Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect Problem


  • Please log in to reply
6 replies to this topic

#1 btketron

btketron

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:33 PM

Posted 10 August 2009 - 03:37 PM

I've been having a problem with Google redirecting to sites such as Toseeka & Shopica. I have already run scans for ComboFix, SUPERAntiSpyware, Malwarebytes Anti-spyware, MGTools, and RootRepeal. I have the logs available, please give direction as to when/where I can attach and/or post the logs so I can have an expert look into it.

Due to this problem, and after the scans, I keep having each program in XP that tries to open give me an error, saying it is "Unable To Locate Component" due to the absence of C:\WINDOWS\system32\mswsill.dll. This is becoming rather annoying, and I believe that .dll was deleted when I ran SUPERAntiSpyware. I have two SAS scans, one pre-.dll problem and one post-.dll problem.

Please help!!!

BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:33 PM

Posted 10 August 2009 - 04:40 PM

Post the latest Malwarebytes log.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 btketron

btketron
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:33 PM

Posted 11 August 2009 - 07:49 AM

Here's the MB log--note that this was done yesterday morning around 10. I ran ComboFix and SUPERAntiSpyware after that, have logs for both if you want them. Also note that I took this computer to a friend of mine who does this sort of thing for a living (wanted to keep it and work on it today but I needed this laptop this morning), and he temporarily fixed the "Unable To Locate Component" issue by reversing a SUPERAntiSpyware quarantine for now. That unfortunately means that the redirect for Google is still a problem.

Malwarebytes' Anti-Malware 1.40
Database version: 2575
Windows 5.1.2600 Service Pack 2

8/10/2009 9:54:19 AM
mbam-log-2009-08-10 (09-54-19).txt

Scan type: Full Scan (C:\|)
Objects scanned: 203928
Time elapsed: 1 hour(s), 14 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#4 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:33 PM

Posted 11 August 2009 - 03:47 PM

Run another scan with SAS in Safe Mode.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#5 btketron

btketron
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:33 PM

Posted 12 August 2009 - 09:04 AM

Here's the SAS log. Note that I did NOT let SAS remove the Vundo files as that was the file causing the "Unable To Locate Component" error I mentioned in my first post. If I remove that, I get tons of errors everytime any program decides to run/execute a task.

---------------------------------------------------

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/11/2009 at 05:53 PM

Application Version : 4.27.1002

Core Rules Database Version : 4049
Trace Rules Database Version: 1989

Scan type : Complete Scan
Total Scan Time : 00:35:21

Memory items scanned : 351
Memory threats detected : 1
Registry items scanned : 6534
Registry threats detected : 0
File items scanned : 19048
File threats detected : 31

Adware.Vundo/Variant-Crypt
C:\WINDOWS\SYSTEM32\MSWSILL.DLL
C:\WINDOWS\SYSTEM32\MSWSILL.DLL

Adware.Tracking Cookie
C:\Documents and Settings\btketron\Cookies\btketron@kontera[2].txt
C:\Documents and Settings\btketron\Cookies\btketron@at.atwola[2].txt
C:\Documents and Settings\btketron\Cookies\btketron@ad.yieldmanager[2].txt
C:\Documents and Settings\btketron\Cookies\btketron@tacoda[1].txt
C:\Documents and Settings\btketron\Cookies\btketron@richmedia.yahoo[2].txt
C:\Documents and Settings\btketron\Cookies\btketron@ipcmedia.122.2o7[1].txt
C:\Documents and Settings\btketron\Cookies\btketron@questionmarket[2].txt
C:\Documents and Settings\btketron\Cookies\btketron@oasn04.247realmedia[1].txt
C:\Documents and Settings\btketron\Cookies\btketron@collective-media[1].txt
C:\Documents and Settings\btketron\Cookies\btketron@interclick[1].txt
C:\Documents and Settings\btketron\Cookies\btketron@invitemedia[2].txt
C:\Documents and Settings\btketron\Cookies\btketron@adlegend[2].txt
C:\Documents and Settings\btketron\Cookies\btketron@ads.pointroll[2].txt
C:\Documents and Settings\btketron\Cookies\btketron@eas.apm.emediate[2].txt
C:\Documents and Settings\btketron\Cookies\btketron@tribalfusion[1].txt
C:\Documents and Settings\btketron\Cookies\btketron@adtech[1].txt
C:\Documents and Settings\btketron\Cookies\btketron@insightexpressai[1].txt
C:\Documents and Settings\btketron\Cookies\btketron@xiti[1].txt
C:\Documents and Settings\btketron\Cookies\btketron@serving-sys[2].txt
C:\Documents and Settings\btketron\Cookies\btketron@247realmedia[2].txt
C:\Documents and Settings\btketron\Cookies\btketron@ads.bleepingcomputer[1].txt
C:\Documents and Settings\btketron\Cookies\btketron@ads.lucidmedia[1].txt
C:\Documents and Settings\btketron\Cookies\btketron@adserver.adtechus[1].txt
C:\Documents and Settings\btketron\Cookies\btketron@msnbc.112.2o7[2].txt
C:\Documents and Settings\btketron\Cookies\btketron@bs.serving-sys[1].txt
C:\Documents and Settings\btketron\Cookies\btketron@a1.interclick[1].txt
C:\Documents and Settings\btketron\Cookies\btketron@smartadserver[1].txt
C:\Documents and Settings\btketron\Cookies\btketron@specificmedia[1].txt
C:\Documents and Settings\btketron\Cookies\btketron@specificclick[1].txt
C:\Documents and Settings\btketron\Cookies\btketron@yieldmanager[1].txt

#6 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:33 PM

Posted 12 August 2009 - 04:43 PM

Are you receiving assistance for this problem at the MajorGeeks forum?
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#7 btketron

btketron
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:33 PM

Posted 12 August 2009 - 04:51 PM

Yes I am, you can close this thread. This is almost resolved.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users