Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Struggling with Google redirect virus and can't get Gooredfix to run properly


  • Please log in to reply
4 replies to this topic

#1 littlegreenjason

littlegreenjason

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:08 AM

Posted 01 December 2009 - 08:05 PM

Hi All,

I'm yet another person who is trying to get the Google redirect virus off of my computer and I've been trying to educate myself on some of the more common fixes to the problem. I am running windows XP on a Dell E510. I discovered the problem yesterday and here are the steps I've taken so far:

1. Spybot deep scan
2. Systemsuite 7 professional deep virus scan
3. Avast antivirus scan
4. Malware byte's Anti-malware scan
5. SUPERanti-spyware scan
6. Regcure registry cleaner
7. Reboots after each scan


I've tried to run the Gooredfix program but all that comes up is a log. I've seen other people say that there should be a menu of some sort where I can press 1 or 2 for different settings but I have not seen that. A small black screen that looks like a DOS prompt comes up for a split second but then it goes away before I am able to type anything in. I'm wondering if I'm doing it right or if the malware is preventing me from running the program.

I'm not sure if I should post any logs so I will wait until I'm instructed to do so. Can anyone help walk me through this? :thumbsup:

Thanks!

Edited by littlegreenjason, 01 December 2009 - 08:31 PM.


BC AdBot (Login to Remove)

 


#2 littlegreenjason

littlegreenjason
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:08 AM

Posted 03 December 2009 - 08:28 AM

Hi,

Just an update. Still can't get Gooredfix to work correctly but I put up a firewall and that seemed to keep the redirects from happening. Browser is still VERY slow and I can't tell if it's because of the virus (which I'm sure I still have) or if it's just because of my firewall settings. I checked my firewall log and I've had TONS of inbound Port Scans detected, all of which are labeled as "major severity" and are coming from a remote host whose IP is either 208.59.247.45 or 208.59.247.46.

So, I've managed to neutralize the redirects for the time being but I'm still concerned about the virus and it's affects on my computer. Does anyone have any ideas of further steps I can take?

Thanks,
Jason

#3 littlegreenjason

littlegreenjason
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:08 AM

Posted 03 December 2009 - 05:18 PM

Another update. Tried running Superantispyware in Safe mode but computer would not boot up and I got the blue screen of death. I tried a second time with the same result. I then tried booting up normally but got the blue screen yet again so I booted up in "last known good configuration".

Now spybot has detected a registry entry change that goes something like this:

Category: Session Manager
Change: Value Deleted
Entry: BootExecute
Old data: autocheck autochk

I haven't accepted or declined the change but I'm assuming that accepted would be bad.

I really could use some help on this one because I've been trying to solve the problem myself and I'm scared to do any permanent damage.

Thanks,
J

#4 littlegreenjason

littlegreenjason
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:08 AM

Posted 04 December 2009 - 09:29 AM

Bump? :thumbsup:

#5 littlegreenjason

littlegreenjason
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:08 AM

Posted 06 December 2009 - 11:28 AM

Anyone?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users