Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected with google search redirect virus


  • This topic is locked This topic is locked
41 replies to this topic

#1 baldpate523

baldpate523

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Toledo Bend Reservoir
  • Local time:08:47 PM

Posted 17 June 2010 - 08:15 AM

Referred from here: http://www.bleepingcomputer.com/forums/t/325081/google-search-redirect-problem/ ~ OB

A few quick highlights from other topic and here. No access to another computer, infection is blocking posting of GMER and DDS logs. ~ OB

Mayday! It seems I've been infected with a google search redirect virus. My OS is Windows XP home edition. I am currently running Avast, Ad-Aware, and Malwarebytes (all free versions) along with Windows firewall. I use two browsers (IE and Firefox), and while the redirects seem more prevalent in Firefox, I can no longer access Windows Update from either browser. Please help! I am desperate and concerned. Thanks in advance.
I've also tried to post and attach GMER and DDS logs several times to no avail. I am being blocked. Any advice would be a godsend.

Edited by Orange Blossom, 17 June 2010 - 02:49 PM.

Being disintegrated makes me very angry... very angry indeed!

~~~~ Marvin the Martian

BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:47 AM

Posted 21 June 2010 - 03:45 PM

Hi baldpate523,

Welcome to Malware Removal (VTSMR) forum and sorry for the delay. I am going to assist you with your problem.

Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. In case of making changes I shall assume my assistance is not needed any more.

If the issue is not resolved please update me on the current condition of your computer.

#3 baldpate523

baldpate523
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Toledo Bend Reservoir
  • Local time:08:47 PM

Posted 21 June 2010 - 05:35 PM

Thanks for replying, Farbar. I'll be awaiting any advice and instructions you may have.
Being disintegrated makes me very angry... very angry indeed!

~~~~ Marvin the Martian

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:47 AM

Posted 21 June 2010 - 06:00 PM

You are welcome, let's wait for your move to reply to my request.

#5 baldpate523

baldpate523
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Toledo Bend Reservoir
  • Local time:08:47 PM

Posted 21 June 2010 - 06:14 PM

What move are you referring to, Farbar. My infection won't allow me to post GMER and DDs logs. Saturday I was able to post them from a clean computer, but they were posted in the "Am I Infected" forum. You may view them there if you wish. Thanks.
Being disintegrated makes me very angry... very angry indeed!

~~~~ Marvin the Martian

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:47 AM

Posted 21 June 2010 - 06:22 PM

I did not asked any log. I was referring to this:

QUOTE
If the issue is not resolved please update me on the current condition of your computer.

You initial post is from 4 days ego and the initial issue might have changed or resolves or has got more severe. So kindly in short tell me what is the issue you are experiencing right now.


#7 baldpate523

baldpate523
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Toledo Bend Reservoir
  • Local time:08:47 PM

Posted 21 June 2010 - 06:33 PM

Sorry for the confusion. This first started out as a google search redirect problem. I also cannot access windows update from either browser(IE and Firefox). Just recently, AV security suite has loaded on my computer and is blocking my e-mail service. I run windows xp home edition. I am currently running avast, ad-aware, and malwarebytes(all free versions), along with windows firewall. Again, sorry for the confusion and thanks.
Being disintegrated makes me very angry... very angry indeed!

~~~~ Marvin the Martian

#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:47 AM

Posted 21 June 2010 - 06:43 PM

No worries and no need to apologies. I have an idea about what it might be and this first action would fix the posting problem and we can have the logs we need to root out the rest.

We are going to run this special tool.
  • Please download TDSSKiller.exe and save it to your desktop.
  • Run TDSSKiller.exe.
  • When it finished press any key to continue.
  • Let reboot if needed and tell me if it needed a reboot.
  • Also it makes a txt file on the C:\ directory (like TDSSKiller.2.3.2.0_Date_Time_log.txt). Please attach it to your replay.


#9 baldpate523

baldpate523
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Toledo Bend Reservoir
  • Local time:08:47 PM

Posted 21 June 2010 - 06:46 PM

Will do so immediately and get back to you.
Being disintegrated makes me very angry... very angry indeed!

~~~~ Marvin the Martian

#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:47 AM

Posted 21 June 2010 - 06:50 PM

thumbup2.gif

#11 baldpate523

baldpate523
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Toledo Bend Reservoir
  • Local time:08:47 PM

Posted 21 June 2010 - 06:59 PM

Farbar, downloaded the tool you requested. This AV Security Suite thing is blocking the running of the application. My Internet Explorer is also being hijacked to a porn site. All this has happened within the last 30 minutes or so. Any suggestions?

Edited by baldpate523, 21 June 2010 - 07:00 PM.

Being disintegrated makes me very angry... very angry indeed!

~~~~ Marvin the Martian

#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:47 AM

Posted 21 June 2010 - 07:05 PM

You don't have any other computer do you?

Please give full feedback. What do you mean blocking the running application.

#13 baldpate523

baldpate523
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Toledo Bend Reservoir
  • Local time:08:47 PM

Posted 21 June 2010 - 07:16 PM

No, no other computer. The program will run for a second or two, then i get a security warning "Application cannot be executed. The file TDSS.exe is infected. Do you want to start your antivirus now? Yes or No). I also get the same warning with my e-mail service (Outlook Express).
Being disintegrated makes me very angry... very angry indeed!

~~~~ Marvin the Martian

#14 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:47 AM

Posted 21 June 2010 - 07:23 PM

Which browser you are using to download the tool?

If you are using Firefox:

In order to have the option to change the download location run Firefox:
Under Tools menu select Options... under download section check:
    Show the Downloads window when downloading a file.
    Always ask me where to save files.
Click OK

Or use IE. Download the file again, but before saving it to your computer rename it bald.exe and run it.

#15 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:47 AM

Posted 21 June 2010 - 07:28 PM

Please don't miss my previous post.
  1. Please download exeHelper to your desktop.
    • Double-click on exeHelper.com to run the fix.
    • A black window should pop up, press any key to close once the fix is completed.
    • Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan).

  2. Now run the renamed TDSSKiller.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users