BleepingComputer.com: Google Redirect Virus In Firefox -_-

Hello everyone. I gotta say I love this website. Anyway, im basically stumped with this one. Its becoming very annoying as of late. I'm sure this is a common problem i just need help fixing it. I search for something on google, and whichever link I click on gets redirected to something different (usually buzzclick,find-quick-results, etc). Malwarebytes seems to be picking up something, but the redirecting still happens. My back's against the wall on this one and now im looking toward the good people at bleepingcomputer so just tell me what i need to display on here and how I go by copy and pasting it all. I'm looking forward to get this all cleaned up because its became very frustrating lol.

This post has been edited by hamluis: 25 June 2011 - 09:55 AM
Reason for edit: No logs, moved from MRL to AII.

Does the redirection happen in Firefox only?
Did you check IE?

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

================================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

I have checked. It only does it in Firefox.

SECURITY CHECK:
Results of screen317's Security Check version 0.99.7
Windows 7 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Avira AntiVir Personal - Free Antivirus
WMI entry may not exist for antivirus; attempting automatic update.
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java™ 6 Update 26
Out of date Java installed!
Adobe Flash Player 10.1.102.64
Adobe Reader 9.4.1
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.17)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
``````````End of Log````````````



I've scanned with Malwarebytes around 3 or 4 different times and the first time it apparantly removed 4 infections, and everytime i scan now it doesnt show any viruses:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

6/27/2011 6:19:30 AM
mbam-log-2011-06-27 (06-19-30).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|)
Objects scanned: 718897
Time elapsed: 2 hour(s), 30 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




Yet Avira detects adware at least 10 times a day. I remove it but it keeps coming back. I need help :[

Can you tell me what EXACTLY is detected by Avira (file name and a location)?

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2

• Ensure all Firefox windows are closed.
  
• To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  
• When prompted to run the scan, click Yes.
  
• GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

There's definitely more but the 2 most recent ones that pop up are:
Object: iccvid32.exe Detection: TR/Kazy.27644
and
Object: bitsprx532.exe Detection: TR/Kazy.27644


GooredFix gave me back these results:


GooredFix by jpshortstuff (03.07.10.1)
Log created at 14:52 on 27/06/2011 (Jeremy)
Firefox version 3.6.17 (en-US)

========== GooredScan ==========

Deleting "C:\Users\Jeremy\Application Data\Mozilla\Firefox\Profiles\p8f2rumr.default\extensions\{425276e6-c8e0-412d-a233-05e8ac2a490b}" -> Success!
Deleting "C:\Users\Jeremy\Application Data\Mozilla\Firefox\Profiles\p8f2rumr.default\extensions\{929eb08a-59bc-41b3-a62c-aa7fe8b8f9a5}" -> Success!

========== GooredLog ==========

C:\Program Files (x86)\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [22:59 18/06/2011]
{972ce4c6-7e08-4474-a285-3208198ce6fd} [20:16 25/01/2010]
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [21:26 02/02/2010]
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [17:23 14/08/2010]
{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [05:43 26/12/2010]
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [13:51 21/06/2011]

C:\Users\Jeremy\Application Data\Mozilla\Firefox\Profiles\p8f2rumr.default\extensions\
battlefieldheroespatcher@ea.com [00:49 28/11/2010]
{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [10:11 13/06/2011]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
(none)

-=E.O.F=-

How is redirection?

It usually occured with every search. Good news though, for some reason avira decided to remove everything and now im malware free! Thanks for the help though, I really do appreciate it man.

Very well

Let's run one more scan....

Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
  
• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• Accept any security warnings from your browser.
  
• Check Scan archives
  
• Click Start
  
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  
• When the scan completes, push List of found threats
  
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.