Over 1 million tech questions and answers.

Rootkit, Malware, Tapi.nfo, Google Redirect, Can't open anit-malware

Q: Rootkit, Malware, Tapi.nfo, Google Redirect, Can't open anit-malware

I recently got a new client who needed help with his computer. It was silly of me to think it would be simple. I was up all night working on it.

His initial problem was that windows would hang on "Loading personal preferences" and would only boot in safe mode. It wasn't the page file, or any of the usual things... though I did start to notice that normal Windows functions didn't work properly, from MsPaint to IExplorer. I tried to run Autoruns.exe and Hijackthis and they shutdown as soon as they were opened. IExplorer wouldn't load pages and firefox would pop up and load the pages instead.

I thought I should just repair windows, which I tried to do and accidentally installed a second copy of windows on the same partition... I then deleted the second windows installation (windows.0), but after that windows would boot fine without safe mode. That was only the beginning though. I found the google redirect on there, a bunch of old adware and a mess of a disorganized computer.

The system also booted and gave a tapi.nfo error, I searched for this and got nowhere. So I went to regedit and deleted the line causing it. It doesn't pop up anymore, but that didn't solve anything.

I looked further into the situation and found that many others are having trouble with rootkit malware that shuts down anti-malware software.

I tried loading malwarebytes, etc, and even renaming the files and the extensions. It still all shuts down immediately when its loaded.

Since IE wasn't working I downloaded a new copy of IE8 and transferred it from my computer to the clients computer and installed it. IE8 worked fine but it of course didn't solve anything. I continued using my personal computer to transfer programs and utilities like malwarebytes to the client computer.

Today my personal computer started acting up... I'm guessing that the malware traveled on my flash drive?

I can't give you any log files, because I can load a program to generate one. Any thoughts?

Oh, and wiping it clean isn't really an option to the client... he's go no backups and he has alot of sensitive work related data. Nor does he have a copy of windows or software that came with his computer... I'm not sure what to tell him.

RELEVANCY SCORE 200
Preferred Solution: Rootkit, Malware, Tapi.nfo, Google Redirect, Can't open anit-malware

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Rootkit, Malware, Tapi.nfo, Google Redirect, Can't open anit-malware

have you tried root repeal? it sounds to me like you've read that post.




Rerun Rootrepeal. After the scan completes, go to the files tab and find this file:

C:\WINDOWS\system32\drivers\UACxpqhxbvttn.sys

Then use your mouse to highlight it in the Rootrepeal window.
Next right mouse click on it and select *wipe file* option only.
Then immediately reboot the computer.

Then run a quick-scan with Malwarebytes. Keep rebooting and running quick-scans with Malwarebytes until it shows zero infections. If after 3 scans it is still not clean post the final log.

this isn't my post so I can't take credit for it but apparently it works
good luck either way. the entire post is called AntiSpy Protector 2009 you should check it out before trying this, good luck

Read other 38 answers
RELEVANCY SCORE 103.6

I have a default Yoog Search in my Search Engines, i try to remove it and set it as google but it would again default to Yoog. Next thing is I just cannot run 'sybot search & destroy' and doesnt let me open any anti-malware related sites. I cant download any anti malware apps. I am just stuck. I saw a post " Win 2K hijack issue - unable to run malware apps!". I have exactly the same case on my system.

 

Read other answers
RELEVANCY SCORE 92.4

I have spent nearly a week now using every anti virus, malware, and rootkit program I can find, and even after correcting everything found, I am still infected. I have easily spent 40 hours on this so far. I need expert help for sure. I am on a Dell Latitude 610 and windows xp profesiional sp2 with all updates current.

The problems are:
1. Very slow computer, hard drive is constantly reading and writing. What its doing, I dont know. Watching the processes in task manager have not clarified that much. The computer runs incredibly slow!

2. My Ad Aware active protection keeps blocking my computers attempts to connect to a couple malicious websites. I looked up the few urls and they are malicious and not normal web sites. The program shown as trying to connect was originally a hidden program I found and deleted with sophos anti-rootkit. Now the programs showing as trying to connect are usually svchost or iexplore.

3. I get pop ups for zinga, shopping websites and search engines I did not ask for. I think is called the google redirect issue, when I am using Internet explorer 8.

4. The hosts file was checked and only has localhost in it and the listings added by spybot search and destroy. That file keeps adding www.007guard.com and the large spybot list, even though I deleted Spybot via uninstall.

5. I delete all hidden files found by sophos antirootkit many times, only to restart and find four new hidden temporary internet files made again. An Sophos error message in the ... Read more

A:Google redirect and rootkit malware

Hello,Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Orange Blossom

Read other 2 answers
RELEVANCY SCORE 91.6

we're having a techincal issue with google that everytime we click on the search results we get redirected to false websites,sometimes anonymous websites pop up randomly on our screen and we don't know where it is coming from nor what to do to it or disable from coming back again.and we also having issues with our firwall configurations and it seems like it's blocking programs and it won't even let me acces to the firwall menu on the windows security center and everytime i click on it and it tells me : Windows firewall settings cannot be displayed because the associated service is not running.do you want to start the windows firewall/internet connection sharing (ICS) and then when we click YES,it says that windows cannot start the firewall/internet connection sharing(ICS).so we don't know what to do...please HELP!!!
thank you very much.

A:Google redirect malware / rootkit.virus perhaps ?

Hello and welcome... Can we do this.>>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.RKill....Download and Run RKillPlease download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4

Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
If nothing happens or if the tool does not run, please let me know in your next replyDo not reboot your computer after running rkill as the malware programs will start again.^^If you get an alert that Rkill is "infected", ignore it. The alert is just a fake warning given by the rogue software which tries to terminate programs that try to remove it. If you see such a warning, leave the warning on the screen and then run Rkill again. By not closing the warning, this sometimes allows you to bypass the malware's attempt to protect itself so that Rkill can perform its routine. Next run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware (v1.46) and save it... Read more

Read other 1 answers
RELEVANCY SCORE 91.6

Hi,I posted in another section and followed all advice given. I still have a virus that is redirecting me, on occasion, in google, it stops certain e.e files loading and causes me to blue screen some times. For example, i read the preparation guide for this and i'll pose the ddr.txt and attach.txt but i can't run the Gmer.exe as ever time i try i get a blue screen and a restart, so i hope what follows is sufficient to help solve my problem. Many thanks.DDS (Ver_2011-06-03.01) - NTFSx86 Internet Explorer: 8.0.6001.18904Run by AP at 23:21:32 on 2011-06-06Microsoft? Windows Vista? Home Premium 6.0.6000.0.1252.44.1033.18.3070.1788 [GMT 1:00]..============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exeC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\SLsvc.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Program Files\... Read more

A:Google redirect, bluescreen, possible rootkit malware

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 9 answers
RELEVANCY SCORE 90.4

My son's Toshiba Satellite laptop, which runs Windows 7, was recently infected with malware that redirected Internet Explorer to an 'iGoogle' site.  I'm afraid I failed to note its exact url, though it featured the letters 'TEUA', along the following lines...   www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA...
 
Having looked online, I suspected this was some form of Google redirect/rootkit malware.  I therefore followed the instructions on this Youtube video c/o atechjourney.com: http://www.youtube.com/watch?v=H-YPtErh1t4
 
This succeeded in removing the default IE homepage the malware had presumably created.  However, on creating a bootlog as instructed, I was unable to identify any suspicious software.  
 
While IE had stopped redirecting on launch, other problems continued - I remain unable to launch Chrome, McAfee or Malwarebytes, and IE crashes continually, which suggests to me I've treated the symptom, not the cause.
 
I've since tried RKill & TDSSKIller, neither of which could identify a threat.
 
If anyone can help me I'd be v. grateful.  Log below/attached.  
 
I should point out that I'm pretty much an ignoramus when it comes to computers.
 
Thanks for your help.  
 
Daf
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16457
Run by morys at 13:28:47 on 2013-11-02
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.3986... Read more

A:Unidentified malware - poss. Google redirect/rootkit

Please run the following:Please download Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Read other 24 answers
RELEVANCY SCORE 89.6

Hi all,

I recently became the victim of google redirect malware. I'm not sure where I got it from specifically, but while browsing last Wednesday, a rogue spyware removal popup appeared saying my computer had been infected and to go buy the spyware removal program to remove it. I immediately closed the window, but it had already installed itself. All google links in firefox started redirecting to various other sites. About 1 in 4 links in IE redirected to other sites. Unfortunately I did not have any antivirus software running at the time.

There was a "anti-spyware" program installed on my machine, I apologize but I cannot now remember which one it was now - I *think* it may have been AV Antispyware, but don't take that as hard fact - I should have written it down but didn't think to at the time. I followed removal instructions I found on several spyware removal websites including malwarebytes. However, the google redirects did not stop.

I ran malwarebytes, superantispyware, and bitdefender. Superantispyware found a couple of files that I removed, but all in all they didn't find anything that fixed the google redirects. Hijackthis and RootKitRevealer didn't show up anything my malware-novice eye could pick up. I could not boot into safe mode - I got a blue screen with an access violation each time I tried, but I could boot into normal Windows. The machine also froze once or twice during normal Windows.

The machine needed a reinstall anyway, so I decided ... Read more

A:Google redirect malware, suspect rootkit still on machine after reburn

Bumping thread.

I'm not sure if I didn't provide the right answer or ask the right question? If someone could let me know what additional information I can provide that would be useful as a lot of other threads seem to be getting replies.

There is definitely something wrong with my machine after the reinstall. The most significant is that Outlook spins the hard drive to the point it sometimes freezes the machine (mouse and keyboard lock up) almost every time I click on a new email. I also have had the machine completely freeze up multiple times now where I have to power cycle it. This is on a fresh factory install from the Lenovo boot partition on a less than one year old machine - until I got the malware last week everything was working fine on it.

I'm considering a completely fresh Windows install of Windows 7, but I'm nervous that I have a rootkit or something has been done to the machine that's caused it to be so problematic after I tried to reinstall Windows already. Does the information I posted provide any useful indication?

Read other 1 answers
RELEVANCY SCORE 89.2

I think I have a rootkit installed, because at first the usual SE2010 or security malware was popping up, but after I tried MBAM I got rid of that; doesn't seem to be reappearing. However, now my system is acting strange, some programs won't open and the start bar at the bottom of the screen has been reverting to the classic look without me changing it. I am running XP Media Center Edition, and have done the prequisite guide. I am also relatively new to this, so I probably won't know any of the more technical terms or anything like that. Any help would be appreciated, as I've tried everything I know and it does not seem to be working. Thanks in advance!

Read other answers
RELEVANCY SCORE 88.4

Hi there,My browser has been hijacked, especially when I click on any search results google gives out - I get redirected to a host of malware sites.I've scanned my cpu with numerous security scanners, Avira, SUPERa/s, Bitdefender, TrendMicro sysclean. All to no avail in removing the browser hijack, untill I did a MBAM scan, which found "Rootkit.Agent" located at "sys32\str.sys" - I've tried multiple times to delete the culprit (or what I think is the culprit) even with file assassin, but the str.sys just reloads at restart, whether it's quarantined or not! Another major issues is; the continual blue screen error followed with a forced reboot, I'm guessing this is the product of whatever malware I'm infected with. Here is the Hijackthis log::UPDATE since first post: Windows Malicious software tool notified me upon restart the following day that during a scan it detected and removed "Win:MSRT:Backdoor:WinNT/Rustock.gen!B" - although browser hijack still remains. Also Avira webguard contiually beeps of a block malware "TR/Crypt.ZPACK.Gen" but the pop up window doest show even though I have it set to do so in Avira's options. Whether these infections are all related, I don't know - but it seems like my machine is heavily infected! Please help! Pasted new HJT log below::----------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 17:04:19, on 15/07/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Inter... Read more

A:Google Search results redirect to malware sites - Rootkit Infection

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 88.4

Okay. I've had a bit of trouble for about a week. First I noticed that my google searches kept redirecting to different sites. And then I noticed my browser was running entirely too slow. I tried pulling up the Task Manager to see what was going on but I kept getting an error message upon a black screen saying that Task Manager failed to boot up or something. At this point I was very aware that I had something on my computer and phoned a friend who said to download Malwarebytes and use it.

I did just that. Took care of the Task Manager problem. I decided to run an AVG scan. Full scan waited for 3 hours and came back with nothing. I use Google Chrome as my browser and hopped back on but was still experiencing the same problem. So I searched around and find a Youtube video demonstrating Malwarebytes, Hitman Pro and ComboFix. I downloaded/ran Hitman Pro and was shown a "possible TDSS/Alureon/variant" message across the top of the scan and something about hidden drivers. I was still convinced that the problem was present but I had read the warnings about ComboFix and how it was to be used only by pros. I googled ComboFix and after some browsing came across a forum post of the Admin Gringo helping someone get rid of a problem that seemed very similar to mine. So this is me giving it a shot.

Since I found out I was infected I've been operating in Safe mode with Networking support fairly often so i dont get slowed down too much. Hope that is a good thing. My OS ... Read more

A:Google redirect malware/Trojan/Rootkit/problem slowing down computer!

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 16 answers
RELEVANCY SCORE 88.4

Okay. I've had a bit of trouble for about a week. First I noticed that my google searches kept redirecting to different sites. And then I noticed my browser was running entirely too slow. I tried pulling up the Task Manager to see what was going on but I kept getting an error message upon a black screen saying that Task Manager failed to boot up or something. At this point I was very aware that I had something on my computer and phoned a friend who said to download Malwarebytes and use it.

I did just that. Took care of the Task Manager problem. I decided to run an AVG scan. Full scan waited for 3 hours and came back with nothing. I use Google Chrome as my browser and hopped back on but was still experiencing the same problem. So I searched around and find a Youtube video demonstrating Malwarebytes, Hitman Pro and ComboFix. I downloaded/ran Hitman Pro and was shown a "possible TDSS/Alureon/variant" message across the top of the scan and something about hidden drivers. I was still convinced that the problem was present but I had read the warnings about ComboFix and how it was to be used only by pros. I googled ComboFix and after some browsing came across a forum post of the Admin Gringo helping someone get rid of a problem that seemed very similar to mine. So this is me giving it a shot.

Since I found out I was infected I've been operating in Safe mode with Networking support fairly often so i dont get slowed down too much. Hope that is a good thing. My OS ... Read more

A:Google redirect malware/Trojan/Rootkit/problem slowing down computer!

Welcome aboard With the information you have provided I believe you will need help from the malware removal team. I would like you to start a new thread and post a DDS log HERE and include a link to this thread. Please make sure that you read the information about getting started before you start your thread.It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient. Help is on the way!

Read other 4 answers
RELEVANCY SCORE 86.8

Hello,

I believe that I have some bugs in my computer that I need to get rid of. Google links are getting redirected, I can't open anti-spyware programs and I can't print any documents via the network. Please help.

When I run the DDS, it returns a single text file (~500kb) of garbled information.

GMER freezes up everytime before I can make the neccesary changes to the scan.

I've tried erasing, redownloading and re-running both programs twice with no luck.

Any help would be greatly appreciated.

Read other answers
RELEVANCY SCORE 86.8

I recently have been infected with some sort of virus/rootkit/trojan and need some help.

I've tried following the directions in "Preparation Guide for use before posting about your potential Malware problem" but DDS will only open briefly then immediately closes down.

SUPERAntiSpyware, Malwarebytes, HiJackThis all will not open, I get the error message "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item."

Also Google search will redirect me most of the time when trying to click on search results, in both IE8 and FireFox.

Also some random Tom Arnold (the actor) advertisement sound clip was playing last night on my computer at random times, with no way to turn it off. No media player or browser was open, it was just playing in the background and I could find no way to shut it off.

I have limited use of RootRepeal, most scans I do will just crash/exit the program before it is completed.

Any suggestions would be greatly appreciated!

A:Google Redirect, can't open many Anti-Malware apps...

Hello Jexx and to BleepingComputer.If you have what I think you have, then you should be able to produce a Drivers log with RootRepeal. Could you please post that for my review? ~BladeIn your next reply, please include the following:RootRepeal log

Read other 4 answers
RELEVANCY SCORE 84.8

Hello,

I am having a problem with being redirected in google and yahoo.

I also am unable to check for updates on Malware "Update failed. Make sure you are connected to the internet and your firewall is set to allow malwarebytes anti-malware to access the internt".
- My internet works.
- My firewall has Malwarebytes anti-malware on the exception list
I can run the quick scan and full scan and it shows no problems.
I CAN NOT update at all before I run them.

Some web pages will not connect at all.
- I cant get on any Microsoft page. I get the error page "Internet Explorer Cannot Display the Web Page"
- I can get on Malwarebytes web page. I get the error page "Internet Explorer Cannot Display the Web Page"
I am connected to the internet. It is as if this virus does NOT want me to get help!!!
- I also tried to download run the AVG Internet Security Free Version. It wont let me download it either. I get an error message.

HELP!!
Thanks so much,

A:Redirect Google & Yahoo, cant update windows or Malware. Cant open some web pages.

Hello, let's try to run either or both of theseIf you cannot use the Internet,you will need access to another computer that has a connection.From there save mbam-setup.exe to a flash,usb,jump drive or CD. Now transfer it to the infected machine, then install and run the program. If you cannot transfer to or install on the infected machine, try running the setup (installation) file directly from the flash drive or CD by double-clicking on mbam-setup.exe so it will install on the hard drive.***Manually Downloading Updates: Manually download them from HERE and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.DownloadFixExe.reg FixExe.reg Download RKill...., Some times several attempts are needed to kill the malwares before running MBAM.Please download Rkill by Grinler and save it to your desktop.Link 2Link 3Link 4Double-click on the Rkill desktop icon to run the tool.If using Vista, right-click on it and Run As Administrator.A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.If not, delete the file, then download and use the one provided in Link 2.If it does not work, repeat the process and attemp... Read more

Read other 13 answers
RELEVANCY SCORE 83.2

Hi,

I am the IT manager in my company.

I have a co-worker, his computer has search redirect issue. That means most likely it has malware.
Then i installed some major malware removal: Spybot Search & Destroy, SUPERAntiSpyware, Malwarebytes

After i installed them, i cannot launch them(That definitely means it has some kind of malwares)
I needed to rename their .exe files, after i can run them and scan my computer.

SUPERAntiSpyware, Malwarebytes found something, but didn't solve the problem, search redirect and
blocking malware removal software are still there. Now i am running Spybot Search & Destroy will see what happened.

By the way, i run them in safe mode because when i logon window to normal mode, it is slow (like it takes a long time to explore hard drive, etc). I suspect the malware slow down my pc. hopefully not registry corrupted or something, but works smoothly in safe mode.

So you guys have any suggestions? or you need a log file from combofix?

Please advise,
Tommy

A:malware: google yahoo redirect and can't launch malware removal software

Try this:http://www.bleepingcomputer.com/virus-remo...sing-tdsskiller

Read other 5 answers
RELEVANCY SCORE 76.4

can you run avg free and malwarebytes anti malware at the same time?
 

Read other answers
RELEVANCY SCORE 76

Hi there,Working on removing malware or virus from a family friend's computer. Computer was built by someone no longer around to fix the problems. When clicking on links of google search get redirected to any number of ad sites and alternative search engine sites. If i select "cached" view I can get to the website ok. Ran multiple scans with malwarebytes, avg 9.0, ad-aware, etc... AVG gave me a warning screen for "Exploit Neosploit Toolkit (type 1179)" but won't let me do anything but close the window. Desperate for help, never ran into a problem this extensive.DDS text log:DDS (Ver_10-03-17.01) - NTFSx86 Run by Admin at 13:13:57.06 on Sun 07/11/2010Internet Explorer: 7.0.5730.13Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.357 [GMT -4:00]AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}============== Running Processes ===============C:\WINDOWS.1\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS.1\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS.1\system32\spoolsv.exesvchost.exeC:\Program Files\D-Link\RangeBooster G WNA-2330\acs.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\AVG\AVG9\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS.1\system32&... Read more

A:IE redirect/ rootkit malware?

Hello and Welcome to the forums!My name is Gringo and I'll be glad to help you with your computer problems.Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger:Please download DeFogger to your desktop.Double click DeFogger to run the tool. The appli... Read more

Read other 3 answers
RELEVANCY SCORE 74.8

Couldn't connect to the internet with my browsers tonight and saw the proxy settings had changed (in all 3 browsers: Chrome, IE, and Firefox). Changed them back and now I'm here but I'm assuming there's something bad going on (after a few quick searches on this problem).

I might have caught them all with a Malwarebytes scan a bit ago but maybe right after it switched my proxies...

Posting up the logs here. Any and all help is useful.

Thanks,

Scott


DDS (Ver_10-10-21.02) - FAT32x86
Run by Scott at 1:45:36.20 on Fri 10/29/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.948 [GMT -7:00]

AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Bonjour\mD... Read more

A:Rootkit Malware? Redirect in all browsers to 127.0.0.1

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 13 answers
RELEVANCY SCORE 74.8

my computer gives me popup saying my computer is infected or in danger and wont let me browse certain websites to download avg or another antivirus
 

Read other answers
RELEVANCY SCORE 74.8

Back in the day Ad-aware and Spybot were the best anti malware/spyware programs out. However, some time has passed and I was wondering what the latest program is out there that everyone recommends. Please let me know.
 

Read other answers
RELEVANCY SCORE 74

Here is my DDS log as advised by boopme..DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702Run by Jason ..... at 23:44:59 on 2011-10-11Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.637 [GMT -4:00]..============== Running Processes ===============.C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exeC:\Program Files\Acer\Acer VCM\RS_Service.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\explorer.exeC:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exeC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\WINDOWS\RTHDCPL.EXEC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\PROGRA~1\LAUNCH~1\LManager.exeC:\WINDOWS\system32\igfxsrvc.exeC:\WINDOWS\PLFSetI.exeC:\Program Files\iTunes\iTunesHelper.exeC:\WINDOWS\WebCam\M3000\M3000Mnt.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Google ... Read more

A:Rootkit -search engine redirect malware

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the r... Read more

Read other 3 answers
RELEVANCY SCORE 74

I think I picked up a browser redirect virus or rootkit while visiting www.crossfitfootball.com TrendMicro and the Windows Vista firewall detected it and I tried to exit the browser (Firefox), but I kept getting a pop-up claiming that I was trying to open the task manager, which I was not doing. I couldn't escape out of it, but after selecting "cancel" enough the window went away. Now, any search engine I have tried (Google and Yahoo) on either Firefox or IE redirects me to spam sites.

I tried running a TrendMicro scan, but it locked up and never went anywhere. I tried running a MalwareBytes scan too. Although MalwareBytes came up at first, it closed out after about 10 seconds and now says "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the file."

I have followed the instructions for this site in the preparation guide, and my DDS logs are posted/attached below. I could not get gmer to work with either of the links provided. It seemed to download and instal just fine, but it closed itself out after 10 seconds or so (just like MalwareBytes) and now tells me I do not have permission to re-open.

I'm grateful for any help you can provide.
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_20
Run by Owner at 22:57:42 on 2011-08-10
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.3061.952 [GMT -5:00]
.
AV: Tre... Read more

A:Bowser Redirect Malware/Virus (Rootkit?)

Hello and welcome. Please follow these guidelines while we work on your PC:Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I?ve given you the ?All clear.? Absence of symptoms does not mean your machine is clean! Please do not run any scans or install/uninstall any applications without being directed to do so.Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed. Download aswMBR.exe ( 511KB ) to your desktop.Double click the aswMBR.exe to run itClick the "Scan" button to start scanOn completion of the scan click save log, save it to your desktop and post in your next reply.Please include the following in your next post:aswMBR log

Read other 69 answers
RELEVANCY SCORE 74

My Laptop has a strange either Malware or Rootkit onit. I have AVG and SUper ANtispyware which I run regulary. AVG keeps picking up threats and quarantining them and superanti spyware only picks up tracking cookies. The Problem is when searching in google when you click the link you are redirected to a totally different website. This is only revelant using ie8 not chrome or firefox. At the bottom of IE8 it links usually via www.pixelsatservice.com. I have rolled back from XP SP3 as I was going to uninstall ie8 as after running combofix which found some rootkit thats what it tried todo but I know that you cannnot remove ie8 after installing SP3. Below is the DDS logs however running GMER blue screened my Laptop twice. This behaviour has not happened at anytime priror to running GMeRANy help greatly appriciated. DDS Log DDS (Ver_10-03-17.01) - NTFSx86 Run by Jamie at 12:03:04.59 on 16/08/2010Internet Explorer: 6.0.2900.2180Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.2007.964 [GMT 1:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}============== Running Processes ===============C:\WINDOWS\System32\svchost.exe -k CognizanceC:\WINDOWS\system32\svchost -k DcomLaunchC:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exesvchost.exeC:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exeC:\WINDOWS\System3... Read more

A:Internet redirect malware or rootkit issue

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

Read other 3 answers
RELEVANCY SCORE 74

Requested Logs.... My Laptop is having numerous types of Malware from Search engine redirects (Scour) to aggressive popups of virus warnings and scans and just yesterday porn shortcuts added to my desktop...!10 steps followed... please inform of next step!Thank You!

A:Rootkit, Search Engine Redirect, Malware

Hello madzillaWelcome to BleepingComputer Please do not run Combofix unless instructed to do so.==========================Download OTL to your desktop.Double click on OTL to run it. When the window appears, underneath Output at the top change it to Minimal Output.Under the Standard Registry box change it to All.Under Custom scan's and fixes section paste in the below in boldnetsvcs%SYSTEMDRIVE%\*.*%systemroot%\system32\*.dll /lockedfiles%systemroot%\Tasks\*.job /lockedfiles%systemroot%\System32\config\*.sav %systemroot%\system32\drivers\*.sys /90%systemroot%\system32\Spool\prtprocs\w32x86\*.dllCheck the boxes beside LOP Check and Purity Check.Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.====================Please download Rootkit Unhooker and save it to your desktop.Double-click RKUnhookerLE.exe to run it.Click the Report tab, then click ScanCheck Drivers, Stealth Code, Files, and Code HooksUncheck the rest, then click OKWhen prompted to Select Disks for Scan, make sure C:\ is checked and click OKWait till the scanner has finished then go File > Save ReportSave the report s... Read more

Read other 8 answers
RELEVANCY SCORE 73.6

I am infected with a version of the Google Redirect malware problem:- When I click on one of the results from a search on any major search engine, I am redirected to other websites, usually commercial websites such as monstermarketplace.com. I can reach any website if I copy the address in the address bar; I only get redirected when I click directly on the link in the search results page.- Occasionally, a new tab pops up when I am in iGoogle, Gmail, or a Google search page. The new tab's address is www.google.com/webhp. In two occasions a new tab has opened with a commercial website. I always close the windows and have never searched on the google.com/webhp page.Some history:- I was originally infected with the AV Security Suite virus this weekend while downloading the platform for the online game "Battlefield Heroes" (www.battlefieldheroes.com). I tried going online while this virus was active and clicked on some of the pop-ups and alerts, sometimes saying "Yes" and sometimes "No" when it would ask if I wanted to allow access to the home page website. I believe this may have enabled the current redirect malware.- I removed the AV Security Suite virus (at least partly) by renaming and deleting the folder from which it was acting within my Local Settings folder. The current infection must therefore be a leftover of that initial infection.- I ran SpyBot and Ad-Aware, both of which found and removed cookies. I uninstalled both programs a... Read more

A:Infected with Google Redirect / Search Engine Redirect Malware

Hello I Would like you to do the following.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/combofix/how-to-use-combofixPlease ensure you read this guide carefully and install the Recovery Console first. The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.Once installed, you should see a blue screen prompt that says:The Recovery Console was successfully installed.Please continue as follows:Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Click Yes to allow ComboFix to continue scanning for malware.When the tool is finished, it will produce a report for you. Please include the report in your next post:C:\ComboFix.txt"information and logs"In your next post I need the followingLog from Combofixlet me know of any problems you may have hadHow is the computer doing now?Gringo

Read other 13 answers
RELEVANCY SCORE 73.6

Hello,First I have run ComboFix numerous times under the guidance of my university's IT dept, who helped me to run it. But the problem just keeps reoccurring.I have run combofix in safe mode because when I try to run it regularly it blue screens with error code Bad_pool_caller Stop 07000000c2.DDS (Ver_10-03-17.01) - NTFSx86 Run by Ventura at 20:38:41.98 on Sun 05/16/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1324 [GMT -4:00]AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Cisco Systems\VPN Client\cvpnd.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exeC:\Program Files\McAfee\VirusScan Enterprise\engineserver.exeC:\Program Files\M... Read more

A:Google Redirecting Malware/Rootkit

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.1.Please do not run any other tool untill instructed to do so!2.Please reply to this thread, do not start another!3.Please tell me about any problems that have occurred during the fix.4.Please tell me of any other symptoms you may be having as these can help also.5.Please try as much as possible not to run anything while executing a fix.If you follow these instructions, everything should go smoothly.Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.:run combofix:Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/combofix/how-to-use-combofixPlease ensure you read this guide carefully and install the Recovery Console first. The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.Once installed, you should see a blue screen prompt that says:The Recovery Console was successfully installed.Please continue as follows:Close/disable ... Read more

Read other 12 answers
RELEVANCY SCORE 73.2

Hey,
This is the first time i've asked out for help like this but my pc is starting to give up on me and i want to save it before it goes down the drain. I think it all began when i was at a free video streaming website and from there on in it's gotten more and more worse, as they may just be flooding in the gates now and i can't do anything to prevent it...

I've been infected before by these malware programs, WinAntiVirus Pro and MS Removal Tool

Also getting random popups and redirects to random stuff on internet explorer and firefox, when i mean random i do mean random as the sites are totally different heck it even pop'd up a window and redirected me back to google again which i laughed hard at.

I've reseted bios back to default, I may have a currupt registry cause i've not touched it at all. When i attempt to run combofix it freezes then bluescreens me, also when i google windows update error i got it would not load at all infact i googled everything else and that worked but when i googled the error it just diden't work.

BlueScreen Errors which has appeared.
bluescreen: IRQL LESS OR NOT EQUAL
bluescreen: Internal_Power_Error

i'm currently using...
Avira anti-virus (scaned with no results)
AVG Anti-Rootkit Free (quick scan found nothing, deep scan still doing now..)
Hitman Pro 3.5 (found some ad cookies along with a old keygen i had a while back which was zipped up)
Malwarebytes' Anti-Malware (nothing found)
Search and destroy (... Read more

A:Rootkit, Redirect, Malware, Blue-Screen Errors

Well i could not save the hard drive in time as the virus took full advantage of the exploit and ran serveral rootkits and opened up folders called "System Volume Information" and they hidden those folders and that was monitoring my keystrokes but the log file was totally werid as it was like it was encoded. They also had serveral trojans and worms in the system and it taken over my svchost.exe process as well as alot of main startup and shutdown processes and the registry was beyond repair.

If your infected by this virus which also is the following...

Win Anti-Virus Pro 2011
MS Removal Tool
WinAntiVirus Pro

It turned my PC into a "botnet" as a mailer machine as i seen the inbound and outbound traffic come from just this one process.

A word of warning this so called virus hopped onto my flash drive too which i was using to cure my pc, it spread like wildfire...

Here's how i fixed it.
Backed up all my data that wasen't infected onto DVD-R+ Disks such as pictures, movies and music as well as documents (OPEN & READ BEFORE MOVING THEM!), make sure all files are working correctly and not been exploited before you burn them onto a disk.
Downloaded [email protected] free software and burned it to a disk
resetted my pc hit F8/F2 whatever your boot key is and press any key, then select the erase option and whip it clean.
Once it was done i used my Windows 7 disk to reinstall windows. (Rename your username to something else with numbers)
Hardened ... Read more

Read other 2 answers
RELEVANCY SCORE 73.2

Hello,

As requested, I have opened a new topic in this section; as from the 'Am I infected? What to do?' section.

In short, I had been browsing the internet with Mozilla Firefox 3.6.3 (with NoScript, AdBlockPlus and WOT Addons), and when I chose to click on a bookmarked website (www.tweakguides.com), I was strangely redirected to an IP Address instead of the website I intended. However, Firefox had stopped the connection to the website as it was apparently attempting to redirect in a manner that would never complete, or so. From there, I had immediately ran a number of scans (MBAM and Avast, both updated), which came to find nothing infected. I had then ran both Quick and Full Scans with MBAM in Safe Mode (however I did not realise this would reduce the effectiveness of MBAM), also finding nothing infected.

I had noticed an idle memory usage of 30%, rather than the usual 24-27% (There is 4GB of RAM installed on the system), and slightly sluggish general performance.

An instance of WmiPrvSe.exe, or similar had started up under a svchost.exe (as Process Explorer reported), so I checked the location of this process; finding it to be in the typical Windows/system32/wbem directory.

From my previous topic, I had ran ATF and SAS as instructed; ATF removing some 30,000MB of files, and SAS finding no threats after a Complete Scan. These were both conducted in Safe Mode.

For further details:
[list]
[*] The system runs Windows 7 Ultimate x64
[*] It is connected to a HomeG... Read more

A:strange browser redirect/potential malware/rootkit

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 18 answers
RELEVANCY SCORE 72.8

Hello Thank you in advance for your help!Here is my situation...Other than the known Google redirect problem (google results aren't what they seem to be) that I've been experiencing in the past few days, I also seem to have a problem with loading google products/services such as Gmail, google maps, google reader, iGoogle, and google translate in Firefox. I don't know if the Google redirect virus is somehow related to this problem. These Google services I've mentioned simply won't load for me. In Gmail, the login screen appears fine but when I enter my username and password, it takes me to the "Loading [email protected]" and just tries to load it for a very long time until finally it says that I have a network problem. Also, I noticed that when I click the "Sign In" button on the Gmail login screen, the status bar on the bottom says: "Transferring data from secariadna.com..." which looks very suspicious to me (I can provide a screenshot of this if requested). The other services (maps, reader, translate) just won't load. For example, when I open a new tab and click on my google maps bookmark (for example) the window remains white and it keeps displaying: "Transferring data from maps.google.com" in the status bar. Sometimes after a long time of loading, the map would eventually manage to load. I also have to note that picasaweb loads without a problem in FF, although it also displays "Transferring dat... Read more

A:Google redirect virus + possible additional malware that prevents from Google services to load

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEmsconfigsafebootminimalactivexdrivers32netsvcs%SYSTEMDRIVE%\*.exe/md5st... Read more

Read other 19 answers
RELEVANCY SCORE 72.8

My poor PC is on the brink, whenever I select a link in google it redirects me to another website called 'bit-find' and sometimes ebay, I have seen other people with similar problems to this on this forum so I'm pretty certain that it is malware. I had a crude attempt at trying to fix this using instructions in someone elses thread but didn't have much luck so I have created a new topic. Hopefully I have created this topic in the correct place this time, here are my logs, if some friendly person could help me i would be much obliged.

I have attached my 'DDS' and 'attach' file

Cheers chaps/chapets

A:Malware- Google links redirect me to 'bit-find', google maps don't work

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 72.4

Hi,
 
I would really appreciate any help or advice on the next steps for removal of this malware. Thanks in advance!
 
I'm experiencing pop-up redirects and I noticed there are many processes and services that are fake. I've tried a variety of solutions and tools (Malwarebytes, CCleaner etc.) but unfortunately I'm having no luck in solving the problem. 
 
I attached a screenshot(processes.png) as an example to show some of these fake processes and I also attached the Addition.txt log.
 

 processes.png   81.31KB
  0 downloads

 Addition.txt   34.46KB
  1 downloads
 
EDIT: Added screenshot example of pop-up
 

 chrome_update_popup.png   36.13KB
  0 downloads
 
Here is my FRST log:
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-03-2015 01
Ran by william (administrator) on IDEA-PC on 04-03-2015 18:42:04
Running from C:\Users\william\Downloads
Loaded Profiles: william (Available profiles: UpdatusUser & william)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. ... Read more

A:Redirect pop-ups in chrome, fake processes (see screenshot), malware/rootkit?

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
BHO: No Name -> {4671dc37-1bf7-4c26-8d4d-b3d843442ad6} -> No File
BHO: No Name -> {bed3f755-e8b1-4104-913e-3692901aaa2c} -> No File
C:\WINDOWS\MEMORY.DMP

End
Save the files as fixlist.txt into the same folder as FRSTRun FRST and click Fix only once and wait.Restart the computer normally to reset the registry.The tool will create a log Fixlog.txt please post it to your reply.===Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool... Read more

Read other 6 answers
RELEVANCY SCORE 71.6

i'm having increasing problems with my computer and am now sure i have some form of malware or viruses. i've had a constant popup where MSWord tries to install itself repeatedly, and i have to manually cancel multiple times when i start the computer. i was worried this was a virus, but when i searched about it i found this was related to windows installer. if i disable windows installer, it goes away.

however, for the past week i've started getting repeated popups saying that google update has encountered a problem and needs to close. i read on some forums that this was related to a google chrome installation. i don't remember if i've even installed google chrome-- but i can't find it on my computer to uninstall it. in the past few days i've started to be redirected to various ad sites when i search for things on google in firefox. i have avira antivirus, windows defender, have used windows malicious software removal tool, lavasoft adaware, and windows defender. all were coming up with no malicious software when scanned, but the problem persists. windows malicious software removal tool just finished a full scan and removed one infection, for an ad program it said would cause random popups, which i haven't had a problem with. i have tried repeatedly to install MBAM and hijack this, along with other tools. even after renaming, i had a lot of problems. MBAM would not open at first, then would partially install, then finally said it completed its installation, started to update... Read more

A:google update problem, google search redirect, can't install malware removal tools, stopzilla(?) reported infected by UACd,...

i might've misunderstood the DDS instructions on the tutorial on how to post about these things. i looked at a couple of other posts where people have posted their hijackthis logs. here's mine:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:57:42 PM, on 4/1/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16791)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\ctfmon.exeC:\Program Files\SiteAdvisor\6261\SiteAdv.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exeC:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\program files\common files\mcafee\mna\mcnasvc.... Read more

Read other 5 answers
RELEVANCY SCORE 71.6

Hello,

I received excellent service from this site before so I am hoping I could get some computer help again. I don't know all the symptoms because this is not my computer, but I do know that it has some search engine redirect malware. I'll edit if any more problems come up.

A:Google Redirect Malware

Hello Celestial,I moved this to Am I Infected... Lets look at these logs.Are you on a router? Are other machines on it,if so are they redirecting?Do you use Firefox?Please download MiniToolBox, save it to your desktop and run it. Checkmark the following checkboxes: Flush DNS Report IE Proxy Settings Reset IE Proxy Settings Report FF Proxy Settings Reset FF Proxy Settings List content of Hosts List IP configuration List Winsock Entries List last 10 Event Viewer log List Installed Programs List Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.Please download TDSSKiller.zip and and extract it.Run TDSSKiller.exe. Click Start scan.When it is finished the utility outputs a list of detected objects with description.
The utility automatically selects an action (Cure or Delete) for malicious objects.
The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click ContinueLet reboot if needed and tell me if the tool needed a reboot.Click on Report and post the contents of the text file that will open.

Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log has a name like: TDSSKiller.Version_Date_Time_log.txt.If TDSSKiller does not run... Read more

Read other 7 answers
RELEVANCY SCORE 71.6

Hello,I am new to Bleeping Computer, and I don't really know much about computers.I have had a malware issue for the past few weeks. I was able to eliminate some problems with Malwarebytes, but still have some lingering issues. I get various redirects after searching with Google. In addition, I have numerous unwanted pop-up browsers. At the present time, I am also experiencing some difficulty restarting my computer and changing my homepage.I have included my DDS log and attached my Attach log. Unfortunately, I am unable to attach my GMER log because my computer will either crash, give a blue screen, or automatically restart when I run the GMER program. I have run this program at least 7 times.Any help would be greatly appreciated (with my malware issues and/or my problems with GMER). Thanks,jed cooperDDS (Ver_10-03-17.01) - NTFSx86 Run by Adam Sibley at 9:39:08.95 on Thu 08/12/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1087 [GMT -4:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchC:\WINDOWS\system32\svchost -k rpcssC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k NetworkServiceC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9&... Read more

A:Google Redirect Malware

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other... Read more

Read other 8 answers
RELEVANCY SCORE 71.6

Anytime I click a search result from google, I'm redirected to a variety of spam sites (ie. wantangel.com).

Malware Bytes, SBS&D, and AVG all find nothing, except a few times I've plugged my phone in (T-mobile HD2) it says that autorun.inf (I could be wrong on the exact file name) has been detected as a virus and moved to the vault.

I've attached my hijack this log.
Thank you very much in advance!
 

A:Google Redirect Malware

Read other 10 answers
RELEVANCY SCORE 71.6

Hello, It seems that I, like a lot of people on here, have caught a nasty version of some Malware that causes all of my google searches to be redirected. I'm using the latest version of FireFox as my primary browser but I've also noticed that Google Chrome hasn't been able to load since the problem started. I've run My standard virus protection (ZoneAlarm) as well as SpyBotSD, Malwarebytes', and SuperAntiSpyware and everything has come up clean. Thanks for all of the help you guys do here hopefully this isn't a hopeless case. Below is my HijackThis log. Also, I just noticed that under ZoneAlarms it says that svchost.exe is try to launch C:\Windows\System32\verclsid.exe or use another program to gain access to privileged resources. I clicked deny for the time being. I've been suspicious of everything since this problem started occurring.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:53:13 PM, on 4/12/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32 ... Read more

A:Google Redirect Malware

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 27 answers
RELEVANCY SCORE 71.6

The famous Google Redirect problem, no intro needed. On top of the redirect, I will sometimes have iexplorer.exe running in my task manager but without any windows open, and sometimes you will hear ads playing from nowhere, as well as mouse clicks when your not even near the mouse. Firefox only opens about 20% of the time, usually it will open, show up in the taskbar and dissapear, and repeats this process everytime.

I was successful in running DDS, and have provided those 2 logs, however failed to run GMER.exe. I would double click the exe, hour glass would come on for about 5 seconds and then nothing. I check the task manager and it says GMER.exe was running, but no window would show up, no message or anything. Anyway, thanks for all of your help, you guys are excellent at what you do.


DDS (Ver_09-05-14.01) - NTFSx86
Run by Administrator at 13:45:04.82 on Fri 05/22/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.81 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\Iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.e... Read more

A:Malware: Google Redirect

Let's try this special version of gmer.


Download GMER Rootkit Scanner from here to your desktop. Double click the exe file.
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan.



Click the image to enlarge it


In the right panel, you will see several boxes that have been checked. Uncheck the following ... Sections
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)

Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop, and post it in reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Read other 7 answers
RELEVANCY SCORE 71.6

I appear to have picked up a malware that randomly redirects me to scour and many other sites

logs:
DDS (Ver_10-12-12.02) - NTFSx86
Run by Nigel at 5:05:07.34 on 21/12/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.3070.1094 [GMT 0:00]

AV: Spyware Doctor with AntiVirus *Enabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spyware Doctor *Enabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:�... Read more

A:google redirect malware

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

Read other 5 answers
RELEVANCY SCORE 71.6

Hello,I have been asked to make a new topic in this forum. My previous post is located here. (URL: http://www.bleepingcomputer.com/forums/topic349644.html)My current OS is Windows 7 Ultimate Edition, 64-bit. I have recently been infected with malware, likely caused by downloading an infected file. At first, fake warnings of a virus attack popped up, followed by attempts to delete Malwarebytes Anti-Malware. I believe I have been able to remove the majority of malware, but I am still experiencing slow performance and Google results occasionally redirect me to harmful sites.I have run Malwarebytes' Anti-Malware, Housecall, and Windows Defender. The scanners find zero harmful files, but I know there is malware.I have also run a series of tests requested in my aforementioned thread. The tests were all completed safely, but my problem persists.CODEDDS (Ver_10-03-17.01) - NTFSX64  Run by Hideyuki at 23:11:15.15 on Sat 10/02/2010Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17Microsoft Windows 7 Ultimate   6.1.7600.0.1252.1.1033.18.3326.2220 [GMT -4:00]SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.... Read more

A:Google Redirect Malware

Hello diamondcutWelcome to BleepingComputer ==========================Download OTL to your desktop.Double click on OTL to run it. When the window appears, underneath Output at the top change it to Minimal Output.Under the Standard Registry box change it to All.Under Custom scan's and fixes section paste in the below in boldnetsvcs%SYSTEMDRIVE%\*.*%systemroot%\system32\*.dll /lockedfiles%systemroot%\Tasks\*.job /lockedfiles%systemroot%\System32\config\*.sav %systemroot%\system32\drivers\*.sys /90%systemroot%\system32\Spool\prtprocs\w32x86\*.dllCheck the boxes beside LOP Check and Purity Check.Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.====================

Read other 3 answers
RELEVANCY SCORE 71.6

I recently managed to get the dreaded Google search link redirect virus, and also some other spyware. I was able to solve all issues using MBAM except the Google one. When my computer loads, I also get an error message saying that it can't find the ntload.dll module, which I believe is related to a virus as well (not sure if it's the Google redirect one). I've tried everything I can on my own, please help! Here is my HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:16:43 AM, on 12/29/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
... Read more

A:Google Redirect and other malware

Anyone able to help me here? I've also now noticed that my computer cannot start in safe mode or hibernate.
 

Read other 2 answers
RELEVANCY SCORE 71.6

Like several others here, I've got some sort of malware that's redirecting my browser from my search result in google to an unrelated site (e.g. infomash).I'm running Windows XP pro and using Firefox. I've run computer scans using AVG Free, SuperAntiSpyware and Malwarebytes.Here is my DDS Log:DDS (Ver_10-03-17.01) - NTFSx86 Run by at 20:48:42.90 on Mon 09/06/2010Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_07Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1078 [GMT -7:00]AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}FW: ActiveArmor Firewall *enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exesvchost.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Common Files\Acronis\Schedule2\schedul2.exeC:\Program Files\AVG\AVG9\avgwdsvc.exeC:\WINDOWS\Explorer.EXEC:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exeC: ... Read more

A:Google redirect malware

Hello t586 and welcome to the forums here at BleepingComputer.Sorry for the delay in getting to your post here, as you can probably see the forums are very busy. Please read carefully and follow these steps. Download TDSSKiller and save it to your Desktop.Extract its contents to your desktop.Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.If an infected file is detected, the default action will be Cure, click on Continue.If a suspicious file is detected, the default action will be Skip, click on Continue.It may ask you to reboot the computer to complete the process. Click on Reboot Now.If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Read other 14 answers
RELEVANCY SCORE 71.6

I browse in FF5 and with Malwarebytes as my antivirus. Through some admittedly careless browsing I recently caught and defeated a trojan that made itself look like a Java update but now I'm getting google redirects to random sites/spam sites. I've researched this topic on the forums, downloaded all the tools and I'm now posting logs here to determine what exactly they mean and what should be done.SecurityCheck.exe: did not return a logMiniToolBox Log:Proxy is not enabled.No Proxy Server is set.========================= End of IE Proxy Settings ======================== =============== Hosts content: ============================================ # Copyright © 1993-2009 Microsoft Corp.## This is a sample HOSTS file used by Microsoft TCP/IP for Windows.## This file contains the mappings of IP addresses to host names. Each# entry should be kept on an individual line. The IP address should# be placed in the first column followed by the corresponding host name.# The IP address and the host name should be separated by at least one# space.## Additionally, comments (such as these) may be inserted on individual# lines or following the machine name denoted by a '#' symbol.## For example:## 102.54.94.97 rhino.acme.com # source server# 38.25.63.10 x.acme.com # x client host# localhost name resolution is handled within DNS itself.# 127.0.0.1 localhost# ::1 localhost=============== End of Hosts ==============... Read more

A:Google Redirect Malware from FF5

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.To avoid confusion, I am closing this topic.

Read other 1 answers
RELEVANCY SCORE 71.6

Hi Bleepingcomputer,

My firefox and internet explorer has been infected with some malware whereby searching items through google and then clicking on a seach results redirects me which i'm guessing through a proxy to another search engine selling me stuff among other things. Usually when i click on a search result it will change the web address to www.com.au or something along those lines before the redirect. I've inadvertently relized i can by pass this mechanism by clicking on the cached version of sites before clicking on the actual site i wanted but i know that this workable solution isn't really dealing with the underlying problem.

After scouring half the internet and trying to go about with make shift solutions and tried to do it myself, I've decided to bite the bullet and ask for some much needed expert assistance (much to the dismay of my manhood). Jokes aside, I've been running several malware cleaners (Malwarebytes' Anti-Malware, TDSS killer, Hitman Pro 3.5) all with varying levels of progress.

rkill run first then Malwarebytes doesn't find anything
tdss killer found the file sptd.sys file but couldn't not fix/clean it accordingly and i was too afraid to delete it for fear of it bricking my computer
Hitman pro 3.5 got rid of a few of the cookies and caches and made it clear to me that a proxy was in place
i've gone into the windows/system32/drivers/etc and change the host files because i know it was redirecting me but it keeps ... Read more

A:Google Redirect Malware

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/415409 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 2 answers
RELEVANCY SCORE 71.6

Hi I have redirects from search engines on firefox help please thanks so much. I think it might be Vundo?
DDS (Ver_09-10-24.04) - NTFSx86
Run by HP_Administrator at 11:26:57.39 on Sun 10/25/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1982.1416 [GMT -5:00]

AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSS... Read more

A:google redirect malware

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand corner ... Read more

Read other 2 answers
RELEVANCY SCORE 71.6

Good morning! Hope all is well. Looks like this is a great resource for help. My comp runs great, never had problems until recently...Google and a few other sites redirect and my Kaspersky hasn't found anything.I ran a Hijackthis and am hoping someone can help. Let me know if this is bad practice. Here's the log:Logfile of Trend Micro HijackThis v2.0.4Scan saved at 11:32:43 AM, on 6/12/2011Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v8.00 (8.00.6001.19048)Boot mode: NormalRunning processes:C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exeC:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exeC:\Windows\system32\spool\DRIVERS\x64\3\EBAPIx32.EXEC:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exeC:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exeC:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exeC:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exeC:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exeC:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exeC:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exeC:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.e... Read more

A:Google redirect - malware

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 14 answers
RELEVANCY SCORE 71.6

In internet explorer, when I click a link from a google search, I'm getting redirected to all kinds of other weird sites such as gimmeanswers.org. (From what I've read, this is a very common issue lately, but I can't figure out how to get rid of it.)
I am suspicious that my computer may be ridden with malware, and would love some help making sure it's cleaned up. I need my google!!!
Also, one question, it's still safe to use my computer as normal while I'm working out this problem, right? I feel like my online security may be comprimised? and I shouldn't put in passwords or other sensitive information, should I be worried about this?

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_30
Run by Administrator at 18:04:21 on 2012-03-28
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.616 [GMT -7:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\... Read more

A:Google redirect malware

Hello and Welcome to Bleeping Computer!!Note:: do not use this computer for anything sensitive untill it is cleaned, you should get to a clean computer and change any online passwords that you have usedMy name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us1.Do not run any other tool untill instructed to do so!doing so will only at best cause you unneeded worry as it finds our backups and may even list our toolsand at worst can cause conficts with our tools and lead to unforseen things to happen2.Please Do not Attach logs or put in code boxes.besides the time it takes me to open the reports it makes it harder to find something if I need to go back to do more research and putting them in code boxes just makes them so hard to read3. After each step give me a little feedback It does not need to be long but just something so I know how things are going it can be something likeI am still getting redirected The computer is running as it shouldDon't put things like - it is the same as before or still the same this just makes me go back and look for you last feedback as to how things are4. read every post completely before doing anythingPay special attention to the Notes** I have put inThese are things I have found that happen allot and can be taken care of easily just by reading the Notes**Click on the Watch Topic Bu... Read more

Read other 12 answers