redirection from google

July 31, 2011 at 10:34:16
Specs: Windows 7, i7 2500k/8gb
Given myself some sort of malware infection trying to use a keygen im pretty confident.
Redirects me from google searches only so far.
Have used updated versions of MBAM and Hitman and combofix. Have got norton installed and would have proected me too, but i had turned of anvtivirus as i was desperate to get my keygen working.

MBAM deleted a few files first go, 4 maybe and nothing since. Killed about 40 files with hitman on first run. 4 have remained, refusing to be deleted. Trying aswMBR now.

nothing to mention but i have a partitioned setup so didnt hit the fix MBR button

Any more good ideas?


See More: redirection from google

Report •

#1
July 31, 2011 at 10:57:41
ecmsheppard,

After you download aswMBR:
http://public.avast.com/~gmerek/asw...
Save it to the Desktop.

Vista/Windows 7 users - Right-click and select: Run as Administrator

Click Scan

Upon completion of the scan, click ‘Save log’ and save it to the Desktop,
Note - Do NOT attempt any fix anything!!.

Please post the log produced by aswMBR in your next reply.

Also, you will notice that another file is created on the Desktop. It is named MBR.dat.

If you have a USB flash drive, please move the mbr.dat file to it.
If not, move the mbr.dat from the Desktop, to the C:\ drive.

This is important, just in case we need to have access to the MBR information!!


Next, download TDSSKiller
http://support.kaspersky.com/downlo...


Execute TDSSKiller.exe by double-clicking on it.

Click: ‘Start Scan’

If Malicious objects are found, DO NOT allow the tool to Cure.
Click the arrow next to 'Cure' and select Skip
We need to see the report first, as it may show false detections!!

Click: Continue

When the tool is done, a log is produced at the root drive which is typically C:\
For example, C:\TDSSKiller.2.4.0.0_24.07.2010_13.10.52_log.txt

Please post the TDSSKiller log in your reply.

Since you ran ComboFix, it produces a report.

Since this report can be quite large, please go to the Uploading website:
http://uploading.com/files/upload/

In: Select files to upload, click 'Browse', and 'Look in' the Desktop.
Select the RU report, and click on 'Open'
You will see the following:
Your file has been uploaded successfully: (Name and size of the file)

Please copy the 'Download link' to the CF report, and also provide it in your reply.

Thanks!

~~~~
Retired - Doin' Dis, Dat, and slapping malware.


Report •

#2
July 31, 2011 at 17:13:54
Had run tdsskiller last night but it didnt report anything, will run everything again when i get home, posting from my mobile at the moment. In the mean time is there anything i should/shouldnt be doing? Backing up my personal docs, checking my bank accounts etc.
Thanks for the help btw

Report •

#3
August 1, 2011 at 18:13:19
ComboFix got it, my security centreis back up and running and no more redirection. Thanks so much for your help

Report •

Related Solutions

#4
August 1, 2011 at 20:36:58
ecmsheppard ,

Glad to know the system appears to be running fine.

Need to make you aware that ComboFix produces a report., and it is best to take a look at this report. Some malicious files may persist, and a ComboFix script may be needed to remove them.

If you decide you want to provide this report for review, since this report can be quite large, please go to the Uploading website:
http://uploading.com/files/upload/

In: 'Select files to upload', click 'Browse', and 'Look in' the Desktop.
Select the ComboFix report, and click on 'Open'
You will see the following:
‘Your file has been uploaded successfully: (Name and size of the file)’

Then copy the 'Download link', and provide it in your reply.

If you decide things are fine as they are, good luck, and safe surfing!!

~~~~
Retired - Doin' Dis, Dat, and slapping malware.


Report •

Ask Question