Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect Virus


  • Please log in to reply
1 reply to this topic

#1 seabrizzle

seabrizzle

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:29 AM

Posted 27 May 2011 - 10:59 PM

Hello, I am having an issue with an infection of some sort redirecting my google search results. Any given site will pull me to strange alternate search engines. I'll google "jello" for example and end up looking at a lycos search result for local restaurants. I have looked around and most people having similar problems have had intricate and dangerous viral infections. Most of those people seem to have been directed to use combofix, but I also see many warnings to not use CF unless you understand it.

OS is XP Home. I tried running MBAM and it found nothing. However, my browser is still being hijacked. Next attempt to run MBAM resulted in a bluescreen. I ran GMER and got this.

GMER 1.0.15.15627 - http://www.gmer.net
Rootkit scan 2011-05-27 22:42:53
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort0 WDC_WD800BB-55JKC0 rev.05.01C05
Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\fgldqpod.sys


---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8710360, 0x32E00D, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[1080] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00DD000A
.text C:\WINDOWS\System32\svchost.exe[1080] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00DE000A
.text C:\WINDOWS\System32\svchost.exe[1080] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0082000C
.text C:\WINDOWS\System32\svchost.exe[1080] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 01D7000A
.text C:\WINDOWS\System32\svchost.exe[1080] USER32.dll!WindowFromPoint 7E429766 5 Bytes JMP 01D8000A
.text C:\WINDOWS\System32\svchost.exe[1080] USER32.dll!GetForegroundWindow 7E429823 5 Bytes JMP 01D9000A
.text C:\WINDOWS\System32\svchost.exe[1080] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 00FE000A
.text C:\WINDOWS\Explorer.EXE[1760] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0179000A
.text C:\WINDOWS\Explorer.EXE[1760] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 017A000A
.text C:\WINDOWS\Explorer.EXE[1760] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 016E000C

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8A92631B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T0L0-3 8A92631B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8A92631B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-e 8A92631B

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- EOF - GMER 1.0.15 ----

Let me know if you have any suggestions, thanks.

Edited by seabrizzle, 28 May 2011 - 05:44 PM.
Moved from XP to Am I Infected.


BC AdBot (Login to Remove)

 


#2 seabrizzle

seabrizzle
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:29 AM

Posted 30 May 2011 - 10:16 AM

Issue resolved, please disregard, thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users