Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Has Anyone Fixed Google Redirect Virus?


  • This topic is locked This topic is locked
6 replies to this topic

#1 captainsae

captainsae

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:47 AM

Posted 27 July 2011 - 05:08 PM

My XP machine recently got infected with the Google redirect virus. After reading countless forums including this one and malwarebytes it seems that no one can beat this infection at this time. The only hope I see on the net is some company charging 30.00 for this manual called fixredirect which I'm pretty sure is just a scam. I have wasted hours with rkill, mbytes, superantispyware, tdss remover, spybot, adaware, and much more - all useless against this. I have read all of the threads where people have run countless programs and posted countless results just to have guesses made my the experts which have never worked to my knowledge. I guess I'll just have to reinstall windows and keep and external hard drive connected to the computer for all my important files.

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,613 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:47 AM

Posted 27 July 2011 - 08:04 PM

If none of the tools you have used thus far are finding any malicious files or not successful at removal, this issue will require further investigation. Many of the tools we use in this forum are not capable of detecting (repairing/removing) all malware variants so more advanced tools are needed to investigate. Before that can be done you will need you to create and post a DDS log for further investigation.

Please read the "Preparation Guide".
  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 7 there are instructions for downloading and running DDS which will create a Pseudo HJT Report as part of its log.
When you have done that, post your log in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the Malware Response Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day.

Start a new topic, give it a relevant title and post your log along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. An expert will analyze your log and reply with instructions advising you what to fix. After doing this, please reply back here with a link to the new topic so we can closed this one.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 captainsae

captainsae
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:47 AM

Posted 27 July 2011 - 08:58 PM

Thank you for the response and the tons of help you give and have given people over the years! My question has to do with this one particular virus/malware - the google redirect. I just wanted to know if anyone has successfully beaten this thing. I have yet to see a case where anyone has with any tool or advise. So I was trying to decide if it was even worth the time to chase it when about 35% of the new posts here are about the same thing.

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,613 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:47 AM

Posted 28 July 2011 - 06:20 AM

There are various types of malware infections which can cause redirects. The most common we see is related to TDL3/TDL4 (Alurion), the third and fourth generation of the TDSS rootkit. TDSS hides itself on a system by infecting system files/drivers like atapi.sys, a common target because it loads early during the boot process and is difficult to detect. Newer varinats of TDL3 can target a number of other legitimate drivers in the Windows drivers folder while TDL4 generally infects the Master Boot Record (MBR). The latest variants even have a a self-propagation mechanism.

For more specific analysis and explanation of the infection and it's history, please refer to:These are .pdf documents with more comprehensive information.
There are various tools which have been created to deal with this malware (i.e. TDSSKiller, Norman TDSS Cleaner, FixTDSS (Backdoor.Tidserv Removal Tool) by Symantec, BitDefender TDSS/TDL4 Removal Tool). However, the malware writers keep changing TDSS in order to avoid disinfection so sometimes a tool works while other times it may not. Another problem is that many times an infection will download additional malicious files which complicate the removal process so the symptoms and extent of damage will vary. This could include backdoor Trojans, Botnets, and IRCBots all of which are very dangerous because they compromise system integrity by making changes that allow it to be used by the attacker for malicious purposes. They can disable your anti-virus and security tools to prevent detection and removal. Remote attackers use backdoors as a means of accessing and taking control of a computer that bypasses security mechanisms. This type of exploit allows them to steal sensitive information like passwords, personal and financial data which is then sent back to the hacker.

Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:

Whenever a system has been compromised by a backdoor payload, it is impossible to know if or how much the backdoor has been used to affect your system...There are only a few ways to return a compromised system to a confident security configuration. These include:
• Reimaging the system
• Restoring the entire system using a full system backup from before the backdoor infection
• Reformatting and reinstalling the system

Backdoors and What They Mean to You

This is what Jesper M. Johansson at Microsoft TechNet has to say: Help: I Got Hacked. Now What Do I Do?.

The only way to clean a compromised system is to flatten and rebuild. That’s right. If you have a system that has been completely compromised, the only thing you can do is to flatten the system (reformat the system disk) and rebuild it from scratch (reinstall Windows and your applications).


Edited by quietman7, 28 July 2011 - 06:31 AM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 captainsae

captainsae
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:47 AM

Posted 30 July 2011 - 01:59 AM

Wow - thanks for the very informative articles! Everything we do to attempt to rid ourselves of these things is a great learning experience for everyone - so lets do it! What would you like me to do first?

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,613 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:47 AM

Posted 30 July 2011 - 06:09 AM

If you are not going to reformat and reinstall, then follow the instructions in Post #2.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,995 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:09:47 AM

Posted 30 August 2011 - 10:46 PM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/topic416666.html you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users