Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect Malware - Myshovel, Searchmeup


  • This topic is locked This topic is locked
4 replies to this topic

#1 ABracamont

ABracamont

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:01:35 AM

Posted 16 April 2010 - 08:21 PM

Hi: This is my first post (anywhere). I have read through several BleepingComputer malware threads and now see what is wrong with my laptop based on the work you have done with other subscribers. My only symptom (I hope) is Google redirects to other unwanted sites via www.myshovel.com or www.searchmeup.com. This only happens one time. When I relaunch I get the desired site, and when I use any other search engine there is no problem. I run Windows XP Home Edition, IE 7, on a Compaq Presario R3120US laptop.

I'm ready to get started. What's next?

BC AdBot (Login to Remove)

 


#2 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:35 AM

Posted 17 April 2010 - 01:49 PM

Hi,


Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.



Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#3 ABracamont

ABracamont
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:01:35 AM

Posted 17 April 2010 - 04:50 PM

Hi Elle and thank you very much!!

Below is the requested gmer report.

Best Regards,

Al

**************************************************


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 5/12/2004 8:57:14 AM
System Uptime: 4/16/2010 10:34:58 AM (8 hours ago)

Motherboard: Compal | | 08A0
Processor: AMD Athlon™ XP Processor 3000+ | Socket A | 1595/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 56 GiB total, 18.628 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP695: 1/16/2010 8:00:57 PM - Software Distribution Service 3.0
RP696: 1/28/2010 11:58:38 AM - Software Distribution Service 3.0
RP697: 1/28/2010 12:10:14 PM - Installed Java™ 6 Update 18
RP698: 1/28/2010 12:33:06 PM - Installed Motorola Driver Installation 4.2.0
RP699: 1/28/2010 2:14:01 PM - Removed Motorola Driver Installation 4.2.0
RP700: 1/30/2010 6:23:11 PM - System Checkpoint
RP701: 1/31/2010 7:04:51 PM - Installed Palm Desktop
RP702: 2/3/2010 11:10:04 AM - System Checkpoint
RP703: 2/4/2010 11:07:23 AM - Installed LG USB Modem driver
RP704: 2/4/2010 11:09:09 AM - Installed VZAccess Manager.
RP705: 2/4/2010 11:45:58 AM - Installed Windows Media Format Runtime
RP706: 2/4/2010 11:47:33 AM - Installed Windows XP Wudf01000.
RP707: 2/4/2010 11:54:47 AM - Installed SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
RP708: 2/4/2010 11:56:02 AM - Installed LG USB Modem driver
RP709: 2/4/2010 1:26:18 PM - Installed LG USB Modem driver
RP710: 2/4/2010 3:00:19 PM - Software Distribution Service 3.0
RP711: 2/8/2010 11:05:43 AM - Software Distribution Service 3.0
RP712: 2/8/2010 11:14:37 AM - Software Distribution Service 3.0
RP713: 2/9/2010 7:29:34 PM - System Checkpoint
RP714: 2/10/2010 11:03:00 AM - Software Distribution Service 3.0
RP715: 2/18/2010 5:21:48 PM - System Checkpoint
RP716: 2/21/2010 1:52:01 PM - System Checkpoint
RP717: 2/23/2010 4:24:24 PM - Software Distribution Service 3.0
RP718: 2/25/2010 8:32:54 AM - System Checkpoint
RP719: 2/28/2010 8:10:20 PM - System Checkpoint
RP720: 3/5/2010 1:09:23 PM - System Checkpoint
RP721: 3/6/2010 1:57:57 PM - System Checkpoint
RP722: 3/8/2010 9:03:24 PM - System Checkpoint
RP723: 3/11/2010 10:09:45 AM - System Checkpoint
RP724: 3/11/2010 2:45:01 PM - Software Distribution Service 3.0
RP725: 3/17/2010 9:33:04 AM - Installed hp deskjet 3600
RP726: 3/22/2010 11:31:13 AM - System Checkpoint
RP727: 3/23/2010 11:47:32 AM - System Checkpoint
RP728: 3/24/2010 5:57:28 PM - System Checkpoint
RP729: 3/28/2010 11:28:28 AM - System Checkpoint
RP730: 3/29/2010 7:07:27 PM - System Checkpoint
RP731: 3/30/2010 3:00:26 PM - Software Distribution Service 3.0
RP732: 3/31/2010 8:45:16 PM - System Checkpoint
RP733: 4/3/2010 1:40:37 PM - System Checkpoint
RP734: 4/4/2010 1:41:13 PM - System Checkpoint
RP735: 4/5/2010 2:02:24 PM - System Checkpoint
RP736: 4/6/2010 7:14:32 PM - Removed hp deskjet 3600
RP737: 4/6/2010 7:23:31 PM - Removed HP Deskjet Preloaded Printer Drivers
RP738: 4/6/2010 8:55:36 PM - Printer Driver doPDF 6 Printer Driver Installed
RP739: 4/6/2010 8:56:32 PM - Printer Driver Fax Lexmark Pro700 Series Printer Installed
RP740: 4/8/2010 4:41:31 PM - System Checkpoint
RP741: 4/9/2010 5:08:52 PM - System Checkpoint
RP742: 4/11/2010 7:11:50 PM - System Checkpoint
RP743: 4/12/2010 8:09:56 PM - System Checkpoint
RP744: 4/13/2010 2:13:33 PM - Installed Microsoft Office Live Meeting 2007
RP745: 4/13/2010 4:17:54 PM - Software Distribution Service 3.0
RP746: 4/14/2010 7:41:12 PM - System Checkpoint
RP747: 4/14/2010 10:20:24 PM - Spyware Doctor: Cleaning Threats
RP748: 4/15/2010 6:43:15 AM - Software Distribution Service 3.0
RP749: 4/16/2010 3:02:48 PM - System Checkpoint
RP750: 4/16/2010 4:45:15 PM - Installed Seagate Manager Installer

==== Installed Programs ======================

ABBYY FineReader 6.0 Sprint
Adobe Flash Player 10 ActiveX
Adobe Reader 9.3.2
AFPL Ghostscript 8.54
AFPL Ghostscript Fonts
Agere Systems AC'97 Modem
Amazon MP3 Downloader 1.0.5
AMD Power Monitor
AOL Uninstaller (Choose which Products to Remove)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Avery Wizard 3.1
BlackBerry Desktop Software 5.0
Bonjour
CASIO USB Driver V1.0.8003.1229
Compatibility Pack for the 2007 Office system
Cook'n Recipe Organizer
Copy
CreativeProjects
DesignPro 5.0 Limited Edition
Director
DocProc
doPDF 6.2 printer
FreePDF XP (Remove only)
GdiplusUpgrade
GeoPDF Toolbar
Glary Utilities 2.18.0.786
Google Earth
Google Update Helper
Google Updater
Hollywood FX 5.5 Additional Effects
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
HP Help and Support
HP Photo & Imaging 3.1
HP Photo and Imaging 2.0 - Photosmart Cameras
HP Product Detection
HP Update
hpmdtab
HpSdpAppCoreApp
InstantShare
InterActual Player
InterVideo WinDVD
iPod for Windows 2006-03-23
iTunes
Java 2 Runtime Environment, SE v1.4.2_03
Java Auto Updater
Java™ 6 Update 18
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7
Learn2 Player (Uninstall Only)
Lexmark Printable Web
Lexmark Pro700 Series
Lexmark Toolbar
LG USB Modem driver
Logitech Legacy USB Camera Driver Package
Logitech Webcam Software
Logitech Webcam Software Driver Package
Memorex exPressit Label Design Studio
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 SR-1 Disc 2
Microsoft Office 2000 SR-1 Premium
Microsoft Office Live Meeting 2005 Replay Wrapper
Microsoft Office Live Meeting 2007
Microsoft Office PowerPoint 2003 Template Pack 1
Microsoft Office PowerPoint 2003 Template Pack 2
Microsoft Office PowerPoint 2003 Template Pack 3
Microsoft PhotoDraw 2000
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NASDAQ Quote Toolbar
Norton Internet Security
NVIDIA Drivers
NVIDIA GART Driver
NVIDIA Windows 2000/XP Display Drivers
overland
Palm Desktop
PhotoGallery
Photosmart 140,240,7200,7600,7700,7900 Series
Pinnacle Hollywood FX 5
Pinnacle Hollywood FX for Studio
Pixie registration fix
proDAD Heroglyph 1.0
PSShortcutsP
QFolder
Quick Launch Buttons 5.10 A2
QuickProjects
QuickTime
RecordNow!
RedMon - Redirection Port Monitor
SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
Seagate Manager Installer
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
SkinsHP1
SkinsHP2
Skype™ 4.1
SmartSound Quicktracks Plugin
Sonic Update Manager
SoundMAX
Studio 9
Studio 9 Content CD/DVD
Studio 9.4 Patch
Symantec Technical Support Web Controls
TrayApp
Unload
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
V CAST Music with Rhapsody
Viewpoint Media Player
VZAccess Manager
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Connect
Windows Media Format 11 runtime
Windows XP Service Pack 3
Zone Deluxe Games

==== Event Viewer Messages From Past Week ========

4/9/2010 12:30:48 PM, error: NetBT [4321] - The name "MSHOME :1d" could not be registered on the Interface with IP address 192.168.1.2. The machine with the IP address 192.168.1.3 did not allow the name to be claimed by this machine.
4/14/2010 10:31:58 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PC Tools Security Service service to connect.
4/14/2010 10:31:58 PM, error: Service Control Manager [7000] - The PC Tools Security Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/11/2010 5:09:47 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.
4/10/2010 8:10:26 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the lxeeCATSCustConnectService service to connect.
4/10/2010 8:10:26 AM, error: Service Control Manager [7000] - The lxeeCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

==== End Of File ===========================

#4 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:35 AM

Posted 17 April 2010 - 05:12 PM

Hi,


That is not the log I have requested. What you have posted is a part of another log produced by a totally different tool named DDS and it is not allowed to be posted in the "Am I Infected" area.

You need to download the file I requested in my last post and run it.Tell me if you don't understand something from my instructions.



Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#5 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,011 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:04:35 AM

Posted 17 April 2010 - 10:00 PM

Hello,

I see that you have posted a log here: http://www.bleepingcomputer.com/forums/t/310418/google-redirect-malware-myshovel-searchmeup/ Because you have this log posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users