Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect Virus Slipped past my AV


  • Please log in to reply
13 replies to this topic

#1 mooserooster

mooserooster

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:45 AM

Posted 08 September 2011 - 07:24 PM

So I've apparently somehow ran afoul of the insidious Google redirect virus in one of its many flavors.

I've already taken a look at the thread on this forum from someone else experiencing this problem at:

http://www.bleepingcomputer.com/forums/topic417326.html/page__hl__google+redirect+virus

As the poster there was instructed to do, I ran GooredFix and it was unable to find the virus. MalwareBytes is unable to update itself either. I'm currently running an ESET Scan and crossing my fingers.
In the meantime, could anyone help me navigate this funhouse? A thousand blessings upon your camels in advance.

BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,577 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:45 AM

Posted 08 September 2011 - 07:27 PM

Try this:

http://www.bleepingcomputer.com/virus-removal/remove-tdss-tdl3-alureon-rootkit-using-tdsskiller
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 mooserooster

mooserooster
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:45 AM

Posted 08 September 2011 - 07:41 PM

No joy. tdssKiller didn't find it. I did the check for it in Hidden Devices in my Device Manager and didnt spot anything.

I'm having trouble with it in FF. Haven't tried IE *sigh*. Rocking Vista SP2.

#4 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,577 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:45 AM

Posted 08 September 2011 - 07:59 PM

Did the ESET scan find anything?
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#5 mooserooster

mooserooster
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:45 AM

Posted 08 September 2011 - 08:15 PM

Sadly ESET didnt even run. Couldnt update once installed. I'm batting zero on this. I've done battle with some nasty s**t in my time but this is ridiculous.

#6 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,577 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:45 AM

Posted 08 September 2011 - 08:20 PM

Please click HERE to download Kaspersky Virus Removal Tool (click on the Download link for Version 11).
NOTE. This is quite large file, so be patient. Also, the scan can take many hours to run.

  • Double click on the file you just downloaded and let it install.
  • It will install to your desktop (be patient; it may take a while).
  • Accept license agreement and click "Start" button.
  • Click on Settings button Posted Image
    • In Scan scope leave pre-checked items as they're and also checkmark My Computer
    • In Actions checkmark Select action: (disinfect; delete if disinfection fails) instead of preselected Prompt on detection
  • Click on Automatic Scan tab and then click on Start scanning button.
  • Before it is done it may prompt for action regardless of the setting so choose delete if prompted.
  • When the scan is done NO log will be produced.
  • Click on Report button Posted Image then on Automatic Scan report tab.
  • Right click anywhere within right pane, click Select All then right click again and click Copy.
  • This will copy the items that it found to the clipboard you can then open notepad (go to start then run then type in notepad) and choose paste to paste the contents into Notepad.
  • You can save this on the desktop.
  • Post the contents of the document in your next reply.

The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#7 mooserooster

mooserooster
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:45 AM

Posted 08 September 2011 - 08:22 PM

MalwareBytes keeps saying something about address not there when it tries to download updates. i swear its blocking itself b/c whenever i try to update it starts pinging me with blocked malicious network activity alerts.

#8 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,577 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:45 AM

Posted 08 September 2011 - 08:29 PM

You can try to manually download the updates for Malwarebytes from here and just double-click on mbam-rules.exe to install.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#9 mooserooster

mooserooster
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:45 AM

Posted 08 September 2011 - 10:33 PM

Okay, so I lucked out and got ESET to run. Turned up bupkis. Just a couple old harmless keygens that have been lying around forever. Tossed em anyway, just to be sure.
Moved on to the Kaspersky scan now, its doing its thing just fine. Virus is def still there, all its tricks are old hat to me now.

I can't for the life of me figure out where i picked this thing up. I haven't torrented in months, the sites I go to are boring legit news sites and Flash/AS3 dev stuff (and we all know how those viruses written in flash can be :-P). I guess next on my list will be getting the new definitions list for MalwareBytes installed. Not really much to report, this post is more for my own notes. But if anyone has any insights on how a comp-saavy not quite power user (lest i wouldn't be here) gets stuck with a virus like this, I'm all ears.

Edited by mooserooster, 08 September 2011 - 10:36 PM.


#10 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,577 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:45 AM

Posted 09 September 2011 - 05:01 PM

Did you get Malwarebytes to update and run?
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#11 mooserooster

mooserooster
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:45 AM

Posted 13 September 2011 - 08:26 PM

Okay, so I got Malware Bytes to run and update. No dice, still have a virus. I'm too far out from getting this thing to go back to a restore point, so I'm backing up right now and getting ready to do a wipe, I think. My only concern with that is that the virus transfers over with my backup. Also, I guess I'm concerned about getting this thing again, simply b/c I don't know how I got it in the first place. Anyone have any thoughts?

#12 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,577 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:45 AM

Posted 13 September 2011 - 08:27 PM

Did you get the Kaspersky Virus Removal Tool to run?
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#13 mooserooster

mooserooster
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:45 AM

Posted 13 September 2011 - 08:49 PM

Yeah, I ran the latest Kaspersky build. It didn't find anything, either.

#14 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,577 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:45 AM

Posted 13 September 2011 - 09:59 PM

This will require a more in depth look.

Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Note that it will probably take about 5 days to get a reply once you submit your logs due to our backlog. So you may just want to wipe it since you were thinking of that anyway.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users