About a week ago I ended up with a nasty virus that was along the lines of "Antivirus Suite" though I'm not sure which version it was, exactly. I know I got it browsing the web while researching laptops, though I have no idea which site was the culprit as they all seemed reputable.
I used a bunch of anti-spyware apps with no luck for days, and it seems as though one of the recent updates to Malwarebytes seems to have removed it as of yesterday, as it finally isn't loading with Windows. Unfortunately, my Google and Yahoo results are still getting hijacked in Firefox (IE seems to be OK). It doesn't happen with all results, but many, when clicked, bring me to seemingly very random sites. For example, going through a page or two of results I was just redirected to articles or shopping searches on:
-outdoorlife.com
-marthastewart.com
-parenting.com
-monstermarketplace.com
-comparedby.us
There have been many others so it's by no means restricted to those sites. I've scanned with AVG, malwarebytes, spybot s&d, superantispyware, ad-aware and sophos anti-rootkit. None have gotten rid of it. My system specs are as follows:
Windows XP SP3
Firefox 3.6.7
AMD Athlon X2
2 gigs RAM
300 gig HD with about 22 gigs free
Nvida geforce 7900gt
DSL with wireless connection
AVG and Spybot tea timer always on
Per the preparation guide for this forum I've pasted the DDS report below and attached the attach.txt file. I was not, however, able to successfully run the GMER utility. I tried three times and all resulted in crashes that required a hard system restart. Thank you in advance for any help you're able to offer me. In the past I've always been able to find solutions online when I've run into the occasional malware, but as most anything I find for "google redirection" seems to simply say to run malwarebytes or some other anti-spyware program in safe mode, I'm in need of a little more expertise. If there is any other info that I can provide that will help please let me know. Thanks again! DDS report below:
DDS (Ver_10-03-17.01) - NTFSx86
Run by Jeff at 15:46:35.59 on Wed 07/21/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1033 [GMT -4:00]
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG9\avgemc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\MDM.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Jeff\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://my.yahoo.com/
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5643
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} -
Add in a bit more log from another partial. ~ OB
Attached Files
Edited by Orange Blossom, 21 July 2010 - 09:15 PM.