Over 1 million tech questions and answers.

Rootkit, Malware, Tapi.nfo, Google Redirect, Can't open anit-malware

Q: Rootkit, Malware, Tapi.nfo, Google Redirect, Can't open anit-malware

I recently got a new client who needed help with his computer. It was silly of me to think it would be simple. I was up all night working on it.

His initial problem was that windows would hang on "Loading personal preferences" and would only boot in safe mode. It wasn't the page file, or any of the usual things... though I did start to notice that normal Windows functions didn't work properly, from MsPaint to IExplorer. I tried to run Autoruns.exe and Hijackthis and they shutdown as soon as they were opened. IExplorer wouldn't load pages and firefox would pop up and load the pages instead.

I thought I should just repair windows, which I tried to do and accidentally installed a second copy of windows on the same partition... I then deleted the second windows installation (windows.0), but after that windows would boot fine without safe mode. That was only the beginning though. I found the google redirect on there, a bunch of old adware and a mess of a disorganized computer.

The system also booted and gave a tapi.nfo error, I searched for this and got nowhere. So I went to regedit and deleted the line causing it. It doesn't pop up anymore, but that didn't solve anything.

I looked further into the situation and found that many others are having trouble with rootkit malware that shuts down anti-malware software.

I tried loading malwarebytes, etc, and even renaming the files and the extensions. It still all shuts down immediately when its loaded.

Since IE wasn't working I downloaded a new copy of IE8 and transferred it from my computer to the clients computer and installed it. IE8 worked fine but it of course didn't solve anything. I continued using my personal computer to transfer programs and utilities like malwarebytes to the client computer.

Today my personal computer started acting up... I'm guessing that the malware traveled on my flash drive?

I can't give you any log files, because I can load a program to generate one. Any thoughts?

Oh, and wiping it clean isn't really an option to the client... he's go no backups and he has alot of sensitive work related data. Nor does he have a copy of windows or software that came with his computer... I'm not sure what to tell him.

RELEVANCY SCORE 200
Preferred Solution: Rootkit, Malware, Tapi.nfo, Google Redirect, Can't open anit-malware

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Rootkit, Malware, Tapi.nfo, Google Redirect, Can't open anit-malware

have you tried root repeal? it sounds to me like you've read that post.




Rerun Rootrepeal. After the scan completes, go to the files tab and find this file:

C:\WINDOWS\system32\drivers\UACxpqhxbvttn.sys

Then use your mouse to highlight it in the Rootrepeal window.
Next right mouse click on it and select *wipe file* option only.
Then immediately reboot the computer.

Then run a quick-scan with Malwarebytes. Keep rebooting and running quick-scans with Malwarebytes until it shows zero infections. If after 3 scans it is still not clean post the final log.

this isn't my post so I can't take credit for it but apparently it works
good luck either way. the entire post is called AntiSpy Protector 2009 you should check it out before trying this, good luck

Read other 38 answers
RELEVANCY SCORE 103.2

I have a default Yoog Search in my Search Engines, i try to remove it and set it as google but it would again default to Yoog. Next thing is I just cannot run 'sybot search & destroy' and doesnt let me open any anti-malware related sites. I cant download any anti malware apps. I am just stuck. I saw a post " Win 2K hijack issue - unable to run malware apps!". I have exactly the same case on my system.

 

Read other answers
RELEVANCY SCORE 92

I have spent nearly a week now using every anti virus, malware, and rootkit program I can find, and even after correcting everything found, I am still infected. I have easily spent 40 hours on this so far. I need expert help for sure. I am on a Dell Latitude 610 and windows xp profesiional sp2 with all updates current.

The problems are:
1. Very slow computer, hard drive is constantly reading and writing. What its doing, I dont know. Watching the processes in task manager have not clarified that much. The computer runs incredibly slow!

2. My Ad Aware active protection keeps blocking my computers attempts to connect to a couple malicious websites. I looked up the few urls and they are malicious and not normal web sites. The program shown as trying to connect was originally a hidden program I found and deleted with sophos anti-rootkit. Now the programs showing as trying to connect are usually svchost or iexplore.

3. I get pop ups for zinga, shopping websites and search engines I did not ask for. I think is called the google redirect issue, when I am using Internet explorer 8.

4. The hosts file was checked and only has localhost in it and the listings added by spybot search and destroy. That file keeps adding www.007guard.com and the large spybot list, even though I deleted Spybot via uninstall.

5. I delete all hidden files found by sophos antirootkit many times, only to restart and find four new hidden temporary internet files made again. An Sophos error message in the ... Read more

A:Google redirect and rootkit malware

Hello,Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Orange Blossom

Read other 2 answers
RELEVANCY SCORE 91.2

Hi,I posted in another section and followed all advice given. I still have a virus that is redirecting me, on occasion, in google, it stops certain e.e files loading and causes me to blue screen some times. For example, i read the preparation guide for this and i'll pose the ddr.txt and attach.txt but i can't run the Gmer.exe as ever time i try i get a blue screen and a restart, so i hope what follows is sufficient to help solve my problem. Many thanks.DDS (Ver_2011-06-03.01) - NTFSx86 Internet Explorer: 8.0.6001.18904Run by AP at 23:21:32 on 2011-06-06Microsoft? Windows Vista? Home Premium 6.0.6000.0.1252.44.1033.18.3070.1788 [GMT 1:00]..============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exeC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\SLsvc.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Program Files\... Read more

A:Google redirect, bluescreen, possible rootkit malware

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 9 answers
RELEVANCY SCORE 91.2

we're having a techincal issue with google that everytime we click on the search results we get redirected to false websites,sometimes anonymous websites pop up randomly on our screen and we don't know where it is coming from nor what to do to it or disable from coming back again.and we also having issues with our firwall configurations and it seems like it's blocking programs and it won't even let me acces to the firwall menu on the windows security center and everytime i click on it and it tells me : Windows firewall settings cannot be displayed because the associated service is not running.do you want to start the windows firewall/internet connection sharing (ICS) and then when we click YES,it says that windows cannot start the firewall/internet connection sharing(ICS).so we don't know what to do...please HELP!!!
thank you very much.

A:Google redirect malware / rootkit.virus perhaps ?

Hello and welcome... Can we do this.>>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.RKill....Download and Run RKillPlease download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4

Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
If nothing happens or if the tool does not run, please let me know in your next replyDo not reboot your computer after running rkill as the malware programs will start again.^^If you get an alert that Rkill is "infected", ignore it. The alert is just a fake warning given by the rogue software which tries to terminate programs that try to remove it. If you see such a warning, leave the warning on the screen and then run Rkill again. By not closing the warning, this sometimes allows you to bypass the malware's attempt to protect itself so that Rkill can perform its routine. Next run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware (v1.46) and save it... Read more

Read other 1 answers
RELEVANCY SCORE 90

My son's Toshiba Satellite laptop, which runs Windows 7, was recently infected with malware that redirected Internet Explorer to an 'iGoogle' site.  I'm afraid I failed to note its exact url, though it featured the letters 'TEUA', along the following lines...   www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA...
 
Having looked online, I suspected this was some form of Google redirect/rootkit malware.  I therefore followed the instructions on this Youtube video c/o atechjourney.com: http://www.youtube.com/watch?v=H-YPtErh1t4
 
This succeeded in removing the default IE homepage the malware had presumably created.  However, on creating a bootlog as instructed, I was unable to identify any suspicious software.  
 
While IE had stopped redirecting on launch, other problems continued - I remain unable to launch Chrome, McAfee or Malwarebytes, and IE crashes continually, which suggests to me I've treated the symptom, not the cause.
 
I've since tried RKill & TDSSKIller, neither of which could identify a threat.
 
If anyone can help me I'd be v. grateful.  Log below/attached.  
 
I should point out that I'm pretty much an ignoramus when it comes to computers.
 
Thanks for your help.  
 
Daf
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16457
Run by morys at 13:28:47 on 2013-11-02
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.3986... Read more

A:Unidentified malware - poss. Google redirect/rootkit

Please run the following:Please download Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Read other 24 answers
RELEVANCY SCORE 89.2

Hi all,

I recently became the victim of google redirect malware. I'm not sure where I got it from specifically, but while browsing last Wednesday, a rogue spyware removal popup appeared saying my computer had been infected and to go buy the spyware removal program to remove it. I immediately closed the window, but it had already installed itself. All google links in firefox started redirecting to various other sites. About 1 in 4 links in IE redirected to other sites. Unfortunately I did not have any antivirus software running at the time.

There was a "anti-spyware" program installed on my machine, I apologize but I cannot now remember which one it was now - I *think* it may have been AV Antispyware, but don't take that as hard fact - I should have written it down but didn't think to at the time. I followed removal instructions I found on several spyware removal websites including malwarebytes. However, the google redirects did not stop.

I ran malwarebytes, superantispyware, and bitdefender. Superantispyware found a couple of files that I removed, but all in all they didn't find anything that fixed the google redirects. Hijackthis and RootKitRevealer didn't show up anything my malware-novice eye could pick up. I could not boot into safe mode - I got a blue screen with an access violation each time I tried, but I could boot into normal Windows. The machine also froze once or twice during normal Windows.

The machine needed a reinstall anyway, so I decided ... Read more

A:Google redirect malware, suspect rootkit still on machine after reburn

Bumping thread.

I'm not sure if I didn't provide the right answer or ask the right question? If someone could let me know what additional information I can provide that would be useful as a lot of other threads seem to be getting replies.

There is definitely something wrong with my machine after the reinstall. The most significant is that Outlook spins the hard drive to the point it sometimes freezes the machine (mouse and keyboard lock up) almost every time I click on a new email. I also have had the machine completely freeze up multiple times now where I have to power cycle it. This is on a fresh factory install from the Lenovo boot partition on a less than one year old machine - until I got the malware last week everything was working fine on it.

I'm considering a completely fresh Windows install of Windows 7, but I'm nervous that I have a rootkit or something has been done to the machine that's caused it to be so problematic after I tried to reinstall Windows already. Does the information I posted provide any useful indication?

Read other 1 answers
RELEVANCY SCORE 88.8

I think I have a rootkit installed, because at first the usual SE2010 or security malware was popping up, but after I tried MBAM I got rid of that; doesn't seem to be reappearing. However, now my system is acting strange, some programs won't open and the start bar at the bottom of the screen has been reverting to the classic look without me changing it. I am running XP Media Center Edition, and have done the prequisite guide. I am also relatively new to this, so I probably won't know any of the more technical terms or anything like that. Any help would be appreciated, as I've tried everything I know and it does not seem to be working. Thanks in advance!

Read other answers
RELEVANCY SCORE 88.4

Okay. I've had a bit of trouble for about a week. First I noticed that my google searches kept redirecting to different sites. And then I noticed my browser was running entirely too slow. I tried pulling up the Task Manager to see what was going on but I kept getting an error message upon a black screen saying that Task Manager failed to boot up or something. At this point I was very aware that I had something on my computer and phoned a friend who said to download Malwarebytes and use it.

I did just that. Took care of the Task Manager problem. I decided to run an AVG scan. Full scan waited for 3 hours and came back with nothing. I use Google Chrome as my browser and hopped back on but was still experiencing the same problem. So I searched around and find a Youtube video demonstrating Malwarebytes, Hitman Pro and ComboFix. I downloaded/ran Hitman Pro and was shown a "possible TDSS/Alureon/variant" message across the top of the scan and something about hidden drivers. I was still convinced that the problem was present but I had read the warnings about ComboFix and how it was to be used only by pros. I googled ComboFix and after some browsing came across a forum post of the Admin Gringo helping someone get rid of a problem that seemed very similar to mine. So this is me giving it a shot.

Since I found out I was infected I've been operating in Safe mode with Networking support fairly often so i dont get slowed down too much. Hope that is a good thing. My OS ... Read more

A:Google redirect malware/Trojan/Rootkit/problem slowing down computer!

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 16 answers
RELEVANCY SCORE 88.4

Okay. I've had a bit of trouble for about a week. First I noticed that my google searches kept redirecting to different sites. And then I noticed my browser was running entirely too slow. I tried pulling up the Task Manager to see what was going on but I kept getting an error message upon a black screen saying that Task Manager failed to boot up or something. At this point I was very aware that I had something on my computer and phoned a friend who said to download Malwarebytes and use it.

I did just that. Took care of the Task Manager problem. I decided to run an AVG scan. Full scan waited for 3 hours and came back with nothing. I use Google Chrome as my browser and hopped back on but was still experiencing the same problem. So I searched around and find a Youtube video demonstrating Malwarebytes, Hitman Pro and ComboFix. I downloaded/ran Hitman Pro and was shown a "possible TDSS/Alureon/variant" message across the top of the scan and something about hidden drivers. I was still convinced that the problem was present but I had read the warnings about ComboFix and how it was to be used only by pros. I googled ComboFix and after some browsing came across a forum post of the Admin Gringo helping someone get rid of a problem that seemed very similar to mine. So this is me giving it a shot.

Since I found out I was infected I've been operating in Safe mode with Networking support fairly often so i dont get slowed down too much. Hope that is a good thing. My OS ... Read more

A:Google redirect malware/Trojan/Rootkit/problem slowing down computer!

Welcome aboard With the information you have provided I believe you will need help from the malware removal team. I would like you to start a new thread and post a DDS log HERE and include a link to this thread. Please make sure that you read the information about getting started before you start your thread.It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient. Help is on the way!

Read other 4 answers
RELEVANCY SCORE 88.4

Hi there,My browser has been hijacked, especially when I click on any search results google gives out - I get redirected to a host of malware sites.I've scanned my cpu with numerous security scanners, Avira, SUPERa/s, Bitdefender, TrendMicro sysclean. All to no avail in removing the browser hijack, untill I did a MBAM scan, which found "Rootkit.Agent" located at "sys32\str.sys" - I've tried multiple times to delete the culprit (or what I think is the culprit) even with file assassin, but the str.sys just reloads at restart, whether it's quarantined or not! Another major issues is; the continual blue screen error followed with a forced reboot, I'm guessing this is the product of whatever malware I'm infected with. Here is the Hijackthis log::UPDATE since first post: Windows Malicious software tool notified me upon restart the following day that during a scan it detected and removed "Win:MSRT:Backdoor:WinNT/Rustock.gen!B" - although browser hijack still remains. Also Avira webguard contiually beeps of a block malware "TR/Crypt.ZPACK.Gen" but the pop up window doest show even though I have it set to do so in Avira's options. Whether these infections are all related, I don't know - but it seems like my machine is heavily infected! Please help! Pasted new HJT log below::----------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 17:04:19, on 15/07/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Inter... Read more

A:Google Search results redirect to malware sites - Rootkit Infection

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 86.4

Hello,

I believe that I have some bugs in my computer that I need to get rid of. Google links are getting redirected, I can't open anti-spyware programs and I can't print any documents via the network. Please help.

When I run the DDS, it returns a single text file (~500kb) of garbled information.

GMER freezes up everytime before I can make the neccesary changes to the scan.

I've tried erasing, redownloading and re-running both programs twice with no luck.

Any help would be greatly appreciated.

Read other answers
RELEVANCY SCORE 86.4

I recently have been infected with some sort of virus/rootkit/trojan and need some help.

I've tried following the directions in "Preparation Guide for use before posting about your potential Malware problem" but DDS will only open briefly then immediately closes down.

SUPERAntiSpyware, Malwarebytes, HiJackThis all will not open, I get the error message "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item."

Also Google search will redirect me most of the time when trying to click on search results, in both IE8 and FireFox.

Also some random Tom Arnold (the actor) advertisement sound clip was playing last night on my computer at random times, with no way to turn it off. No media player or browser was open, it was just playing in the background and I could find no way to shut it off.

I have limited use of RootRepeal, most scans I do will just crash/exit the program before it is completed.

Any suggestions would be greatly appreciated!

A:Google Redirect, can't open many Anti-Malware apps...

Hello Jexx and to BleepingComputer.If you have what I think you have, then you should be able to produce a Drivers log with RootRepeal. Could you please post that for my review? ~BladeIn your next reply, please include the following:RootRepeal log

Read other 4 answers
RELEVANCY SCORE 84.8

Hello,

I am having a problem with being redirected in google and yahoo.

I also am unable to check for updates on Malware "Update failed. Make sure you are connected to the internet and your firewall is set to allow malwarebytes anti-malware to access the internt".
- My internet works.
- My firewall has Malwarebytes anti-malware on the exception list
I can run the quick scan and full scan and it shows no problems.
I CAN NOT update at all before I run them.

Some web pages will not connect at all.
- I cant get on any Microsoft page. I get the error page "Internet Explorer Cannot Display the Web Page"
- I can get on Malwarebytes web page. I get the error page "Internet Explorer Cannot Display the Web Page"
I am connected to the internet. It is as if this virus does NOT want me to get help!!!
- I also tried to download run the AVG Internet Security Free Version. It wont let me download it either. I get an error message.

HELP!!
Thanks so much,

A:Redirect Google & Yahoo, cant update windows or Malware. Cant open some web pages.

Hello, let's try to run either or both of theseIf you cannot use the Internet,you will need access to another computer that has a connection.From there save mbam-setup.exe to a flash,usb,jump drive or CD. Now transfer it to the infected machine, then install and run the program. If you cannot transfer to or install on the infected machine, try running the setup (installation) file directly from the flash drive or CD by double-clicking on mbam-setup.exe so it will install on the hard drive.***Manually Downloading Updates: Manually download them from HERE and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.DownloadFixExe.reg FixExe.reg Download RKill...., Some times several attempts are needed to kill the malwares before running MBAM.Please download Rkill by Grinler and save it to your desktop.Link 2Link 3Link 4Double-click on the Rkill desktop icon to run the tool.If using Vista, right-click on it and Run As Administrator.A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.If not, delete the file, then download and use the one provided in Link 2.If it does not work, repeat the process and attemp... Read more

Read other 13 answers
RELEVANCY SCORE 82.8

Hi,

I am the IT manager in my company.

I have a co-worker, his computer has search redirect issue. That means most likely it has malware.
Then i installed some major malware removal: Spybot Search & Destroy, SUPERAntiSpyware, Malwarebytes

After i installed them, i cannot launch them(That definitely means it has some kind of malwares)
I needed to rename their .exe files, after i can run them and scan my computer.

SUPERAntiSpyware, Malwarebytes found something, but didn't solve the problem, search redirect and
blocking malware removal software are still there. Now i am running Spybot Search & Destroy will see what happened.

By the way, i run them in safe mode because when i logon window to normal mode, it is slow (like it takes a long time to explore hard drive, etc). I suspect the malware slow down my pc. hopefully not registry corrupted or something, but works smoothly in safe mode.

So you guys have any suggestions? or you need a log file from combofix?

Please advise,
Tommy

A:malware: google yahoo redirect and can't launch malware removal software

Try this:http://www.bleepingcomputer.com/virus-remo...sing-tdsskiller

Read other 5 answers
RELEVANCY SCORE 76.4

can you run avg free and malwarebytes anti malware at the same time?
 

Read other answers
RELEVANCY SCORE 75.6

Hi there,Working on removing malware or virus from a family friend's computer. Computer was built by someone no longer around to fix the problems. When clicking on links of google search get redirected to any number of ad sites and alternative search engine sites. If i select "cached" view I can get to the website ok. Ran multiple scans with malwarebytes, avg 9.0, ad-aware, etc... AVG gave me a warning screen for "Exploit Neosploit Toolkit (type 1179)" but won't let me do anything but close the window. Desperate for help, never ran into a problem this extensive.DDS text log:DDS (Ver_10-03-17.01) - NTFSx86 Run by Admin at 13:13:57.06 on Sun 07/11/2010Internet Explorer: 7.0.5730.13Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.357 [GMT -4:00]AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}============== Running Processes ===============C:\WINDOWS.1\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS.1\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS.1\system32\spoolsv.exesvchost.exeC:\Program Files\D-Link\RangeBooster G WNA-2330\acs.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\AVG\AVG9\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS.1\system32&... Read more

A:IE redirect/ rootkit malware?

Hello and Welcome to the forums!My name is Gringo and I'll be glad to help you with your computer problems.Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger:Please download DeFogger to your desktop.Double click DeFogger to run the tool. The appli... Read more

Read other 3 answers
RELEVANCY SCORE 74.8

my computer gives me popup saying my computer is infected or in danger and wont let me browse certain websites to download avg or another antivirus
 

Read other answers
RELEVANCY SCORE 74.8

Back in the day Ad-aware and Spybot were the best anti malware/spyware programs out. However, some time has passed and I was wondering what the latest program is out there that everyone recommends. Please let me know.
 

Read other answers
RELEVANCY SCORE 74.8

Couldn't connect to the internet with my browsers tonight and saw the proxy settings had changed (in all 3 browsers: Chrome, IE, and Firefox). Changed them back and now I'm here but I'm assuming there's something bad going on (after a few quick searches on this problem).

I might have caught them all with a Malwarebytes scan a bit ago but maybe right after it switched my proxies...

Posting up the logs here. Any and all help is useful.

Thanks,

Scott


DDS (Ver_10-10-21.02) - FAT32x86
Run by Scott at 1:45:36.20 on Fri 10/29/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.948 [GMT -7:00]

AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Bonjour\mD... Read more

A:Rootkit Malware? Redirect in all browsers to 127.0.0.1

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 13 answers
RELEVANCY SCORE 74

My Laptop has a strange either Malware or Rootkit onit. I have AVG and SUper ANtispyware which I run regulary. AVG keeps picking up threats and quarantining them and superanti spyware only picks up tracking cookies. The Problem is when searching in google when you click the link you are redirected to a totally different website. This is only revelant using ie8 not chrome or firefox. At the bottom of IE8 it links usually via www.pixelsatservice.com. I have rolled back from XP SP3 as I was going to uninstall ie8 as after running combofix which found some rootkit thats what it tried todo but I know that you cannnot remove ie8 after installing SP3. Below is the DDS logs however running GMER blue screened my Laptop twice. This behaviour has not happened at anytime priror to running GMeRANy help greatly appriciated. DDS Log DDS (Ver_10-03-17.01) - NTFSx86 Run by Jamie at 12:03:04.59 on 16/08/2010Internet Explorer: 6.0.2900.2180Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.2007.964 [GMT 1:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}============== Running Processes ===============C:\WINDOWS\System32\svchost.exe -k CognizanceC:\WINDOWS\system32\svchost -k DcomLaunchC:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exesvchost.exeC:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exeC:\WINDOWS\System3... Read more

A:Internet redirect malware or rootkit issue

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

Read other 3 answers
RELEVANCY SCORE 74

Here is my DDS log as advised by boopme..DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702Run by Jason ..... at 23:44:59 on 2011-10-11Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.637 [GMT -4:00]..============== Running Processes ===============.C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exeC:\Program Files\Acer\Acer VCM\RS_Service.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\explorer.exeC:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exeC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\WINDOWS\RTHDCPL.EXEC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\PROGRA~1\LAUNCH~1\LManager.exeC:\WINDOWS\system32\igfxsrvc.exeC:\WINDOWS\PLFSetI.exeC:\Program Files\iTunes\iTunesHelper.exeC:\WINDOWS\WebCam\M3000\M3000Mnt.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Google ... Read more

A:Rootkit -search engine redirect malware

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the r... Read more

Read other 3 answers
RELEVANCY SCORE 74

Requested Logs.... My Laptop is having numerous types of Malware from Search engine redirects (Scour) to aggressive popups of virus warnings and scans and just yesterday porn shortcuts added to my desktop...!10 steps followed... please inform of next step!Thank You!

A:Rootkit, Search Engine Redirect, Malware

Hello madzillaWelcome to BleepingComputer Please do not run Combofix unless instructed to do so.==========================Download OTL to your desktop.Double click on OTL to run it. When the window appears, underneath Output at the top change it to Minimal Output.Under the Standard Registry box change it to All.Under Custom scan's and fixes section paste in the below in boldnetsvcs%SYSTEMDRIVE%\*.*%systemroot%\system32\*.dll /lockedfiles%systemroot%\Tasks\*.job /lockedfiles%systemroot%\System32\config\*.sav %systemroot%\system32\drivers\*.sys /90%systemroot%\system32\Spool\prtprocs\w32x86\*.dllCheck the boxes beside LOP Check and Purity Check.Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.====================Please download Rootkit Unhooker and save it to your desktop.Double-click RKUnhookerLE.exe to run it.Click the Report tab, then click ScanCheck Drivers, Stealth Code, Files, and Code HooksUncheck the rest, then click OKWhen prompted to Select Disks for Scan, make sure C:\ is checked and click OKWait till the scanner has finished then go File > Save ReportSave the report s... Read more

Read other 8 answers
RELEVANCY SCORE 74

I think I picked up a browser redirect virus or rootkit while visiting www.crossfitfootball.com TrendMicro and the Windows Vista firewall detected it and I tried to exit the browser (Firefox), but I kept getting a pop-up claiming that I was trying to open the task manager, which I was not doing. I couldn't escape out of it, but after selecting "cancel" enough the window went away. Now, any search engine I have tried (Google and Yahoo) on either Firefox or IE redirects me to spam sites.

I tried running a TrendMicro scan, but it locked up and never went anywhere. I tried running a MalwareBytes scan too. Although MalwareBytes came up at first, it closed out after about 10 seconds and now says "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the file."

I have followed the instructions for this site in the preparation guide, and my DDS logs are posted/attached below. I could not get gmer to work with either of the links provided. It seemed to download and instal just fine, but it closed itself out after 10 seconds or so (just like MalwareBytes) and now tells me I do not have permission to re-open.

I'm grateful for any help you can provide.
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_20
Run by Owner at 22:57:42 on 2011-08-10
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.3061.952 [GMT -5:00]
.
AV: Tre... Read more

A:Bowser Redirect Malware/Virus (Rootkit?)

Hello and welcome. Please follow these guidelines while we work on your PC:Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I?ve given you the ?All clear.? Absence of symptoms does not mean your machine is clean! Please do not run any scans or install/uninstall any applications without being directed to do so.Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed. Download aswMBR.exe ( 511KB ) to your desktop.Double click the aswMBR.exe to run itClick the "Scan" button to start scanOn completion of the scan click save log, save it to your desktop and post in your next reply.Please include the following in your next post:aswMBR log

Read other 69 answers
RELEVANCY SCORE 73.2

I am infected with a version of the Google Redirect malware problem:- When I click on one of the results from a search on any major search engine, I am redirected to other websites, usually commercial websites such as monstermarketplace.com. I can reach any website if I copy the address in the address bar; I only get redirected when I click directly on the link in the search results page.- Occasionally, a new tab pops up when I am in iGoogle, Gmail, or a Google search page. The new tab's address is www.google.com/webhp. In two occasions a new tab has opened with a commercial website. I always close the windows and have never searched on the google.com/webhp page.Some history:- I was originally infected with the AV Security Suite virus this weekend while downloading the platform for the online game "Battlefield Heroes" (www.battlefieldheroes.com). I tried going online while this virus was active and clicked on some of the pop-ups and alerts, sometimes saying "Yes" and sometimes "No" when it would ask if I wanted to allow access to the home page website. I believe this may have enabled the current redirect malware.- I removed the AV Security Suite virus (at least partly) by renaming and deleting the folder from which it was acting within my Local Settings folder. The current infection must therefore be a leftover of that initial infection.- I ran SpyBot and Ad-Aware, both of which found and removed cookies. I uninstalled both programs a... Read more

A:Infected with Google Redirect / Search Engine Redirect Malware

Hello I Would like you to do the following.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/combofix/how-to-use-combofixPlease ensure you read this guide carefully and install the Recovery Console first. The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.Once installed, you should see a blue screen prompt that says:The Recovery Console was successfully installed.Please continue as follows:Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Click Yes to allow ComboFix to continue scanning for malware.When the tool is finished, it will produce a report for you. Please include the report in your next post:C:\ComboFix.txt"information and logs"In your next post I need the followingLog from Combofixlet me know of any problems you may have hadHow is the computer doing now?Gringo

Read other 13 answers
RELEVANCY SCORE 73.2

Hello,First I have run ComboFix numerous times under the guidance of my university's IT dept, who helped me to run it. But the problem just keeps reoccurring.I have run combofix in safe mode because when I try to run it regularly it blue screens with error code Bad_pool_caller Stop 07000000c2.DDS (Ver_10-03-17.01) - NTFSx86 Run by Ventura at 20:38:41.98 on Sun 05/16/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1324 [GMT -4:00]AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Cisco Systems\VPN Client\cvpnd.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exeC:\Program Files\McAfee\VirusScan Enterprise\engineserver.exeC:\Program Files\M... Read more

A:Google Redirecting Malware/Rootkit

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.1.Please do not run any other tool untill instructed to do so!2.Please reply to this thread, do not start another!3.Please tell me about any problems that have occurred during the fix.4.Please tell me of any other symptoms you may be having as these can help also.5.Please try as much as possible not to run anything while executing a fix.If you follow these instructions, everything should go smoothly.Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.:run combofix:Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/combofix/how-to-use-combofixPlease ensure you read this guide carefully and install the Recovery Console first. The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.Once installed, you should see a blue screen prompt that says:The Recovery Console was successfully installed.Please continue as follows:Close/disable ... Read more

Read other 12 answers
RELEVANCY SCORE 73.2

Hey,
This is the first time i've asked out for help like this but my pc is starting to give up on me and i want to save it before it goes down the drain. I think it all began when i was at a free video streaming website and from there on in it's gotten more and more worse, as they may just be flooding in the gates now and i can't do anything to prevent it...

I've been infected before by these malware programs, WinAntiVirus Pro and MS Removal Tool

Also getting random popups and redirects to random stuff on internet explorer and firefox, when i mean random i do mean random as the sites are totally different heck it even pop'd up a window and redirected me back to google again which i laughed hard at.

I've reseted bios back to default, I may have a currupt registry cause i've not touched it at all. When i attempt to run combofix it freezes then bluescreens me, also when i google windows update error i got it would not load at all infact i googled everything else and that worked but when i googled the error it just diden't work.

BlueScreen Errors which has appeared.
bluescreen: IRQL LESS OR NOT EQUAL
bluescreen: Internal_Power_Error

i'm currently using...
Avira anti-virus (scaned with no results)
AVG Anti-Rootkit Free (quick scan found nothing, deep scan still doing now..)
Hitman Pro 3.5 (found some ad cookies along with a old keygen i had a while back which was zipped up)
Malwarebytes' Anti-Malware (nothing found)
Search and destroy (... Read more

A:Rootkit, Redirect, Malware, Blue-Screen Errors

Well i could not save the hard drive in time as the virus took full advantage of the exploit and ran serveral rootkits and opened up folders called "System Volume Information" and they hidden those folders and that was monitoring my keystrokes but the log file was totally werid as it was like it was encoded. They also had serveral trojans and worms in the system and it taken over my svchost.exe process as well as alot of main startup and shutdown processes and the registry was beyond repair.

If your infected by this virus which also is the following...

Win Anti-Virus Pro 2011
MS Removal Tool
WinAntiVirus Pro

It turned my PC into a "botnet" as a mailer machine as i seen the inbound and outbound traffic come from just this one process.

A word of warning this so called virus hopped onto my flash drive too which i was using to cure my pc, it spread like wildfire...

Here's how i fixed it.
Backed up all my data that wasen't infected onto DVD-R+ Disks such as pictures, movies and music as well as documents (OPEN & READ BEFORE MOVING THEM!), make sure all files are working correctly and not been exploited before you burn them onto a disk.
Downloaded [email protected] free software and burned it to a disk
resetted my pc hit F8/F2 whatever your boot key is and press any key, then select the erase option and whip it clean.
Once it was done i used my Windows 7 disk to reinstall windows. (Rename your username to something else with numbers)
Hardened ... Read more

Read other 2 answers
RELEVANCY SCORE 73.2

Hello,

As requested, I have opened a new topic in this section; as from the 'Am I infected? What to do?' section.

In short, I had been browsing the internet with Mozilla Firefox 3.6.3 (with NoScript, AdBlockPlus and WOT Addons), and when I chose to click on a bookmarked website (www.tweakguides.com), I was strangely redirected to an IP Address instead of the website I intended. However, Firefox had stopped the connection to the website as it was apparently attempting to redirect in a manner that would never complete, or so. From there, I had immediately ran a number of scans (MBAM and Avast, both updated), which came to find nothing infected. I had then ran both Quick and Full Scans with MBAM in Safe Mode (however I did not realise this would reduce the effectiveness of MBAM), also finding nothing infected.

I had noticed an idle memory usage of 30%, rather than the usual 24-27% (There is 4GB of RAM installed on the system), and slightly sluggish general performance.

An instance of WmiPrvSe.exe, or similar had started up under a svchost.exe (as Process Explorer reported), so I checked the location of this process; finding it to be in the typical Windows/system32/wbem directory.

From my previous topic, I had ran ATF and SAS as instructed; ATF removing some 30,000MB of files, and SAS finding no threats after a Complete Scan. These were both conducted in Safe Mode.

For further details:
[list]
[*] The system runs Windows 7 Ultimate x64
[*] It is connected to a HomeG... Read more

A:strange browser redirect/potential malware/rootkit

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 18 answers
RELEVANCY SCORE 72.8

Hello Thank you in advance for your help!Here is my situation...Other than the known Google redirect problem (google results aren't what they seem to be) that I've been experiencing in the past few days, I also seem to have a problem with loading google products/services such as Gmail, google maps, google reader, iGoogle, and google translate in Firefox. I don't know if the Google redirect virus is somehow related to this problem. These Google services I've mentioned simply won't load for me. In Gmail, the login screen appears fine but when I enter my username and password, it takes me to the "Loading [email protected].." and just tries to load it for a very long time until finally it says that I have a network problem. Also, I noticed that when I click the "Sign In" button on the Gmail login screen, the status bar on the bottom says: "Transferring data from secariadna.com..." which looks very suspicious to me (I can provide a screenshot of this if requested). The other services (maps, reader, translate) just won't load. For example, when I open a new tab and click on my google maps bookmark (for example) the window remains white and it keeps displaying: "Transferring data from maps.google.com" in the status bar. Sometimes after a long time of loading, the map would eventually manage to load. I also have to note that picasaweb loads without a problem in FF, although it also displays "Transferring dat... Read more

A:Google redirect virus + possible additional malware that prevents from Google services to load

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEmsconfigsafebootminimalactivexdrivers32netsvcs%SYSTEMDRIVE%\*.exe/md5st... Read more

Read other 19 answers
RELEVANCY SCORE 72.8

My poor PC is on the brink, whenever I select a link in google it redirects me to another website called 'bit-find' and sometimes ebay, I have seen other people with similar problems to this on this forum so I'm pretty certain that it is malware. I had a crude attempt at trying to fix this using instructions in someone elses thread but didn't have much luck so I have created a new topic. Hopefully I have created this topic in the correct place this time, here are my logs, if some friendly person could help me i would be much obliged.

I have attached my 'DDS' and 'attach' file

Cheers chaps/chapets

A:Malware- Google links redirect me to 'bit-find', google maps don't work

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 72.4

Hi,
 
I would really appreciate any help or advice on the next steps for removal of this malware. Thanks in advance!
 
I'm experiencing pop-up redirects and I noticed there are many processes and services that are fake. I've tried a variety of solutions and tools (Malwarebytes, CCleaner etc.) but unfortunately I'm having no luck in solving the problem. 
 
I attached a screenshot(processes.png) as an example to show some of these fake processes and I also attached the Addition.txt log.
 

 processes.png   81.31KB
  0 downloads

 Addition.txt   34.46KB
  1 downloads
 
EDIT: Added screenshot example of pop-up
 

 chrome_update_popup.png   36.13KB
  0 downloads
 
Here is my FRST log:
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-03-2015 01
Ran by william (administrator) on IDEA-PC on 04-03-2015 18:42:04
Running from C:\Users\william\Downloads
Loaded Profiles: william (Available profiles: UpdatusUser & william)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. ... Read more

A:Redirect pop-ups in chrome, fake processes (see screenshot), malware/rootkit?

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
BHO: No Name -> {4671dc37-1bf7-4c26-8d4d-b3d843442ad6} -> No File
BHO: No Name -> {bed3f755-e8b1-4104-913e-3692901aaa2c} -> No File
C:\WINDOWS\MEMORY.DMP

End
Save the files as fixlist.txt into the same folder as FRSTRun FRST and click Fix only once and wait.Restart the computer normally to reset the registry.The tool will create a log Fixlog.txt please post it to your reply.===Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool... Read more

Read other 6 answers
RELEVANCY SCORE 71.2

i'm having increasing problems with my computer and am now sure i have some form of malware or viruses. i've had a constant popup where MSWord tries to install itself repeatedly, and i have to manually cancel multiple times when i start the computer. i was worried this was a virus, but when i searched about it i found this was related to windows installer. if i disable windows installer, it goes away.

however, for the past week i've started getting repeated popups saying that google update has encountered a problem and needs to close. i read on some forums that this was related to a google chrome installation. i don't remember if i've even installed google chrome-- but i can't find it on my computer to uninstall it. in the past few days i've started to be redirected to various ad sites when i search for things on google in firefox. i have avira antivirus, windows defender, have used windows malicious software removal tool, lavasoft adaware, and windows defender. all were coming up with no malicious software when scanned, but the problem persists. windows malicious software removal tool just finished a full scan and removed one infection, for an ad program it said would cause random popups, which i haven't had a problem with. i have tried repeatedly to install MBAM and hijack this, along with other tools. even after renaming, i had a lot of problems. MBAM would not open at first, then would partially install, then finally said it completed its installation, started to update... Read more

A:google update problem, google search redirect, can't install malware removal tools, stopzilla(?) reported infected by UACd,...

i might've misunderstood the DDS instructions on the tutorial on how to post about these things. i looked at a couple of other posts where people have posted their hijackthis logs. here's mine:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:57:42 PM, on 4/1/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16791)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\ctfmon.exeC:\Program Files\SiteAdvisor\6261\SiteAdv.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exeC:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\program files\common files\mcafee\mna\mcnasvc.... Read more

Read other 5 answers
RELEVANCY SCORE 71.2

I am running windows XP pro seervice pack three. I have a Google Redirect Virus that nothing will detect ( malwarebytes, Symantec, MS Defender, Spybot) My computer also keeps locking up (freezing) and I keep getting a Just-in-Time Debugging pop-up that pops up every 2 minutes or so, it asks me if I want to debug using the selected debugger ( which is a "New instance of Microsoft Script Editor") I could not run the DDS.scr file ( when I do it opens notepad with a bunch of jibberish on it ) but I have attached the GMER file any help will be greatly appreciated Thanks Neeland

A:Google redirect and other malware

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

Read other 10 answers
RELEVANCY SCORE 71.2

Anytime I click a search result from google, I'm redirected to a variety of spam sites (ie. wantangel.com).

Malware Bytes, SBS&D, and AVG all find nothing, except a few times I've plugged my phone in (T-mobile HD2) it says that autorun.inf (I could be wrong on the exact file name) has been detected as a virus and moved to the vault.

I've attached my hijack this log.
Thank you very much in advance!
 

A:Google Redirect Malware

Read other 10 answers
RELEVANCY SCORE 71.2

In internet explorer, when I click a link from a google search, I'm getting redirected to all kinds of other weird sites such as gimmeanswers.org. (From what I've read, this is a very common issue lately, but I can't figure out how to get rid of it.)
I am suspicious that my computer may be ridden with malware, and would love some help making sure it's cleaned up. I need my google!!!
Also, one question, it's still safe to use my computer as normal while I'm working out this problem, right? I feel like my online security may be comprimised? and I shouldn't put in passwords or other sensitive information, should I be worried about this?

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_30
Run by Administrator at 18:04:21 on 2012-03-28
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.616 [GMT -7:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\... Read more

A:Google redirect malware

Hello and Welcome to Bleeping Computer!!Note:: do not use this computer for anything sensitive untill it is cleaned, you should get to a clean computer and change any online passwords that you have usedMy name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us1.Do not run any other tool untill instructed to do so!doing so will only at best cause you unneeded worry as it finds our backups and may even list our toolsand at worst can cause conficts with our tools and lead to unforseen things to happen2.Please Do not Attach logs or put in code boxes.besides the time it takes me to open the reports it makes it harder to find something if I need to go back to do more research and putting them in code boxes just makes them so hard to read3. After each step give me a little feedback It does not need to be long but just something so I know how things are going it can be something likeI am still getting redirected The computer is running as it shouldDon't put things like - it is the same as before or still the same this just makes me go back and look for you last feedback as to how things are4. read every post completely before doing anythingPay special attention to the Notes** I have put inThese are things I have found that happen allot and can be taken care of easily just by reading the Notes**Click on the Watch Topic Bu... Read more

Read other 12 answers
RELEVANCY SCORE 71.2

Just yesterday I was infested by this malware/virus. When using Firefox searching on Google it keeps on redirecting me via get-information.com or quick-search-results.com. Actually it started off with quick-search-results.com and just within these few minutes its using a different site to redirect me. I also used TDSSKiller and quarantined a suspicious file. During some searches the searcher is slower than normal, way slower than normal and before redirecting me to a different site the site itself loads very slowly. I don't know if this is because of the malware or just my hardware itself but when I'm playing games that I'm not supposed to lag in I sometimes have a FPS drop or a ping spike. Also when downloading some files using Firefox it does not work, after downloading it will not open and it is usually 0KB.
Help would be greatly appreciated.

Here is the log, I'm using the 64 bit Windows 7

.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_26
Run by Conan at 12:18:31 on 2011-07-05
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.6135.4448 [GMT -4:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows&#... Read more

A:Google Redirect Malware

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 3 answers
RELEVANCY SCORE 71.2

Hello,
I found bleeping computer as my problem seems very similar to Brian105 who opened a thread yesterday. Google links are redirected to random other pages such as ebay. I have tried my AVG free scan which identifies a problem but cannot fix. Any help would be most appreciated!
Kind Regards ~ Dutch

A:Google redirect malware

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top o... Read more

Read other 13 answers
RELEVANCY SCORE 71.2

The famous Google Redirect problem, no intro needed. On top of the redirect, I will sometimes have iexplorer.exe running in my task manager but without any windows open, and sometimes you will hear ads playing from nowhere, as well as mouse clicks when your not even near the mouse. Firefox only opens about 20% of the time, usually it will open, show up in the taskbar and dissapear, and repeats this process everytime.

I was successful in running DDS, and have provided those 2 logs, however failed to run GMER.exe. I would double click the exe, hour glass would come on for about 5 seconds and then nothing. I check the task manager and it says GMER.exe was running, but no window would show up, no message or anything. Anyway, thanks for all of your help, you guys are excellent at what you do.


DDS (Ver_09-05-14.01) - NTFSx86
Run by Administrator at 13:45:04.82 on Fri 05/22/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.81 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\Iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.e... Read more

A:Malware: Google Redirect

Let's try this special version of gmer.


Download GMER Rootkit Scanner from here to your desktop. Double click the exe file.
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan.



Click the image to enlarge it


In the right panel, you will see several boxes that have been checked. Uncheck the following ... Sections
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)

Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop, and post it in reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Read other 7 answers
RELEVANCY SCORE 71.2

Hello

I have a malware problem. It's the google redirect one that I see many people have. I tried using Malwarebytes as an advice from a friend, but the program won't run even in safe mode. Hijackthis also does not install for some reason. Getting some error when I try it. I can elaborate more on it if required.

Here is my DDS log.

DDS (Ver_09-03-16.01) - NTFSx86 MINIMAL
Run by Administrator at 20:17:40.85 on Tue 04/14/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1786 [GMT -7:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\taskmgr.exe
G:\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\acrobat\activex\AcroIEHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live... Read more

A:Google redirect malware

Hello -

Is there some reason DDS was run in Safe Mode? Will normal mode load for you? If so, I'd like new logs from Normal Mode, as Safe Mode logs won't always show everything we need to see.

Read other 2 answers
RELEVANCY SCORE 71.2

Hi all,I seem to have picked up the Google redirect virus through my ignorance of the .Net Assistant's addition into my Firefox extensions and unfortunately was unable to find much in terms of commonly effected files and registry keys to manually clean it. I've now run a gauntlet of programs. Ad-Aware, Malwarebytes, SpyBot S&D, and SAV10 were unable to find the issue, as I've read is common, so I moved onto using Hitman Pro 3.5 which seems to have cleared up the issue. I just wanted some reassurance today, though, so I ran the ComboFix utility provided at this site. It looks like the results were fairly clean, but I'd just like any other opinions on the results from the logfile. Please let me know if you see any red-flags or have any other suggestions on further steps I should take (beyond reformatting) to further ensure that this threat was eliminated. Thanks in advance ComboFix 10-02-21.02 - Jere 02/21/2010 17:30:22.1.1 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.615 [GMT -6:00]Running from: c:\documents and settings\Jere\Desktop\ComboFix.exeAV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\documents and settings\Jere\Application Data\Microsoft\Internet Explorer\Quick Launch\xp-AntiSpy.lnkC:&#... Read more

A:Google Redirect Malware

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 14 answers
RELEVANCY SCORE 71.2

When I use Google it redirects me to other sitesDDS (Ver_10-03-17.01) - FAT32x86 Run by Michael & Maureen at 15:34:19.05 on Sat 06/26/2010Internet Explorer: 6.0.2900.5512Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.162 [GMT -4:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchSVCHOST.EXEC:\WINDOWS\System32\svchost.exe -k netsvcsSVCHOST.EXESVCHOST.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exeC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeSVCHOST.EXEC:\WINDOWS\system32\svchost.exe -k imgsvcC:\WINDOWS\system32\devldr32.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\plugin-container.exeC:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exeC:\Documents and Settings\Michael & Maureen\My Documents\Downloads\dds.scr============== Pseudo HJT Report ===============uStart Page = hxxp://www.google.com/BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dllTB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No FileEB: {32683183-48a0-441b-a342-7c2a440a9478} - No FileuRun: [Uniblue RegistryBooster 2009] c:\program file... Read more

A:Google Redirect malware

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 15 answers
RELEVANCY SCORE 71.2

OS: Windows XP professional

Redirect virus screwing with me for several days.

During a surfing sessions, before I noticed the re-direct, all of my files on my PC were changed to "hidden".
I started getting "windows" messages (looked official, but who knows?) that certain programs "could not write data", or "delayed write failed" "Possible HW or network failure"

Curious note: internet connection is fine via wireless router, but when I issue ipconfig cmd, it tells me "internal error, a device attached to the system is not functioning"

Malwarebytes (updated everyday) finds nothing.

SuperAntispyware finds several things, but upon fix and reboot, redirect virus still exists.

TDSSkiller: can not get it to run on my PC. Even after renaming it. Both direct download of .exe file using infected PC and downloaded from non-infected PC and copied via usb memory stick.

Sohpos anti-roolkit finds nothing

File properties (hidden file) issue has not come back, nor am I getting the windows data write error messages.
Redirect still happens.
Disabled CD emulators

DDS txt and log attached along with GMER.

Thanks for the help
Sean

DDS.txt

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by sspin at 15:28:36.39 on Thu 03/24/2011
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1535.696 [GMT -4:00]
.
AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-... Read more

A:Google redirect, other Malware?

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 10 answers
RELEVANCY SCORE 71.2

Hey there, I've noticed recently when I click links on Google they will take me to other websites of advertising and other rubbish that I didn't actually click on. I also had a pop-up the other day (I'm on Vista) asking me to Allow a programme to be installed and it wouldn't stop asking me to install it and I had to push cancel for a good 10 mins before it went away, my antivirus said it was a trojan, I've just turned my PC on and it says I have malware (according to AVG...).Please could you direct me with any help, I should be okay following instructions I've done these a few times before I'm not sure what I'm infected with but I feel something is there, any help would be a great help!ThanksFRISC0EDIT: Here is my DDS Log:.DDS (Ver_11-03-05.01) - NTFSx86 Run by Jamie at 15:50:34.28 on 01/04/2011Internet Explorer: 8.0.6001.19019 BrowserJavaVersion: 1.6.0_22Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2047.579 [GMT 1:00].AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\PROGRA~1 ... Read more

A:Google Redirect & Malware

Hello,Apologize for the delay as the forum is extremely busy and short of volunteers.Multiple AntiVirus RunningI see you have more than one Anti-Virus program installed, ( AVG 10 ) and ( Avast! ).While this may seem like greater protection, it can cause problems including slowdowns, system hangs or even crashes. This can happen if both AntiVirus applications attempt to access the same file at the same time. This may cause the applications to interfere with each other, or cause the system to lock up. It can also be a drain on system resources, making a machine run slower than it should.You are strongly advised to uninstall AVG because it has flagged one of the Combofix's component as dangerous. If you still have difficulty running CF, please refer at the beginning of CF speech for alternative solution.Any antivirus program must be removed via add/remove program.For any program that doesn't have an add/remove entry, you will have to do this: Re-install the program -> Reboot -> UninstallAVG has a removal tool which should also be run if you choose to uninstall ithttp://www.avg.com/download-toolsChoose the 32bit removerRun it according to the instructions.===================================================Please read through these instructions to familarize yourself with what to expect when this tool runsDownload ComboFix from one of these locations:Link 1Link 2* IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware... Read more

Read other 15 answers
RELEVANCY SCORE 71.2

Hi all,I have a problem. What I've noticed so far is that when I'm browsing on Firefox and I've searched the google for something, if I click on one of the results, I get sent to an irrelevant site. It happens probably about 4 out of 5 times, and I can always use the back button back to the results. When I click on the desired link the second time, I go to the right place (it's polite malware?) There are three or four sites to which I am directed, regardless of the google search.I'm using XP. I've got the latest version of Firefox (3.5.8).I've got AdAware and Spybot S&D that I use occasionally. At first, when I tried to use AdAware, I couldn't reach their servers to update. After reading a lot in these forums, I used HijackThis and eventually Comodo System Cleaner. I got rid of some pretty obvious HKEY redirects in the registry (found by Comodo) and now I can update AdAware and scan stuff. AdAware will go through about 200,000 files on a full scan, then the whole system locks up. I found one file that AdAware called a worm, and when I stopped the scan myself (instead of letting it lock up) I was able to get rid of the worm.Despite all these efforts, the redirect from the google search results persist.Attached is the Hijack this log I just made.Thanks,BillEdit: Moved topic from XP to the more appropriate forum. ~ AnimalOops. GMER and DDS files.Thanks for the move, animal.Merged posts. ~ OB

A:Google Redirect Malware?

Hi all.Thanks to your excellent help with others with similar problems, I was able to sort out my bugs.I ran the TDSS killer and it found malware in my atapi file - I don't remember if it said exe or driver.All problems seem gone now. If y'all think I might have missed something please let me know.Thanks,Bill

Read other 3 answers
RELEVANCY SCORE 71.2

I recently caught the search engine redirect virus and I'm concerned that there may be other rootkits/malware from a suspicious flash drive I used. I have already run malwarebytes and combofix (prior to finding this site) as well as spybot s&d. Malwarebytes frequently pops up blocked ips while using firefox. System is windows 7, 64 bit. any help is greatly appreciated

Below is the requested log

.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_26
Run by Ian at 10:05:08 on 2011-06-24
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.6141.3918 [GMT -7:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k Local... Read more

A:Google Redirect Malware

Hello, Welcome to TSF.
I'm nasdaq and will be helping you.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

Please do not install or uninstall any programs, or run any other scanners or software, unless I specifically ask you to do so. Also please copy and paste logs into the thread, rather than add them as attachments.
===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.Click on the Start Scan button and wait for the scan and disinfection process to be over.
If an infected file is detected, the default action will be Cure, click on Continue

If a suspicious file is detected, the default action will be Skip, click on Continue

If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System d... Read more

Read other 2 answers
RELEVANCY SCORE 71.2

If I click on a link from the results of a Google search I'm taken to some other website.
I'm not sure how to include a link to the original thread but this URL should take you to it-

url="http://www.bleepingcomputer.com/forums/index.php?showtopic=260807&st=0&gopid=1441432&#entry1441432"

DDS log here, Attach.txt and ARK.txt attached

Thanks

DDS (Ver_09-09-29.01) - NTFSx86
Run by Dad at 15:28:50.20 on Thu 10/08/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.152 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: Norton AntiVirus *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Bonjour... Read more

A:Google redirect - malware?

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers