Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How do I remove Google Redirect Virus?


  • Please log in to reply
6 replies to this topic

#1 mmcm18

mmcm18

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:57 PM

Posted 15 January 2010 - 10:44 AM

Approximately 3-4 weeks ago, my computer began to redirect. It got so bad that it redirected every time. I didn't know there was such a thing as Redirect Virus. I had just upgraded IE, so I figured it had to be something with an add-on. (I'm not terrribly computer literate, BTW). I definately think I have Redirect Virus, but there seems to be so many different suggestions regarding how to get rid of it. I think I need to use combofix, but read the disclaimer that I shouldn't do this without an expert. Can anyone help?

BC AdBot (Login to Remove)

 


#2 Giggsteve8

Giggsteve8

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 15 January 2010 - 12:41 PM

Hey there!

Until a more able member arrives to assist you, I recommend downloading Malwarebytes from http://www.malwarebytes.org

Install the program, open it, click on the "update" tab, and hit "update." Now, click the "Scanning" tab, and run a quick scan.

If anything is found, follow the deletion instructions. If not, let us know that, too.


If you need any more help with getting Malwarebytes going, let me know!

#3 mmcm18

mmcm18
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:57 PM

Posted 15 January 2010 - 01:39 PM

Sorry, I should have been more specific. I ran malwarebytes and adaware, all to no avail. I then attempted Microsoft Malicious Removal Tool and it detected several items, but couldn't remove them. Also, I attempted to run Spyware Removal tool and it wouldn't even open up after I downloaded it. My screen will not load anything now when I try to open IE or Mozilla. And as I mentioned earlier, it was continually redirecting before it got to this point. Interestingly, if I type an address in the address window, it goes to that site and will even link to other sites at that point. My email is also working just fine.

I have Kaspersky antivirus, then newest version. I thought originally that my problem had something to do with a new installation of the Kaspersky program at the end of December. Their tech's looked at some of my data and could find nothing wrong with their side.

Thanks so much in advance for any help you can provide.

#4 ramonv

ramonv

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 21 January 2010 - 10:03 PM

I highly recommend Hitman Pro 3.5
http://download.cnet.com/Hitman-Pro-3/3000....html?tag=mncol

It's free, and this is a cnet link, so it's safe.

#5 anbowden

anbowden

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 21 January 2010 - 10:45 PM

I'm also having the same issue, and after doing alot of research on here I've found two options:
1. Hitman Pro 3.5
2. GMER -> MBR and RootRepeal -> ComboFix

Which is better?

On a sidenote, I'm running Windows XP and my quick scan with GMER revealed "suspicious activity with atapi.sys".

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,561 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:57 AM

Posted 22 January 2010 - 02:04 AM

Hello Do not run ComboFix without supervision.

@anbowden
You will need to run HJT/DDS. Include your GMER log.
Please follow this guide. go and do steps 6 thru 8 ,, Preparation Guide For Use Before Using Hijackthis. Then go here HijackThis Logs and Virus/Trojan/Spyware/Malware Removal ,click New Topic,give it a relevant Title and post that complete log.

Let me know if it went OK.


@mmcm18[/bPlease run GMER
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, [b]uncheck
Devices on the right side before scanning.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 anbowden

anbowden

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 22 January 2010 - 03:17 PM

Thanks boopme. I think I've followed you directions correctly. See my post here:
http://www.bleepingcomputer.com/forums/t/289356/another-google-redirect-virus/

Note: I couldn't get GMER to do a full scan. I also can't run my computer in safe mode(it won't boot up). I can try to scan GMER by unchecking some of the boxes later today.

Thanks,
Andy




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users