Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect Virus Has Attacked Me!


  • This topic is locked This topic is locked
2 replies to this topic

#1 Bianca87

Bianca87

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:14 AM

Posted 31 January 2011 - 05:25 AM

Hi I am quite a novice when it comes to computers and I have somehow managed to get the "google redirect virus".

I have read through quite a few forums and would really appreciate any help that anyone can offer me.

When I was first infected I was only using the internet explorer browser, most redirections are directed to false security sites which come up with a screen that mimics windows security. Since I have been infected I have downloaded google chrome and I am currently using that without hassles. Although chrome is not infected and I am happy to continue to use chrome, the fact I have a virus is troubling me and I would really appreciate being able to be rid of it.

I have tried numerous ways to get rid of this, I have heard warnings about using combofix without being a professional so i have steered clear from that at the moment as I am untrained.

I have looked in my hosts file which appears clean, I have looked at my non plug and play drivers in device manager which also appears clean.

I have tried Rkill, Hitmanpro, TDSSkiller, CCleaner and Malwarebytes Antimalware, these provided some threats which I have removed but the redirect virus still persists.

I unchecked the proxy server box in internet explorer but as I am using windows 7 I am unable to find my "network connections" to look at my dns settings.

Please Help I really would appreciate it, it's driving me mad.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:14 AM

Posted 31 January 2011 - 10:19 AM

Hello, I am moving this down one forum to the Am I Infected forum.

let's just do these and see.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,963 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:03:14 AM

Posted 02 February 2011 - 03:46 PM

Duplicate topic closed.

Other topic here: http://www.bleepingcomputer.com/forums/topic376760.html

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users