Dat, and slapping malware.
Malware Eliminator/ Member of UNITE and the
Alliance of Security Analysis Professionals


Report •

#2
August 30, 2011 at 19:40:15
Thank you so much for your help!

Here are the links:

DDS: http://uploading.com/files/41ec4ce4...
Attach: http://uploading.com/files/a2168b43...

I hope this darned virus will a thing of my past very soon!


Report •

#3
August 31, 2011 at 04:12:25
Chuck Pierpont,

Which Kaspersky program did you use?

Also, are the redirections happening when you use Internet Explorer, FireFox, Chrome, or all of these?

~~~~
Retired - Doin' Dis, Dat, and slapping malware.
Malware Eliminator/ Member of UNITE and the
Alliance of Security Analysis Professionals


Report •

Related Solutions

#4
August 31, 2011 at 04:53:06
Let's try the following...

Please download ComboFix:
http://download.bleepingcomputer.co...

Save ComboFix.exe to your Desktop!!


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with the running of CF.

Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link: http://www.bleepingcomputer.com/for...


Windows 7 - Right-click on ComboFix.exe and select: 'Run as Administrator'

Follow the prompts.

Click on ‘Yes‘, to continue scanning for malware.

When finished, CF produces a report.

Since this report can also be large, please go to the ‘Uploading’ website:
http://uploading.com/files/upload/

In: Select files to upload, click 'Browse', and 'Look in' the Desktop.
Select the ComboFix report, and click on 'Open'
You will see the following:
“Your file has been uploaded successfully: (Name and size of the file)”

Please copy the 'Download link', and provide it in your reply.

Notes:

1.Do not mouse-click the ComboFix window while it is running.
This action may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making IE the default browser.

3. CF disconnects your machine from the internet. However, the connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

~~~~
Retired - Doin' Dis, Dat, and slapping malware.
Malware Eliminator/ Member of UNITE and the
Alliance of Security Analysis Professionals


Report •

#5
August 31, 2011 at 16:55:45
I have Kaspersky Pure. Just got it last week.

It only seems to be happening in Firefox, not IE. I don't have any other browsers. I prefer Firefox, but have resorted to using IE exclusively.


Report •

#6
August 31, 2011 at 17:30:21
The combofix log is here: http://uploading.com/files/532aam59...

Thanks again for your help!


Report •

#7
August 31, 2011 at 19:35:42
Chuck Pierpont,

Please continue to disable your AntiVirus program and any AntiSpyware programs while performing the following scan. It will preclude conflicts, and will speed up scan time.

However, don't go surfing while your protection is disabled! Once we are done running some programs, you can re-enable protection.

Now, let's run an ESET Online Scanner

Since you are using Windows Seven to perform this scan, go to the 'Start' button, look for the browser icon, right-click it, and select: 'Run as administrator.

In the browser address bar, copy paste the following:
http://www.eset.com/us/online-scanner

Press the 'ESET Online Scanner' button
[*]In the prompt that appears, check 'Yes' to Accept Terms of Use, and click the 'Start' button

[*]Allow the ActiveX to download, and click: 'Install'
http://www.eset.com/us/online-scann...

[*]In the next screen, make sure the option Remove found threats is unchecked, and press the Start button again.

[*]ESET downloads its updates, installs, and begins scanning your computer.

[*]When the scan is done, press: 'List of found threats'

[*]Press 'Export to text file...', and save the file to your desktop as: ESET Scan.

[*]Press the 'Back' button.
[*]Press: Finish

Please provide the contents of the 'ESET Scan' report in your reply.

Also, provide an update on whether you are still being redirected.

~~~~
Retired - Doin' Dis, Dat, and slapping malware.
Malware Eliminator/ Member of UNITE and the
Alliance of Security Analysis Professionals


Report •

#8
September 1, 2011 at 19:43:12
I didn't see a log. I did see that it found 3 infected files and had cleaned them. I did search the hard drive for a log, but didn't find anything.

Report •

#9
September 1, 2011 at 21:52:52
Please remove any previous download of TDSSKiller (if used) and download the latest version:
http://support.kaspersky.com/downlo...

Execute the file:
Right-click tdsskiller.exe and select: Run as Administrator

Press the button: Start Scan

The tool scans and detects two object types:
Malicious (where the malware has been identified)
Suspicious (where the malware cannot be identified)

When the scan is over, the tool outputs a list of detected objects (Malicious or Suspicious) with their description.

It automatically selects an action (Cure or Delete) for Malicious objects. Leave the setting as it is.

It also prompts the User to select an action to apply to Suspicious objects ('Skip', by default). Leave the setting as it is.

After clicking Next/Continue, the tool applies the selected actions.


A Reboot Required prompt may appear after a disinfection. Please reboot.


By default, the tool outputs its log to the system disk root folder (the disk with the Windows operating system, normally C:\).

Logs have a name like:
C:\TDSSKiller.2.4.7_23.07.2010_15.31.43_log.txt

Please post the TDSSKiller log in your reply.

Thanks!

~~~~
Retired - Doin' Dis, Dat, and slapping malware.
Malware Eliminator/ Member of UNITE and the
Alliance of Security Analysis Professionals


Report •

Ask Question