Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect Virus - But not as bad?


  • This topic is locked This topic is locked
3 replies to this topic

#1 Whimsicott

Whimsicott

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:50 PM

Posted 16 May 2011 - 08:04 AM

Well, seems like I've contracted the infamous "Google Redirect Virus". I am using Windows XP with SP3.

It all started one night when I noticed a "rundll32.exe" process running when it wasn't supposed to. So, I just ignored it. Then the next night, right before heading off to bed, a Google search result of mine got redirected. I clicked the stop loading button before the page came up, but as soon as that happened my adobe updater popped up with an update, then seconds later Symantec Endpoint Protection came up with a message saying it detected "Trojan.Pidief". It didn't give me the type, just that name. So, I deleted the update and installed the real update for Adobe Reader. After I deleted the update, it said that the threat was erased, but it came back after restarting. Now I noticed that antivirus-related google search results are being redirected on occasion, and it's bugging me. I tried Malwarebytes at first and it erased a few trojans, but two seemed to remain after a Symantec update: Trojan.Pidief, and Bloodhound.MalPE. Seems like they were residing in the system restore files according to Symantec.

So, I disabled System Restore and restarted to purge the files, supposedly deleting them. Also, I reformatted my flash drive but no avail. TDSS killer found nothing and GMER found inert rootkit data. I am afraid to try Combofix.

Either way, my symptoms aren't nearly as bad as other cases. I've had no random music, no pop-ups, no slow computer, and no constant redirects. Just the occasional antivirus-related ones. So, any ideas?
Oh, and I noticed that the :google search suggestions" menu doesn't show up under the search box much anymore.
Also, I can post any logs you need when I arrive home from school.

- Thank you

Edited by Whimsicott, 16 May 2011 - 10:55 AM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:50 AM

Posted 19 May 2011 - 10:39 AM

Hello If GMER has a rootkit,we need to remove that.

Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
Include the GMER log you have.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Whimsicott

Whimsicott
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:50 PM

Posted 19 May 2011 - 10:53 AM

The logs went very well! :D

Here's a link to the new topic:

http://www.bleepingcomputer.com/forums/topic398277.html

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:50 AM

Posted 19 May 2011 - 02:55 PM

Ok, thanks ,it will be a few days until they are reviewed and replied to.

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.

To avoid confusion, I am closing this topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users