Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect and other issues


  • This topic is locked This topic is locked
46 replies to this topic

#1 gloryfalls12

gloryfalls12

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:09:40 PM

Posted 06 August 2009 - 07:30 PM

When i run a search on google and click on a result, i immediately get redirected to any number of random sites. In addition, i tried opening malwarebytes and nothing at all happens. it looks like it's loading it but then the program never actually opens up. i tired clearing out old cookies, but i'm still having the same issues

BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:40 PM

Posted 06 August 2009 - 07:35 PM

Rename this file:

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

to this:

winlogon.exe

Then double-click the renamed file and see if it will run.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 gloryfalls12

gloryfalls12
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:09:40 PM

Posted 06 August 2009 - 08:05 PM

yeah, that got it open. i'm running it right now and i'll let you know if it fixed everything. thanks

#4 gloryfalls12

gloryfalls12
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:09:40 PM

Posted 06 August 2009 - 08:53 PM

I ran it and here is what it found:

Malwarebytes' Anti-Malware 1.38
Database version: 2381
Windows 5.1.2600 Service Pack 3

8/6/2009 8:47:30 PM
mbam-log-2009-08-06 (20-47-23).txt

Scan type: Full Scan (C:\|)
Objects scanned: 187094
Time elapsed: 41 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\net (Trojan.Agent) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\net (Trojan.Agent) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> No action taken.

#5 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:40 PM

Posted 06 August 2009 - 10:18 PM

Your log shows no action taken for the items found. Did you actually remove them?

You should remove these items, then reboot and run the scan again. Post the new log.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#6 gloryfalls12

gloryfalls12
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:09:40 PM

Posted 07 August 2009 - 08:26 PM

yeah, sorry about that. i posted the log from before i removed everything. anyways, i got all of that removed and was in the process of running another scan. i started running malwarebytes and then it just shut down the program. i tried to open it but it says "windows cannot access the specified device, path, or file. you may not have appropriate permissions to access the item." and now i also have this red circle with an 'x' through it down in the part of my toolbar with the clock. i believe it is a program names braviax.exe.

#7 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:40 PM

Posted 08 August 2009 - 02:40 AM

We Need to check for Rootkits with RootRepeal
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract RootRepeal.exe from the archive.
  • Open Posted Image on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check the Files box only: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#8 gloryfalls12

gloryfalls12
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:09:40 PM

Posted 08 August 2009 - 08:34 AM

i started running the program, and just like malewarebytes, it shutdown before it was finished and now says the same thing as malwarebytes says when i try to open it up again.

#9 gloryfalls12

gloryfalls12
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:09:40 PM

Posted 08 August 2009 - 08:53 AM

in addition, there is also some ad playing an audio track but there is no window or anywhere to close it.

#10 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:40 PM

Posted 08 August 2009 - 04:33 PM

Try the scan in Safe Mode.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#11 gloryfalls12

gloryfalls12
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:09:40 PM

Posted 08 August 2009 - 05:31 PM

i tried running the scan in safemode and it said the same thing it was saying earlier, "windows cannot access the specified device, path, or file. you may not have appropriate permissions to access the item." it said that on both the root repeal and on malwarebytes. i tried changing the names and said that i couldn't because the process was already running or something along those lines. so needless to say, nothing has changed yet

#12 gloryfalls12

gloryfalls12
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:09:40 PM

Posted 08 August 2009 - 05:52 PM

new development, i was just got done typing that last message on here and stopped paying attention to the computer for a moment, then it went to a blue screen and restarted. the blue screen said something about antivirus software but since i wasn't paying much attention i didn't catch the blue screen until it just about shutdown. then i tried starting it again, and windows won't load in normal mode. it tries loading and just goes to a blue screen and says "stop" and something about the hd then restarts again. so i'm running it in safemode right now.

#13 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:40 PM

Posted 09 August 2009 - 03:57 PM

VIPRE PC Rescue. This is a is a command-line utility that will scan and clean a computer which is so badly infected that programs cannot be easily run. Be sure to print out and follow the instructions provided on the same page.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#14 gloryfalls12

gloryfalls12
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:09:40 PM

Posted 09 August 2009 - 10:38 PM

that program runs, but it hasn't actually removed any of the stuff that it has found. i ran it and it found quite a bit of viruses, but then it came to the end of the scan (i think) and sat at the command prompt. so i ran the scan again, and the same stuff was still there. i restarted the computer and ran it again, and all of it is still there. am i missing a step to get it to actually delete these files?

one other thing, when i log on, my desktop (icons, taskbar, etc...) doesn't actually come up. i'm having to press control atl del to get the taskman and then starting and running everything from the run command. it's like that in both regular and safe mode. it'll bring up the background but nothing else.

#15 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:40 PM

Posted 09 August 2009 - 10:51 PM

Is this file on your hard drive?

C:\WINDOWS\system32\desot.exe

If so delete it and try Malwarebytes again.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users