I understand this is my first post. I have been monitoring several other peoples' posts over the past several months on certain topics (including the Windows XP Internet Security 2011 fraud issue, which I correctly resolved through your collective genius! I don't know if I completely fixed that problem, however, because for some reason, I can't seem to find Windows Media Player anymore, nor the standard Windows Calculator...although I don't care about either of them because I have better substitutes.) I only wish to know what to do now about this Google redirect problem. I am not exactly sure HOW it happened, but I do recall my McAfee Site Advisor asking about downloading a certain file called "realupgrade.exe" from the application Read Upgrade Launcher. I did several Google searches about the file name and I saw that some people had an issue with it but I want to get the advice straight from you guys.
I have the following anti-virus programs: McAfee (although it is expired...it only runs Site Advisor now...however, programs like ESET Scanner still RECOGNIZE it), Malwarebytes, and RegistryBooster (registry repair program).
My OS is Windows XP (I have up to Service Pack 3).
I tried the following:
Downloaded the new Java executable file from Java's website, per BC's instructions: jre-6u26-windows-i586
Remove ALL old Java applications (including Java Runtime Environment, JRE, J2SE, or Java 6).
Rebooted my computer.
Ran the .exe file to install.
Ran Java from Control Panel.
General Tab, Temp. Internet Files, Settings, Delete files. Keep both boxes checked (applets and applications)
Ran ESET Online Scanner (installed and started program).
UNCHECKED the box marked "Remove found threats".
Performed a full scan.
I have the results of the log here:
C:\Documents and Settings\Jason\Application Data\Uniblue\RegistryBooster\_temp\ub.exe Win32/RegistryBooster application
C:\Documents and Settings\Jason\Local Settings\Temp\jar_cache1335299863463428658.tmp a variant of Win32/Kryptik.OKK trojan
C:\Documents and Settings\Jason\Local Settings\Temp\jar_cache7521198159183788726.tmp a variant of Win32/Kryptik.OKK trojan
C:\Documents and Settings\Jason\Local Settings\Temp\VLCHFlxb.exe.part a variant of Win32/Adware.HotBar.H application
C:\Documents and Settings\Jason\Local Settings\Temporary Internet Files\Content.IE5\2CNCYX99\index-functions.js Win32/RegistryBooster application
C:\Documents and Settings\Jason\My Documents\Downloads\eMuleSetup.exe a variant of Win32/Adware.HotBar.H application
C:\Documents and Settings\Jason\My Documents\Downloads\registrybooster(2).exe Win32/RegistryBooster application
C:\Documents and Settings\Jason\My Documents\Downloads\registrybooster.exe a variant of Win32/RegistryBooster application
C:\Program Files\Uniblue\RegistryBooster\Launcher.exe Win32/RegistryBooster application
C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe Win32/RegistryBooster application
C:\Program Files\Uniblue\RegistryBooster\rbnotifier.exe Win32/RegistryBooster application
C:\Program Files\Uniblue\RegistryBooster\rb_move_serial.exe Win32/RegistryBooster application
C:\Program Files\Uniblue\RegistryBooster\rb_ubm.exe Win32/RegistryBooster application
C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe Win32/RegistryBooster application
Operating memory Win32/RegistryBooster application
I then ran a Malwarebytes scan after the ESET Scanner. I actually am still waiting for the results of the Malwarebytes scan. I will be editing this post as the information from that post becomes available. I have not yet taken ANY action from the programs' found threats. What should I do here?
Edited by hamluis, 11 June 2011 - 10:40 AM.
No logs, moved from MRL to AII.