Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect


  • Please log in to reply
8 replies to this topic

#1 Dragonsfury99

Dragonsfury99

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:52 PM

Posted 27 December 2011 - 09:13 AM

I have tried Malware Bytes, AVG, spybot, hitman pro, and atleast 3 others and cant find this thing anywhere. I have read on these forums that alot of people are having issues with this. If you can please help me out. The only issue I seem to have is I get redirects on web searches when i click on the results. I was getting random popups asking me if I am sure I wanted to leave a page but there was no browser page opened but those seem to have stopped. I have tried multiple locations and web browsers and search engines and still the same thing. I need some help please - Matt

Edit: Forgot to add I have Windows 7 and usually use IE

Edited by Dragonsfury99, 27 December 2011 - 09:14 AM.


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,119 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:52 PM

Posted 27 December 2011 - 09:37 AM

Before doing anything further, if you have not already done so, you should back up all your important documents, personal data files and photos to a CD or DVD drive as some infections may render your computer unbootable during or before the disinfection process. If that occurs there may be no option but to reformat and reinstall the OS or perform a full system recovery. The safest practice is not to backup any files with the following file extensions: exe, .scr, .ini, .htm, .html, .php, .asp, .xml, .zip, .rar, .cab as they may be infected.


Please download Kaspersky's TDSSKiller and save it to your Desktop. <-Important!
Be sure to print out and follow the instructions for performing a scan.
  • Extract (unzip) the file to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the Desktop.
  • Alternatively, you can download TDSSKiller.exe and use that instead.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If an update is available, TDSSKiller will prompt you to update and download the most current version. Click Load Update. Close TDSSKiller and start again.
  • When the program opens, click the Change parameters.

    Posted Image

  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image

  • Click the Start Scan button.

    Posted Image

  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If 'Suspicious objects' are detected, the default action will be Skip. Leave the default set to Skip and click on Continue.
  • If Malicious objects are detected, they will show in the Scan results - Select action for found objects and offer three options.

    Posted Image

  • Ensure Cure is selected...then click Continue -> Reboot computer for cure completion.

    Posted Image

  • Important! -> If Cure is not available, please choose Skip instead. Do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it to something else before beginning the download and saving to the computer or to perform the scan in "safe mode".

-- For any files detected as 'Suspicious' (except those identified as Forged to be cured after reboot) get a second opinion by submitting to Jotti's virusscan or VirusTotal. In the "File to Scan" (Upload or Submit) box, browse to the location of the suspicious file(s) and submit (upload) it for scanning/analysis. If you get a message saying "File has already been analyzed", click Reanalyze or Scan again.

Note: Some infections will alter the Proxy settings in Internet Explorer which can cause redirects and affect your ability to browse, update or download tools required for disinfection. If you are experiencing such problems, check those settings. To do that, please refer to Steps 4-7 under the section Automated Removal Instructions in this guide. If using FireFox, refer to these instructions to check and configure Proxy Settings under Advanced Options > Network tab > Connection Settings.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Dragonsfury99

Dragonsfury99
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:52 PM

Posted 28 December 2011 - 06:47 AM

Ok I downloaded it to my desk top but it will not run. I chose run as admin but nothing. Booted in safe mode and still not running. I opened task manager and tried again and it shows in the processes tab but then disappears.

#4 Dragonsfury99

Dragonsfury99
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:52 PM

Posted 28 December 2011 - 06:53 AM

Sorry just saw the renaming trick trying that now

#5 Dragonsfury99

Dragonsfury99
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:52 PM

Posted 28 December 2011 - 06:58 AM

Renamed it as suggested and still nothing

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,119 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:52 PM

Posted 28 December 2011 - 08:23 AM

If TDSSKiller still will not run, then try using Symantec's Backdoor.Tidserv Removal Tool (FixTDSS) which has been successful in some cases.
  • Save the file to your Desktop.
  • Double-click on FixTDSS.exe.
  • Read the license agreement and click I Accept to continue.
  • Click the Proceed button.
  • If prompted to reboot the computer...please do so.
  • When finished the tool will say the infection was cleared or no infection was found...let me know what it says.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 Dragonsfury99

Dragonsfury99
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:52 PM

Posted 29 December 2011 - 03:00 AM

is says "Infected MBR detected". I clicked repair and it said repair successful

#8 Dragonsfury99

Dragonsfury99
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:52 PM

Posted 29 December 2011 - 03:03 AM

Wow I think that worked. I tried 5 different google searches and they all worked. Also google home page is displaying the sunset background I chose again. TY!!

#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,119 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:52 PM

Posted 29 December 2011 - 08:21 AM

You're welcome.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users