Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Some form of Google Redirect that will not go away!!!


  • This topic is locked This topic is locked
4 replies to this topic

#1 bgraz

bgraz

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:15 AM

Posted 09 September 2011 - 07:57 AM

HI.
I am new to the forum so TIA for your help. Whenever I use any search engine I am redirected to the same IP address. I use Peer Block so it does not connect however if Peer Block is disabled I am directed to various different search pages. I have run Malwarebytes, Spybot, Adaware and Symantec Antivirus. Although the scans have found problems teh redirection issue remains.
Prior to reading all the instructions I had seen threads about Combo fix in other forums and have rum that already . It did remove some files but , again the problem is still persisting . I am attaching the dds and gmer logs. These were run after combofix. I am also attaching combofix log

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,940 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:15 AM

Posted 14 September 2011 - 09:26 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Open notepad and copy/paste the text in the quote box below into it:

File::
c:\windows\system32\wscui32.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{03EBC043-35BD-4710-97ED-F843D4670272}]



Save this as CFScript on your desktop.

Posted Image

Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please post the logs and let me know what problem persists.

#3 bgraz

bgraz
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:15 AM

Posted 14 September 2011 - 07:27 PM

Hi nasdaq. Thank you for your help. I copied the CFScript as instructed and dragged into Combofix. When I ran combofix it indicated there was a newer version so it downloaded that and ran it. I also ran the security check as requested. Logs are posted below.

I have done multiple random searches on Google on both IE and Firefox. I did not get any redirects!!!! I think it is fixed . Thanks for all your help nasdaq. I have been weeks trying every scanner etc. to no avail.

I am going to keep combofix installed for a few days to make absolutely certain I am clean. If you note anything in the logs that would be a concern please let me now and thanks again for all your help.

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,940 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:15 AM

Posted 15 September 2011 - 09:14 AM

Your ComboFix is clean.

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:
  • Download the latest version of Java SE Runtime Environment 6 Update 27.
  • In the box labeled "Java Platform, Standard Edition", click the "Download JRE" button to the right.
  • In the Window that opens, select Windows (or Windows x64), and check the "agree" box and click "Continue".
  • Click on the link to download Windows Offline Installation and save to your Desktop.
  • Then from your Desktop double-click on jre-6u27-windows-i586.exe that you have downloaded to install the newest version.

    For the x64 bit version download this on jre-6u27-windows-x64.exe). Make sure you download the corrent version.

    - Note: If you are running Vista or Windows 7, you may need to right-click on the installation file and select Run as Administrator.

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ 6 Update 17
Java™ 6 Update 6
Java™ 6 Update 7

===


Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Include in your download" this is not required. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.

===

An important vulnerability has been identified in Adobe Flash Player 10.3.181.16 and earlier versions for Windows, Macintosh, Linux and Solaris, and Adobe Flash Player 10.3.185.22 and earlier versions for Android.Adobe recommends... update to Adobe Flash Player 10.3.181.22

Direct download current version - executable Flash Player installer... to your Desktop, then double-click to install.

Download for Internet Explorer

Download for Firefox and other browsers
<<<>>>

Wait a day or two and if all is well.

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

Delete the other tools we used to clean this computer.

Surf Safely, and Think Prevention!
===

#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,940 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:15 AM

Posted 22 September 2011 - 07:34 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users