BleepingComputer.com: Website redirections

Hello,
I'm having trouble trying to search for websites on google,
they keep redirecting the websites to search engines I have not chosen.
Ex: (Gimmeanswers, Buzzclick, Yellowpages, etc.)
I've tried scanning Malwarebytes, Avast, and Spybot and they've found
some threats; I delete them and keep going on the desired websites and
somehow get redirected AGAIN.
It seems like this virus has tried to also collect private information
because I received an email from my bank notifying me of numerous attempts.
Please help, this is really frustrating to resolve but I will very much
appreciate the help.

This post has been edited by Budapest: 10 January 2012 - 06:19 PM
Reason for edit: Moved from Vista

Try this:

http://www.bleepingcomputer.com/virus-removal/remove-tdss-tdl3-alureon-rootkit-using-tdsskiller

I downloaded the program and got it scanned, however it told me that no threats were found.
I just now went to do another search and again another website popped up.

What browser do you use?

Run another quick scan with Malwarebytes and post the log.

I use mozilla firefox.

Here's the log:


Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.08.03

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 7.0.6001.18000
genesis :: GENESIS-PC [administrator]

1/10/2012 6:48:59 PM
mbam-log-2012-01-10 (18-48-59).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 264096
Time elapsed: 15 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2

• Ensure all Firefox windows are closed.
  
• To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  
• When prompted to run the scan, click Yes.
  
• GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

Here you go:


GooredFix by jpshortstuff (03.07.10.1)
Log created at 19:21 on 10/01/2012 (genesis)
Firefox version 9.0.1 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [18:59 16/06/2011]

C:\Users\genesis\Application Data\Mozilla\Firefox\Profiles\9m0ow3ai.default\extensions\
{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} [03:45 06/12/2011]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [16:29 18/01/2011]
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext" [19:46 19/12/2011]
"{23fcfd51-4958-4f00-80a3-ae97e717ed8b}"="C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5" [23:34 31/12/2011]

---------- Old Logs ----------
GooredFix[00.20.47_11-01-2012].txt

-=E.O.F=-

Do you use a router? If so try resetting it as the virus may have messed with the DNS settings.

I reset the router and scanned the computer again but it seems like nothing
was different in this case, either.
Last log:


GooredFix by jpshortstuff (03.07.10.1)
Log created at 19:37 on 10/01/2012 (genesis)
Firefox version 9.0.1 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [18:59 16/06/2011]

C:\Users\genesis\Application Data\Mozilla\Firefox\Profiles\9m0ow3ai.default\extensions\
{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} [03:45 06/12/2011]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [16:29 18/01/2011]
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext" [19:46 19/12/2011]
"{23fcfd51-4958-4f00-80a3-ae97e717ed8b}"="C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5" [23:34 31/12/2011]

---------- Old Logs ----------
GooredFix[00.20.47_11-01-2012].txt
GooredFix[00.21.19_11-01-2012].txt
GooredFix[00.35.12_11-01-2012].txt

-=E.O.F=-

Go to this Microsoft page:

http://support.microsoft.com/kb/811259

About half way down the page click on this:



See if that makes any difference.

I downloaded the fix it program and ran the Goored Fix, again:




GooredFix by jpshortstuff (03.07.10.1)
Log created at 19:57 on 10/01/2012 (genesis)
Firefox version 9.0.1 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [18:59 16/06/2011]

C:\Users\genesis\Application Data\Mozilla\Firefox\Profiles\9m0ow3ai.default\extensions\
{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} [03:45 06/12/2011]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [16:29 18/01/2011]
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext" [19:46 19/12/2011]
"{23fcfd51-4958-4f00-80a3-ae97e717ed8b}"="C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5" [23:34 31/12/2011]

---------- Old Logs ----------
GooredFix[00.20.47_11-01-2012].txt
GooredFix[00.21.19_11-01-2012].txt
GooredFix[00.35.12_11-01-2012].txt
GooredFix[00.37.47_11-01-2012].txt

-=E.O.F=-

Are you still get redirected?

It seems like it's okay now. I'm not sure why though?
Just a few minutes ago it kept redirecting me.

I'd like us to scan your machine with ESET OnlineScan

• Hold down Control and click on this link to open ESET OnlineScan in a new window.
  
• Click the button.
  
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    
  • Double click on the
    icon on your desktop.
  
  
• Check "YES, I accept the Terms of Use."
  
• Click the Start button.
  
• Accept any security warnings from your browser.
  
• Under scan settings, check "Scan Archives" and "Remove found threats"
  
• Click Advanced settings and select the following:
  • Scan potentially unwanted applications
    
  • Scan for potentially unsafe applications
    
  • Enable Anti-Stealth technology
  
  
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  
• When the scan completes, click List Threats
  
• Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  
• Click the Back button.
  
• Click the Finish button.

I scanned the computer and these were the list of threats found:



C:\Documents and Settings\genesis\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\593ae75a-508255e3 Java/Agent.DY trojan deleted - quarantined
C:\Documents and Settings\genesis\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\128aa334-2fc2d538 Java/Exploit.CVE-2011-3544.F trojan deleted - quarantined
C:\Documents and Settings\genesis\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\5426e8b7-47c3a1ae Java/Exploit.CVE-2011-3544.H trojan deleted - quarantined
C:\Documents and Settings\genesis\Desktop\GooredFix Backups\C\Users\genesis\Application Data\Mozilla\Firefox\Profiles\9m0ow3ai.default\extensions\{debb2875-f9b2-4003-a257-0595eaccd3e1}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined
C:\Program Files\Search Toolbar\SearchToolbar.dll Win32/Toolbar.Zugo application cleaned by deleting - quarantined
E:\GENESIS-PC\Backup Set 2010-01-26 170632\Backup Files 2010-06-20 214455\Backup files 1.zip multiple threats deleted - quarantined
E:\GENESIS-PC\Backup Set 2010-01-26 170632\Backup Files 2010-12-01 190003\Backup files 3.zip multiple threats deleted - quarantined
E:\GENESIS-PC\Backup Set 2010-01-26 170632\Backup Files 2011-01-01 190001\Backup files 2.zip multiple threats deleted - quarantined

This post has been edited by qenniisiis: 11 January 2012 - 11:17 AM