Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

For people with the redirect virus


  • Please log in to reply
4 replies to this topic

#1 badfilms

badfilms

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:04 PM

Posted 23 January 2010 - 05:01 AM

Hey everyone.

I am posting this because I struggled for a few days to find a solution to the redirect virus. I got on several forums, including this one, and because of the huge influx of people experiencing this, the response time is terrible. I have finally removed the virus completely, and one program was able to do it: TDSSKiller. This program is kind of similar to Combofix, but made by Kaspersky, which is one of the best Anti-Virus companies on the market. I cannot guarantee that this will work for everyone, but it should get rid of most of the problems people are facing.

http://support.kaspersky.com/viruses/solutions?qid=208280684

Good luck!


EDIT: Moved to a more appropriate forum

Edited by garmanma, 23 January 2010 - 02:15 PM.


BC AdBot (Login to Remove)

 


#2 xblindx

xblindx

  • Banned
  • 1,923 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:04 PM

Posted 23 January 2010 - 02:33 PM

Hi, please be aware that even after running TDSSKiller, you may still have other infections left on your machine. That tool was made specifically for the TDSS rootkit which is responsible for google redirects, along with other things. It should also be noted that TDSS is a rootkit, and therefore

These items are part of a very nasty rootkit.

IMPORTANT NOTE: One or more of the identified infections was related to a rootkit component. Rootkits and backdoor Trojan are very dangerous because they use advanced techniques (backdoors) as a means of accessing a computer system that bypasses security mechanisms and steal sensitive information which they send back to the hacker. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. Remote attackers use backdoor Trojans and rootkits as part of an exploit to gain unauthorized access to a computer and take control of it without your knowledge.

If your computer was used for online banking, has credit card information or other sensitive data on it, all passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised. They should be changed by using a different computer and not the infected one. If not, an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

Although the rootkit was identified and removed, your PC has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume that because the rootkit has been removed the computer is now secure. In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired. The malware may leave so many remnants behind that security tools cannot find them. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:

? "When should I re-format? How should I reinstall?"
? "Help: I Got Hacked. Now What Do I Do?"
? "Where to draw the line? When to recommend a format and reinstall?"

Should you decide not to follow that advice, we will do our best to help clean the computer of any infections but we cannot guarantee it to be trustworthy or that the removal will be successful.

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,597 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:04 PM

Posted 24 January 2010 - 09:38 AM

TDSSKiller is not similar to ComboFix.

Further, TDSSKiller may not always work or detect all the malware variants related to the infection.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 badfilms

badfilms
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:04 PM

Posted 24 January 2010 - 12:03 PM

Hi and thank you for your replies. I have considered reformatting my system and after your post, xblindx, I am considering it much more. I want to note that I have gotten the VUNDO virus once before and Combofix was able to get rid of it, but was unsuccessful in removing the Google Redirect virus. I have done several scans, including looking through new OTL and GMER scans. I also ran TFC after I used TDSSKiller. I ran TDSSKiller again to see if it came up with anything and it did not. I also ran the ESET and Kaspersky online scans which came up clean.

I want to note that as soon as I realized my system was compromised, I disconnected from the internet and shut the system down. I did not use email accounts, etc. because on my backup system, I realized the potential threat this virus presented to me. With that in mind, do you think it is worth reformatting? This computer is out of date to begin with, and I really could use a new system, but as far as updates/software go I am CURRENT. Thanks for your help.

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,597 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:04 PM

Posted 24 January 2010 - 01:26 PM

Your decision as to what action to take should be made by reading and asking yourself the questions presented in the "When should I re-format?" and "...Now What Do I Do?" links previously provided. As already said, in some instances an infection may leave so many remnants behind that security tools cannot find them and your system cannot be completely cleaned, repaired or trusted. Wiping your drive, reformatting, and performing a clean install of the OS or doing a factory restore with a vendor-specific Recovery Disk or Recovery Partition removes everything and is the safest action but we cannot make that decision for you.

Edited by quietman7, 24 January 2010 - 01:26 PM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users