Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect and Alureon?


  • This topic is locked This topic is locked
2 replies to this topic

#1 dclarke2191

dclarke2191

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:01 PM

Posted 30 November 2011 - 12:28 PM

Hello, I am new to the forums and a pretty average computer user so I appreciate your patience in advance! So, I have come upon some sort of redirect virus, redirecting most pages I try and access through search engines (mainly Google).

This all began one day when Microsoft Security Essentials Detected a threat. Some sort of Alureon virus, so I jsut did the normal procedure with that and tried to remove it but my computer just started freaking out with error messages nonstop. I rebooted and went into safe mode and this virus had hidden all my documents and programs. I didnt feel like dealing with this virus so I just did a system recovery (Thinkvantage on lenovo system). The problem seemed to go away until I used google, this is where I discovered the google redirect problem. I also have other problems, such as not being able to eject USB devices, and sound clips through my speakers. These sound clips stop as soon as I end the iexplorer.exe process in task manager.

I tried full scans with Security Essentials but it found nothing. I tried malwarebytes but it only found cookies, which I removed. I tried Spybot S&D which found some adware, mostly cookies again. When I scan with each of these again they pretty much come up with the same results. I also tried tdsskiller after reading this could be a rootkit, but my system would not allow it to open. Now I am here...

I have tried to run DDS and GMER but neither of them would work properly. Additional information below.

DDS

When DDS runs, pound keys run across the command window until a certain point where it stops. After about 3 minutes of run time my computer freezes and I cannot access anything until I reboot. I have left it frozen just to check if it would start up again but it did not. I was not able to obtain logs for this program.

GMER

When double clicking to run GMER I get this error message before it opens...

"LoadDriver("C:\DOCUME~1\DAN~1.DAN\LOCALS~1\Temp\pgeyqkob.sys") error 0xC000010E: Cannot create a stable subkey under a volatile parent key."

After opening, it does some initializing and then has all of the settings' boxes grayed out exept for Services, Registry, Files, C:\, and ADS.

Runs and only ends up with two lines of results. I have attached those results as instructed.


Thank you in advance for your help, and I appreciate the time and effort from you guys!

Attached Files

  • Attached File  ark.txt   465bytes   0 downloads

Edited by dclarke2191, 30 November 2011 - 12:30 PM.


BC AdBot (Login to Remove)

 


#2 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:06:01 PM

Posted 03 December 2011 - 04:30 PM

Hello dclarke2191 and welcome to Bleeping Computer!

I apologize for the delay.

I am D-FRED-BROWN and I will be helping you. :)

Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps.

-------------

Please download to your Desktop:
  • TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

In your next reply, please include the following (you may need to use two posts to get it all in):
  • TDSSKiller_log.txt
how the PC is running now?


-------------

Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

***IMPORTANT: save ComboFix to your Desktop***

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.
Also, please let me know if any problems still remain.

-------------

Please download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-------------

In your next reply, please include:
  • TDSSKiller report
  • C:\ComboFix.txt
  • checkup.txt

How is your computer running now?
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#3 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:06:01 PM

Posted 01 August 2012 - 02:02 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users