Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Google RedirectVirus


  • This topic is locked This topic is locked
9 replies to this topic

#1 beebcee

beebcee

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:54 PM

Posted 18 June 2010 - 12:55 AM

When I am in my web browser, it sometimes redirects me without prompting. It also does not go to where I want it to go when I click a link.

The dds logs did not come up after the black screen came up. I tried it several times.

The other ark.txt is attached.

I appreciate any help you can give me! Thanks in advance.

Attached Files

  • Attached File  ark.txt   1.01KB   7 downloads


BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,706 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:54 AM

Posted 23 June 2010 - 06:30 PM

Hi beebcee,

Welcome to Malware Removal (VTSMR) forum. I am going to assist you with your problem.

Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. In case of making changes I shall assume my assistance is not needed any more.

If the issue is not resolved please update me on the current condition of your computer.

#3 beebcee

beebcee
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:54 PM

Posted 23 June 2010 - 08:42 PM

Thank you so much for getting back to me. I know you are a volunteer so I do appreciate your time. Unfortunately, I was so hard pressed to fix it, that I waited as long as I could and had to take action. I did this fix and I haven't had a problem since.

http://www.geekstogo.com/forum/How-to-fix-...ts-t267407.html

I also re-ran the gmer afterward and C:\WINDOWS\system32\drivers\atapi.sys was no longer there.

I realize it's risky to just start pulling stuff off of the internet and trying whatever is out there in desperation. I took full responsibility for what could have happened to my computer since it was my stupidity for letting the anti-virus subscription lapse in the first place. It's a 5 year old laptop, everything was backed up, and perhaps in the back of my mind I could have let it go. (Although now that it's fixed, I think it's still a pretty good workhorse!). I think I got lucky with my fix.

Anyway, I've attached the new text file and the dds still would not run. If you have time, I'd appreciate your feedback on if my situation is ok. Otherwise, I thank you for getting back to me.

Bernadette.

Attached Files

  • Attached File  ark.txt   789bytes   4 downloads


#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,706 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:54 AM

Posted 24 June 2010 - 01:07 AM

Thanks for letting me know the issue is resolved. Indeed GMER doesn't show the presence of rootkit any more.

If you still want me to check you computer please do the following:

Please download OTL by OldTimer.
  • Save it to your desktop.
  • Double click on the OTL icon on your desktop.
  • Check the "Scan All Users" checkbox.
  • Check the "Standard Output".
  • Click Run Scan button.
  • Two reports will open, copy and paste them to your reply:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized



#5 beebcee

beebcee
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:54 PM

Posted 24 June 2010 - 05:07 AM

Thank you! I have attached the files.

Attached Files



#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,706 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:54 AM

Posted 24 June 2010 - 06:41 AM

Just some cleaning and making sure nothing is left in the registry.
  1. Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
    Download JavaRa from Javara for Java update or directly from here.
    Use the tool to remove old and redundant versions of the Java Runtime Environment. The latest version is Java 6 update 20. Please uninstall any version remaining versions if the tool could not uninstall them, they are:

    Java™ 6 Update 17
    J2SE Runtime Environment 5.0 Update 3
    J2SE Runtime Environment 5.0 Update 4
    J2SE Runtime Environment 5.0 Update 6
    J2SE Runtime Environment 5.0 Update 9
    J2SE Runtime Environment 5.0 Update 10
    J2SE Runtime Environment 5.0 Update 11
    Java™ SE Runtime Environment 6 Update 1
    Java™ 6 Update 2
    Java™ 6 Update 3
    Java™ 6 Update 7


  2. This small application you may want to keep and use to keep the computer clean.
    Download CCleaner from here http://www.ccleaner.com/
    • Run the installer to install the application.
    • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
    • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
    • Click Run Cleaner.
    • Close CCleaner.

  3. Please download Malwarebytes' Anti-Malware from one of these locations:
    malwarebytes.org
    majorgeeks.com
    • Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the MBAM log.

    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


#7 beebcee

beebcee
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:54 PM

Posted 24 June 2010 - 07:48 AM

Thanks! I did everything you asked and have attached the logs here. I ran the JavaRa a few times because it kept saying that it encountered an error when looking for older versions.

As I was rebooting, my StopZilla (which I decided to get refunded since it could not fix my google redirect virus) blocked a GASF trojan. I thought it peculiar that it all of a sudden found it while i was doing these things, but maybe it's a coincidence.

Is there an anti-virus that you recommend or do you just suggest using these cleaner tools periodically?

THANKS!

Attached Files



#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,706 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:54 AM

Posted 24 June 2010 - 08:22 AM

It looks good. thumbup2.gif
  1. You may delete any tool or log we used from your computer.

  2. First Set a New Restore Point then Remove the Old Restore Points to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

    To set a new restore point:
    • Go to Start > Programs > Accessories > System Tools and click "System Restore".
    • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next".
    • Give the Restore Point a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.

    To remove the old restore points:
    • Go to Start > Run then type: Cleanmgr in the box and click "OK".
    • You get a window to select the drive to clean, the default is already set to (C:) drive. Click OK.
    • Click the "More Options" Tab.
    • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
    • Click OK and Yes.

Recommendations:
  1. You need to have an antivirus program beside Malwarebytes' Anti-Malware.
    There are good paid antiviruses and at the moment Kaspersky and ESET are the best. After them BitDefender is also a good antivirus.
    Among the free antiviruses I recommend this one:

    Avira
    • You can download the installer from softpedia.com link as it has a secure download mirror. Install and update it.
    • After updating is good to scan the whole system once.

  2. I recommend using Site Advisor for safe surfing. It is a free extension both for Internet Explorer and Firefox. When you search a site it gives you an indication of how safe a site is.

  3. I recommend installing this small application for safe surfing: Javacoolsİ SpywareBlaster
    SpywareBlaster will add a large list of programs and sites into your Internet Explorer and Firefox settings and that will protect you from running and downloading known malicious programs.
    • Download and install it.
    • Update it manually by clicking on Updates in the left pane and then Check for Updates.
    • Then enable all the protections by clicking on Protection Status on the left pane. Then click on Enable All Protection.
    • The free version doesn't have an automatic update. Update it once in two or three weeks and enable all protection again.

Happy Surfing beebcee. smile.gif


#9 beebcee

beebcee
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:54 PM

Posted 24 June 2010 - 08:45 AM

1. Done!
2. Done!

Recommendations

1. Done!
2. Done!
3. Done!

I can't thank you enough smile.gif

B.

#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,706 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:54 AM

Posted 24 June 2010 - 08:46 AM

You are most welcome. smile.gif

This thread will now be closed since the issue seems to be resolved.

If you need this topic reopened, please send me a PM and I will reopen it for you.

If you should have a new issue, please start a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users