Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My PC has the Google Redirect Virus


  • Please log in to reply
7 replies to this topic

#1 geoxena

geoxena

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:14 AM

Posted 06 August 2011 - 02:37 PM

Hello all,
I am new to this forum and hope someone can help me. It seems that my computer is infected with a Google redirect virus. I have tried several programs to find and fix the problem:

TDSSKiller from Kaspersky said it didn't find anything, and TrojanRemover didn't either. Malwarebytes Anti-malware said it didn't find anything during a scan, but then gave me a message when a redirect happened that it prevented the outgoing traffic of malware (?). I also used FixTDSS.exe from Symentec, which seems to have changed things a little bit. it found quite a lot of things on my system, and now the redirects don't happen every time, but they are still happening.

I use FireFox. This is a Dell Dimension E510, running XP.

About when this started happening, my printer also started acting up - wondering if this virus can affect printer drivers or software, too?

I do have HijackThis, should I post a log here? Please let me know what to do next - thanks!
geoxena

Edited by geoxena, 06 August 2011 - 02:38 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,906 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:14 AM

Posted 06 August 2011 - 03:12 PM

Hello ,lets do this next.. we cannot post the HJT logs here. Is your MBam the paid version?
Are you on a router? Are other machines on it,if so are they redirecting?


Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

>>>
If using FireFox it may be the Add ons/Plugins. try disabling them one at a time and see which one was at fault.

How to disable extensions and plugins

Keeping your third-party plugins up to date

Are you still redirecting??

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 geoxena

geoxena
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:14 AM

Posted 06 August 2011 - 03:17 PM

Yes, I'm on a Linksys router, but it's only been happening over the past few weeks. I do have other machines but they do not connect to the internet.

I have the trial version of MBAM.

Which identifying info should I edit out of the results of MiniToolBox before posting here? I shouldn't have my IP address out there or other things, right?

Edited by geoxena, 06 August 2011 - 03:37 PM.


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,906 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:14 AM

Posted 06 August 2011 - 07:39 PM

It should be safe If you are concerned send it to me via a PM. Click the Left side blue box under my avatar,

Edited by boopme, 07 August 2011 - 09:32 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 geoxena

geoxena
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:14 AM

Posted 07 August 2011 - 08:22 PM

It should be safe If you are concerned send it to Mame via a PM. Click the Left side blue box under my avatar,

Okay, I just PM'd you. Thx.

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,906 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:14 AM

Posted 07 August 2011 - 09:46 PM

Ok,thanks .. Its possible your roter is infected.

Your router is hijacked by trojan DNS-hijacker.

  • Please read this: Malware Silently Alters Wireless Router Settings

  • Then reset your router to it's factory default settings:

    "If your machine has been infected by one of these Zlob/DNSchanger Trojans, and your router settings have been altered, I would strongly recommend that you reset the router to its default configuration. Usually, this can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds)"


  • This is the difficult part.
    First get to the routers server. To do that open Internet Explorer and type http:\\192.168.1.1 in the address bar and click Enter. You get the log in window.
    Fill in the password you have already found and you will get the configuration page.
    Configure the router to allow you to connect to your ISP server. In some routers it is done by a setup wizard. But you have to fill in the log in password your ISP has initially given to you.
    You can also call your ISP if you don't have your initial password.
    Don't forget to change the routers default password and set a strong password. Note down the password and keep it somewhere for future reference.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 geoxena

geoxena
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:14 AM

Posted 07 August 2011 - 10:26 PM

I've reset the router and logged in to the page, but I don't know what you mean by "Configure the router to allow you to connect to your ISP server." This is a Linksys WRT54G, by the way.

I have cable internet, and the router has automatic configuration - DHCP. No hostname or password needed.

Edited by geoxena, 07 August 2011 - 10:30 PM.


#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,906 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:14 AM

Posted 08 August 2011 - 08:34 AM

That sOK then.. Hopefully that will be it. Lets see if the redirects are gone.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users