Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect


  • This topic is locked This topic is locked
8 replies to this topic

#1 cuerock

cuerock

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:14 AM

Posted 26 December 2010 - 03:58 PM

Hello,

I am new to the site. I am a intermediate PC user but I seem to some how got the infamous google redirect. I need assistance in removing it. I have ran MWB, Spybot, Microsoft essentials, SUPER antispyware, combofix... and nothing has worked yet. .... Very frustrating... please help. Thanks a million.

I just ran another MWB scan and here is the MWB logs

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5399

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/26/2010 3:56:23 PM
mbam-log-2010-12-26 (15-56-23).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Objects scanned: 184837
Time elapsed: 32 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\user\application data\Sun\Java\deployment\cache\6.0\58\1f648e7a-3443dbbb (Trojan.Agent) -> Quarantined and deleted successfully.

BC AdBot (Login to Remove)

 


#2 cuerock

cuerock
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:14 AM

Posted 26 December 2010 - 04:18 PM

Thanks to budapest for posting this in a previous post... this seems to have fixed my problem.

Posted 08 December 2010 - 06:06 PM
Try this:

http://www.bleepingcomputer.com/virus-removal/remove-tdss-tdl3-alureon-rootkit-using-tdsskiller



#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:14 AM

Posted 26 December 2010 - 07:52 PM

Hello, if that application found a rootkit you should change all your passwords as they are gone.

You should also do an Online scan.
Please perform a scan with Eset Online Antiivirus Scanner.
This scan requires Internet Explorer to work. Vista/Windows 7 users need to run Internet Explorer as Administrator.
To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu.
  • Click the green Posted Image button.
  • Read the End User License Agreement and check the box:
  • Check Posted Image.
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Check Remove found threats and Scan potentially unwanted applications. (If given the option, choose "Quarantine" instead of delete.)
  • Click the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer.
  • If offered the option to get information or buy software at any point, just close the window.
  • The scan will take a while so be patient and do NOT use the computer while the scan is running. Keep all other programs and windows closed.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop as ESETScan.txt.
  • Push the Posted Image button, then Finish.
  • Copy and paste the contents of ESETScan.txt in your next reply.
Note: A log.txt file will also be created and automatically saved in the C:\Program Files\EsetOnlineScanner\ folder.
If you did not save the ESETScan log, click Posted Image > Run..., then type or copy and paste everything in the code box below into the Open dialogue box:

C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Click Ok and the scan results will open in Notepad.
  • Copy and paste the contents of log.txt in your next reply.
-- Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.

NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 cuerock

cuerock
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:14 AM

Posted 26 December 2010 - 10:21 PM

Hello,

Thanks for the reply. Just a few quick Q's before I do whatyou suggested.

1. What passwords would "be gone", please elaborate.

2. I never ever, ever use IE. I only use FF and Chrome. Should I still run that scan?

Thanks again.

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:14 AM

Posted 26 December 2010 - 10:32 PM

.Actually it probably took all passwords,but these in particular. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.


I don't understand what not using IE has to do with the fact that you already contracted a TDDS rootkit infection using what you do.
I wanted to see if there is more infection.


What danger is presented by rootkits?
Rootkits and how to combat them
r00tkit Analysis: What Is A Rootkit
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 cuerock

cuerock
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:14 AM

Posted 26 December 2010 - 10:42 PM

I do no financial banking on my PC other than paypal. I have not logged into it for a week and got this malware yesterday. I also never save passwords and clean out cookies daily. I doubt that someone would want my facebook or myspace passwords.... Reason I asked about IE was it says "This scan requires Internet Explorer to work."

Ill run the scan and post the results.. thanks again.

#7 cuerock

cuerock
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:14 AM

Posted 26 December 2010 - 11:46 PM

it didnt give me an option to see log, and start > run >C:\Program Files\ESET\EsetOnlineScanner\log.txt> wont produce anything.

It did not find anything during its search though.

If you have anymore programs that are useful feel free to post and I will run those as well.
Thanks again.

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:14 AM

Posted 27 December 2010 - 07:52 PM

Hi, not showing here and after all these tools we will need a deeper look to find it.

Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
Skip the GMER step and instead post the combofix log you have.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,993 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:08:14 AM

Posted 29 December 2010 - 11:14 PM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/topic370019.html you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users