Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirct virus will not go


  • Please log in to reply
4 replies to this topic

#1 bluesman1955

bluesman1955

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:13 PM

Posted 15 September 2010 - 09:46 AM

I have a redirect virus affecting google and Yahoo searches,with the same results as crowler posted.I have downloaded and run the superantispyware program (portable scanner is the only one I could download) in safemode;and it found and quarantined 289 trojans,cookies etc.I thought this was the end of my grief,but after searching on google again I find I still have the same problem.This is my first post:could someone please help me get rid of this problem.

BC AdBot (Login to Remove)

 


#2 bluesman1955

bluesman1955
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:13 PM

Posted 17 September 2010 - 02:53 AM

further to me first post I am also getting pages pop up randomly perporting to find and fix "backdoor" problems,these are "auto protect" and Windows defender:I do not know if these are genuine.After reading the advice guide I ran DDS and GMER and will share these if instructed.Please help,

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,961 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:13 PM

Posted 17 September 2010 - 06:04 AM

Please perform a scan with Malwarebytes Anti-Malware and follow these instructions for doing a Quick Scan in normal mode.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
-- If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

-- Some types of malware will target Malwarebytes Anti-Malware and other security tools to keep them from running properly. If that's the case, please refer to the suggestions provided in For those having trouble running Malwarebytes Anti-Malware as you may need to rename it or use RKill by Grinler.

Please follow these instructions: How to remove Google Redirects or the TDSS, TDL3, Alureon rootkit using TDSSKiller
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • When the program opens, click the Start Scan button.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure is selected, then click Continue > Reboot now to finish the cleaning process. <- Important!!
    Note: If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
-- For any files detected as 'Suspicious' (except those identified as Forged to be cured after reboot) get a second opinion by submitting to Jotti's virusscan or VirusTotal. In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.i]
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 bluesman1955

bluesman1955
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:13 PM

Posted 20 September 2010 - 03:22 AM

Hi. I have run Mamb and tdsskiller. Both programmes fail to detect any malware.I still have the same problems.Please help.

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,961 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:13 PM

Posted 20 September 2010 - 06:24 AM

Please download bootkit_remover.rar and save it to your Desktop. <-Important!!!

In order to use this tool, you will need to extract the remover.exe file using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.
  • Right-click on the bootkit_remover.rar file and select "extract/unzip here".
  • This will create two readme files and a file named remover.exe on your desktop.
  • Double-click on remover.exe.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • A command window will open with a black screen and some data on it.
  • Right-click on the screen and choose Select All.
  • The screen will turn white. Press CTRL+C to copy the data on that screen.
  • Open Notepad and press CTRL+V, or click on the Edit tab and choose Paste.
  • Copy and paste the output from Notepad in your next reply.
  • Clcik on the black screen and Press any key on the keyboard to exit.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users