redirecting virus and other problems

May 22, 2010 at 13:19:08
Specs: Windows XP
Hello, I am having some problems with my system. I got a virus the other day while trying to watch a movie online which made all of those fake anti-virus programs pop up which try to trick you into downloading them. I ran Avast and it could not get rid of the problem. The next day when I turned my laptop on, the anti-virus program things were gone, but my internet would not work. After some time on the phone with Dell, I got it to work by messing with the settings in Internet Explorer. However, now everytime I try to click a link from a search engine like Yahoo, it redirects me to some other webpage. Also, my hibernate isn't working now for some reason (it goes to the hibernate screen for a split second, then right back to my desktop). Also, strangely my start bar has changed from blue to white. Can someone help me get things back to normal? By the way, I'm not positive that my 1505 is dual or single core, how can you tell?

See More: redirecting virus and other problems

Report •

May 22, 2010 at 19:02:10
Please follow the instructions and we will help you get cleaned up :)

1.) Download and install HijackThis

2.) Once installed, open HijackThis by clicking Start > Program Files > HijackThis and click the button labeled "Do a system scan only".

3.) Once the scan is complete, the scan button will read "Save log". You may save the log file to your PC. Once you select where you would like to save the file, (your going to post it for us) it will open in your system's default text editor. Typically this application is Notepad. Please copy and paste the entire log. Please do nothing else for the time being in HijackThis. thank you

Report •

May 23, 2010 at 09:05:23
I also am having problems with Google redirecting me to random ads. I dl'd windows defender and it found no spyware. I also dl'd and ran hijackthis and have a log available for your review. Please let me know what steps to take and what other info you need from me.

Thanks in advance,

Report •

May 23, 2010 at 12:05:40

Run HijackThis and post the log back here. Thank You

Report •

Related Solutions

May 23, 2010 at 14:14:12
Here is my log from Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:13:29 PM, on 5/23/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Lexmark X5400 Series\lxdvmon.exe
C:\Program Files\Lexmark X5400 Series\lxdvamon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [lxdvmon.exe] "C:\Program Files\Lexmark X5400 Series\lxdvmon.exe"
O4 - HKLM\..\Run: [lxdvamon] "C:\Program Files\Lexmark X5400 Series\lxdvamon.exe"
O4 - HKLM\..\Run: [Lexmark X5400 Series Fax Server] "C:\Program Files\Lexmark X5400 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [sydouiqu] C:\Documents and Settings\Derek January\Local Settings\Application Data\yfevtjcnu\ovbvgwutssd.exe
O4 - HKCU\..\Run: [asam] C:\Documents and Settings\Derek January\Local Settings\Application Data\asam.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} (FBootloaderAX) -
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) -
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxdvCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdvserv.exe
O23 - Service: lxdv_device - - C:\WINDOWS\system32\lxdvcoms.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\WINDOWS\system32\rpcnet.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

End of file - 7839 bytes

Report •

May 23, 2010 at 14:37:21
torre667 go ahead and post your HJT log then go to the below link and follow the directions in the "very important stuff" forum it is very important to do these things first if you want to get free of malware

Report •

May 23, 2010 at 14:42:25

you do have nasty malware any i have seen this type before.
you also need to follow the instructions on my site for prior to removal. this is VERY IMPORTANT. This is a redirecting virus.
please go here and follow all the steps. You can either post back here or post in the HijackThis logs go here forum in my site afterward. once you are done with that let me know and we will begin removal process. follow the link below.

Report •

May 23, 2010 at 17:50:31
I am following your steps. I'm guessing that Hijackthis is not considered an anti virus program? So I can leave that and Avast on my hard drive?

Report •

May 23, 2010 at 17:56:47
Another question - Avast doesn't have a firewall setting does it? I'm pretty sure I just have the Windows firewall turned on.

Report •

May 23, 2010 at 18:00:25
Yet another question...sorry! You say to uninstall Sun my add/remove programs there is Java(TM) 6 Update that what you're referring to? Do I uninstall that and then install the Sun Java thing on your page?

Report •

May 23, 2010 at 20:39:37
yes you can leave them both on (hijackthis and avast)
what we are talking about is having two ANIT_SPYWARE programs AVAST is one HIJACKTHIS is not. No problem in asking, it is better to be safe than sorry :)

also you only want to uninstall old versions of sun java

if you have trouble with this refer to this page it will test you java for you and get you updated. once you do this let me know and i will instruct you on the first scan

I also noticed that you have VIEW POINT SERVICE installed.
have you followed all the instructions on my site in the ""VERY IMPORTANT STUFF" forum if not here is the link

Report •

May 23, 2010 at 20:49:48
i understand that this is alot to take in and alot to do. but this will all help you in the long run. i can teach you how to remove the malware correctly so it will not bother you any more. then we will get you set up with the proper protection so you do not need to do this again. :)

Report •

May 23, 2010 at 21:20:05
OK, I uninstalled my old version of Java and got the new update, and also got rid of all the Viewpoint software I saw in add/remove programs. I'm ready to do the scan if you wanna let me know how. Do you want me to download Ccleaner and follow the steps for that even though I already have Avast?

I'm following the steps....when you say to remove files from the quarantine in the anti-virus program, that would be the items listed in the "virus chest" in Avast, correct? I should just delete all these?

By the way, not sure if you saw my question about the firewall - Avast doesn't have a firewall setting right? Or does it? I'm pretty sure I just have the Windows firewall turned on.

Something else strange, I tried using System Restore because I thought that might fix everything, but though I tried several of the dates that were available, everytime after it restarts it says "Restoration incomplete."

Thanks for all your help, much appreciated!!

Report •

May 23, 2010 at 22:42:37
go to my site and follow the steps for the scans. do everything in the "download do not install" forum then you can do everything in the "install and run instructions" forum.
here is the link to download everything

here is the link to install and run

Report •

May 23, 2010 at 22:45:04
in regards to "I'm following the steps....when you say to remove files from the quarantine in the anti-virus program, that would be the items listed in the "virus chest" in Avast, correct? I should just delete all these?"

The answer is yes, delete these.

in regards to

Report •

May 23, 2010 at 23:29:03
OK, I'll get to those scans in a bit, but on your page you recommended downloading Ccleaner and follow the steps for it, should I still do this first?

Report •

May 25, 2010 at 12:50:18
yes you should run the CCleaner first.

Report •

May 25, 2010 at 23:43:41
Hey, you're still here with me right? Sorry, I couldn't connect to the internet all day yesterday for some reason (I'm sure its part of this virus), but after restarting several times today I was able to get on. OK, so I just installed Ccleaner and went through all the steps you had listed for it. Would you like me to post another Hijackthis log, or are we still OK with the original? Should I head on to doing the scans for the other programs now? I'll wait for you to give me the good to go.

Report •

June 21, 2010 at 21:35:22
Step 1. In order to remove Google Redirect Virus, first you need to know what this threat is and how does it harm your computer? The malware lives up to its name and causes redirection of search results. If you search something on Google, this virus will redirect your to another malicious websites and advertisements. It won't let you see genuine results from Google. Apart from this, this virus can also do the following gimmicks:

A) It will show you errors saying that filename.exe is not a valid WIn32 application.
B) If you download and try to install a new program, It may tell you that setup files are corrupted and you need to download a fresh copy. It will keep bugging you again and again.
C) It will infect Internet Explorer, Firefox and then redirect you to malicious websites showing advertisements and pop ups.

Step 2. It is extremely important that you remove Google Redirect virus as soon as possible To remove Google Redirect Virus, you need to follow these steps :

Please click on "Start-->Run". Type "devmgmt.msc" and Click on OK. This will run Device Manager. In Device Manager, click on "View-->Show Hidden Devices".

Step 3. Please expand all the devices by click on the "Plus" sign. Now try to find "TDSSserv.sys" right click Disable. Please make sure that you do not select the Un-Install option otherwise infection will be back once you reboot your computer.

Step 4. After disabling the TDSSserv.sys, please download a Spyware Remover and remove Google redirect Virus completely from your system. Please note that you need to remove several registry entries to remove it completely and you never know if you have other threats in your system. Be wise and remove it with a Spyware Remover Software.

Kristain Hayes

Report •

Ask Question