Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Hijack Virus


  • This topic is locked This topic is locked
1 reply to this topic

#1 Nick504

Nick504

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:30 AM

Posted 23 March 2010 - 08:08 PM

Hi, hoping somebody can help here, I've been trawling forums for answers and haven't gotten very far.

The problem is in relation to my mothers PC, which she runs payroll off so fixing it as quickly as possible is essential. It is running Windows XP Pro, Internet Explorer 8 and had Avira as its virus protection.

The first occurrence was on 22/3/10 when we noticed google had been hijacked and was redirecting to other sites off its links. I immediately ran a virus check with Avira which found nothing, ran HijackThis and the logfile seemed clean, so I tried to download SUPERAntiSpyware to see if that would find anything. When I went to download it I could not, as soon as the webpage loaded it was closed again with 'Internet Explorer cannot display the webpage', the same thing happened with Malwarebytes. I did manage to get SUPERAntiSpyware and Malwarebytes by downloading them onto my own PC and then transferring them via USB drive to the other, but they would not update with the newest definitions as they were being blocked as well as the download sites, even in Safe Mode.

Running SUPERAntiSpyware picked up Rogue.Agent/Gen-Nullo [DLL] and Malwarebytes found Trojan.FakeAlert but the problem persisted. I tried to use the same USB drive to copy/paste the updated versions of the programs from my PC to the other (before I even thought that this could infect my PC) and as soon as it was plugged in my Avira detected and stopped TR/Crypt.ZPACK.Gen [trojan] and Microsoft Security Essentials found Worm:Win32/Autorun.UI!inf. My PC is still fine after several more scans with all of the aforementioned programs, but the copy/paste did nothing for detecting anything else.

After this I tried a System Restore to a few days before the problem, no change though.

I'm pretty handy with computers so decided to check the registry and found a few odd entries in HKEY_LOCAL_MACHINE/Software and HKEY_CURRENT_USER/Software (I appologise beacause I didnt note down whcih was found where). There was an entry under ROUA3012PW another as S/P/FSIMWN2THI and BVRP Software/Net Medic.

Since removing those entries the problem has changed in that the computer seems faster and also the redirecting of the Google links now does not take me to a malicious website, just to an 'Internet Explorer cannot display the webpage' screen, which is a start I suppose.

I have also checked my HOSTS file and there was nothing untowards in there.

Any assistance with this problem would be greatly appreciated.

Thanks, Nick504

Edited by Nick504, 23 March 2010 - 08:33 PM.


BC AdBot (Login to Remove)

 


#2 Nick504

Nick504
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:30 AM

Posted 24 March 2010 - 11:11 AM

Used combofix as a last resort before a format because time was short. Seems to have fixed the problem. Updating and scanning with other antiviruses is coming up clean.

Thanks, Nick504




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users