Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirect infection - New symptoms & solution?


  • Please log in to reply
No replies to this topic

#1 DaveSt

DaveSt

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 21 April 2011 - 04:19 PM

Like many others here, I have suffered from the Google redirect type of infection. However, some of the symptoms I have not seen mentioned before, so I wanted to add there here for others to see and comment on. Also how I think I have cleaned my machine.

Firstly, the symptoms, aside from the obvious redirections. I was using my PC this morning and suddenly it rebooted without warning. Immediately after the Windows splash, the machine flashed the dreaded blue screen and tried to boot again. Initially I could go no further. Logging the boot, showed it got as far as something called mup.sys before stopping. My first thought was hardware problem. My machine has two hard drives. One for the usual stuff and the second for backups. I disconnected the second drive and the machine booted. Hardware problem I thought again. I even wasted time with a replacement PSU. Reconnecting the second HD took me back to the boot failure.

At this point I looked in the disk management console (Control Panel/Administrative Tools/Computer Management/Disk Management) and my C drive was missing. Very odd. Looking in Device Manager under Disk drives, it was not there either. Of course the C drive existed - Windows booted from it and it was in My Computer. This is the symptom I have not seen mentioned elsewhere.

It was only after the above missing drive that the Google redirection started happening and I knew there was a malware problem, although I did not know it was connected to the disappearing drive issue at that point. So I then started the fruitless task of trying different AV software, without success. I have McAfee as my regular scanner. One important thing, Kaspersky tdsskiller would crash when it initialised at 80%. Malware Bytes found a few things, but I think they were not related to the real infection.

The breakthrough for me came with running the Recovery Console from the Win XP install disk. After logging onto the Windows installation, I first ran the fixmbr command. Then the fixboot command. Fixboot said the disk had a non standard partition table and there was a risk of losing all data if I proceeded. After a few prayers I typed y and enter and it did its job. Next, exit the recovery console and reboot. The first thing that happened when Windows restarted was the Found New hardware wizard started and my hard drive magically reappeared. I next ran Malwarebytes again and it found nothing. Now tdsskiller runs and also finds nothing.

It has not been too long since I completed this, so I am hoping my machine stays clean. I guess the disappearing drive in the management console maybe something the malware does to hide from the world. I did see the reports about malware incompatibility with one of MS's patches, but that was a long time ago and my machine only had problems with 2 hard drives connected.

I hope this information is of help to others and would welcome comments from the people here that know far more about this stuff than me. Even if it is to say my solution sucks and is doomed to failure!

Edited by Budapest, 21 April 2011 - 05:32 PM.
Moved from Virus, Trojan, Spyware, and Malware Removal Logs ~Budapest


BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users