Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Google Redirect/Windows Recovery Virus

  • This topic is locked This topic is locked
4 replies to this topic

#1 Hyorish


  • Members
  • 12 posts
  • Local time:05:19 PM

Posted 21 May 2011 - 01:33 AM

Okay, so, like hundreds of other users here, I have unfortunately come into a couple of computer issues. Specifically, as the title indicates, the Google redirect virus (yet again) and the windows xp recovery virus. Here's how it all started;

Around two days ago, I had gotten off of school, was surfing the net, I may or may not have been looking at porn, and suddenly, out of nowhere, a box popped up that said something about my hardrives loosing memory, or that they were in critical condition, and that I needed to reboot my computer ASAP. After trying to ignore the message for about three minutes, I finally decided to reboot the computer, like the pc said, only to find a completely blank, black screen on my desktop with all of my icons gone, once I restarted it. Now take note that beforehand, my desktop was already fully black via the fact that I had not put up a desktop background, since my dad likes to claim that doing so can harm the computer somehow. But anyways, I see this, and, like any other person, I start freaking out (lol.) And then, yet again out of nowhere, a window popped up saying that Windows XP Recovery needed to do some type of scan of some sort. I waited for the scan to finish, and as most viruses seem to do, it stated that there were many things wrong with my computer.

Now given that I have dealt with viruses before in the past, I knew instantly that something was up. So after I rebooted my computer again to be met with the same results, since I was kind of in denial that this was happening to me (a.k.a wigging out,) I ran my computer into safe mode with networking and decided to download malwarebytes onto my computer, since it helped me before when I had another type of virus, I can't remember the exact name at the moment though. The reason why malwarebytes wasn't on my computer at the time of being infected is because, upon getting on my computer, my dad deleted it and installed Norton instead, since my deal with McAfee had run its course. Anyways, I did the whole "full scan" thing numerous times, malwarebytes found some things, and then I deleted and quarantined them, as you're apparently supposed to do. After this, I realized that I had, yet again, caught the google redirect virus via the fact that I had gotten the windows recovery xp virus. Last time I had the said virus, I had to download the tdsskiller and have it scan my computer so that I could safely use my search engines again.

This is where the real problem starts. Upon downloading the tdsskiller and thinking that everything was going to be fine, I was shocked to discover that I was unable to open the application. I tried to download it again and again, and also rename it as a ".com" ending, but it did not work. After that, I tried to work with some other programs reccomended in an article by Donna Buenaventura of brighthub.com, specifically;

Win32/Olmarik, which didn't work via the fact that it "couldn't find the program" or the driver it was looking for.

TDSSKiller, which was discussed above.

Blacklight by F-Secure, which didn't find anything wrong with my pc at all.

And also the ESET Online Scanner, which found ten infected files that were all connected to Java, which I un-installed after which. After this, I thought that things would potentially be fine, but as it turns out, since I am obviously here, I still have the google redirect virus. I also still seem to have the windows xp recovery virus since, even though I can now see all of my icons on my desktop and access my task manager, the "windows xp recovery" icon is still on my desktop and in my computer. And given that I am quite a delusional person, who thinks the worst, I am afraid to click "uninstall," since I fear that it may give me another virus. Also, when I go into "my programs" and click over on certain programs, like "games" or "Photoscape," it states that the area is "empty."

Overall, I need a lot of help. I apologize if I rambled too much, but I tried to go through every bit of information that I could give. I will wait as long as needed to be answered. :)

Edit: Oh yeah, I forgot to mention that after I un-installed Java, my pc randomly restarted itself twice in a row. It's been fine for a bit now, about two hours, but I thought that was note worthy. And I believe I am using Windows XP Home. Also, I have ran unhide.exe.

Edited by Andrew, 21 May 2011 - 04:11 AM.
Mod Edit: Moved From XP to AII - AA

BC AdBot (Login to Remove)


#2 Hyorish

  • Topic Starter

  • Members
  • 12 posts
  • Local time:05:19 PM

Posted 01 June 2011 - 11:29 AM

I am very sorry for having to do this in another post, but I can't edit my topic, and I made a mistake with it;

I am using Windows XP Professional, not Home. Yet again, I apologize for bumping this up like this.

#3 Blade


    Strong in the Bleepforce

  • Site Admin
  • 12,744 posts
  • Gender:Male
  • Location:US
  • Local time:05:19 PM

Posted 01 June 2011 - 08:41 PM


Unfortunately the variant of infection you have isn't one that can be addressed without advanced tools.

Let's get you set up in the proper place.

It appears that the issues on your system will require a more in-depth examination than can be performed in this forum. Please read the information in this guide, and follow all the steps beginning with step 6. After you have followed the steps in that guide, I would like you to start a new thread HERE and include a link to this thread.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient. The MRT is very busy, so it could be several days (3-5 days is the average wait right now) before you receive a reply. But rest assured, help is on the way!


If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!

#4 Hyorish

  • Topic Starter

  • Members
  • 12 posts
  • Local time:05:19 PM

Posted 02 June 2011 - 01:04 AM

Okay, everything has been completed, and I was able to do all of the steps. Thank you very much for your help Blade, I highly, highly appreciate this. :)

#5 Andrew


    Bleepin' Night Watchman

  • Moderator
  • 8,260 posts
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:02:19 PM

Posted 02 June 2011 - 01:35 PM

Now that your log is properly posted here, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the logs you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another Malware Removal Team member is already assisting you and not open the thread to respond.

To avoid confusion, I am closing this topic.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users