Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect Virus


  • Please log in to reply
No replies to this topic

#1 calmender

calmender

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:42 PM

Posted 25 October 2010 - 03:42 AM

Hello,

More than a week ago I got the FAKE NORTON security warning while doing Google search. I knew it was bogus & immediately closed browser & ran a Norton scan. The report said that an intrusion attempt was blocked. For several days after that, I could not get the browser to open any web pages, even though a good connection was present. The Internet Explorer 8 browser must be corrupted & no longer has a toolbar, Favorites buttons are visible but non-functioning. I have been using the laptop to download files to run to try to correct the problem. After running Microsoft for Malicious software, the browser worked (still no toolbar) for a short time, but reverted back to the white screen while unsuccessfully trying to open my homepage.

I thought that I posted in this forum several days ago, but can't find it now.

I cannot access my Internet Options by right clicking on the IE ICON nor from the icon in the Control Panel. Since there is no toolbar on my browser, I cannot access it from there either. I tried the right click on a blank portion of the browser to see if I could get anything with no success. I found a run command on the internet that got it to open (%systemroot%\ServicePackFiles\i386\inetcpl.cpl) The LAN proxy boxes were NOT checked, so I proceeded with the Uninstall instructions.

Today I followed the REMOVE Antivirus IS instructions. Ran Malwarebytes (Had done this last week & removed all files that it had found at that time) & no infected fileswere found today.

I typed rkill.com in my address bar, but the site that came up looked bogus & said that the domain was for sale & had nothing on it except ads, so back to the laptop I went & clicked on the link in the instructions to download this program & transferred it to the Pc VIA FLASH DRIVE. Again, no infected files found.

Installed & ran TDSSKiller--no infected files found.

I found 2 of the registry files that were listed at the end of the instructions & deleted them The PHISHING FILTER ENABLED (0) & "PROXYOVERRIDE"

There were two files that were questionable HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings"ProxyEnable "1"

I have a file that exactly matches this one, but the value is "0" so I did NOT delete it.

I also found HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings"ProxyServer" but it did NOT have "http=127.0.0.1:27811 after it, so I did NOT delete it.

I can still get my home page to open, & move to a page or two, but I cannot download from Microsoft, the rkill download attempt failed to get me where I wanted to go, my IE8 toolbar is gone, cannot access Internet Options as stated above.

Things that happened before last week were warnings that I had no RAM & Google autopopulate could not work due to lack of memory.

The affected computer is an HP, running Windows XP Home SP3, Internet Explorer 8 (Although Firefox, Netscape, Google Chrome get the same results when I try to access with them)Internet connection via Belkin 54 Router with Linksys USB Adapter.

The computer seems to function fine with non-internet programs.

Norton 360 4.0 scans find tracking cookies & intrusion sttempts, network connection problems. I can try to provide the list if needed.

I welcome any help. Thanks

BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users