Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

poor college girl with google redirect virus : (


  • Please log in to reply
14 replies to this topic

#1 tulanegirl

tulanegirl

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 28 December 2011 - 05:08 PM

HI! I have gotten a nasty case of google redirect virus. I am also having problems going onto my hotmail email accounts (could this be related?) I need my computer fixed before I start school again!
The virus is redirecting me to sites such as infomash, get-answers-fast, etc.
I have been using Mossila firefox, google chorome and internet explorer 8, all infected (I uninstalled mossila in hopes it would help, it didn't)
I tried running GooredFix, and then i restarted the computer. It didn't work, then i looked up C:\windows\system32\drivers\etc\hosts. It says :

# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost
here is what GooredFix it says, this is like chinese to me so if y'all know what it meas I would appreciate the help!


GooredFix by jpshortstuff (03.07.10.1)
Log created at 14:50 on 28/12/2011 (sofie)
Firefox version 7.0.1 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [19:45 22/12/2011]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{BBDA0591-3099-440a-AA10-41764D9DB4DB}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\" [22:28 23/07/2011]
"{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_4_3" [15:42 27/12/2011]
"{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}"="C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.2.0.28\coFFFw\" [03:26 28/12/2011]
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext" [19:43 22/12/2011]

-=E.O.F=-

Thank you so much if ya'll could help me I would really appreciate it from the bottom if my heart!

BC AdBot (Login to Remove)

 


#2 jameska

jameska

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:27 PM

Posted 28 December 2011 - 05:18 PM

Install Malware Bytes from http://www.malwarebytes.org/ download updates from update tab to latest version.

start a trial version.

Start a full system scan .

at the end of the scan i will give you an option to show result, remove all and reboot the computer.

#3 tulanegirl

tulanegirl
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 28 December 2011 - 06:27 PM

I couldn't find the trial version :( does anyone else know how to do it?

#4 TommyBoat

TommyBoat

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Jean Nevada
  • Local time:04:27 PM

Posted 28 December 2011 - 08:27 PM

What is your Operating System? WinXP, WinVista, Win7?

Curious...

You can


A. Download Spybot and run it. www.safer-networking.org
Google for it. Its easy to use.

Run SpyBot 3 times. Reboot when it asks you to.


B. Go to google and put in "bleeping computer malwarebytes" and download
the trial version. If you find it any other way on a search engine,
you may not get the correct link! The company's weblink may not give you
the full trial app.

C. When you are done, remove SpyBot from your PC. Control Panel, Add/Remove
Programs, remove SpyBot.

Best of luck and let me know how you fare.

R We Good ?


#5 tulanegirl

tulanegirl
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 28 December 2011 - 10:01 PM

Thanks so much!
It is windows 7.
Should I do both spybot and malwarebytes? or just choose one? will this delete the files on my computer?
I want to know so as to save the files on a USB before I do this. And I will def let you know!

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:27 PM

Posted 29 December 2011 - 02:50 AM

Hi

Most of the redirect issues are caused by rootkits.Malwarebytes can remove adware and trojans but not rootkits.

Download

http://support.kaspersky.com/downloads/utils/tdsskiller.exe

Launch it,click on SCAN,if it finds rootkit do not FIX anything,take help of malware experts here on dealing with them

Good luck

Edited by narenxp, 29 December 2011 - 02:50 AM.


#7 TommyBoat

TommyBoat

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Jean Nevada
  • Local time:04:27 PM

Posted 29 December 2011 - 10:45 AM

Do SPYBOT first

run SPYBOT three times it will take a while each time.

reboot after each time you run it.


Do MALWAREBYTES second


You can leave MALWAREBYTES on your PC, and its optional
if you wish to leave SPYBOT. SPYBOT runs in the background
though and I am not sure if you want that. Never run two
anti-virus programs on a PC. It causes lockups and they
fight with one another and confuse your PC's registry (brain of the PC).

That link from the other Tech may work to kill the virus.

There are secific TOOLS that have been made available to kill
these popular virus'. Symantec has a Forum you can view as well.
I am not a fan of AVG or Kaspersky anti-virus programs.

Tom Let me know how you make out!

R We Good ?


#8 TommyBoat

TommyBoat

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Jean Nevada
  • Local time:04:27 PM

Posted 29 December 2011 - 10:49 AM

:busy: Tulane girl...

Its always a good idea to save your files to a USB or
to an external Hard Drive.

These external HD are available at Staples, Office Depot, Best Buy et al.

Its a good idea to store this external HD (or USB) in a safe place that is far away
from your PC. IE, your parents house, another apartment, a Bank Safe Deposit
Box, friends house et al.

Reason? God forbid, if your PC is stolen or damaged, your backup files
are not affected because they are far away from the original PC.

Tom

R We Good ?


#9 TommyBoat

TommyBoat

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Jean Nevada
  • Local time:04:27 PM

Posted 29 December 2011 - 10:51 AM

Store your original CDs, DVDs and warranty separately too. :wink:

R We Good ?


#10 tulanegirl

tulanegirl
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 29 December 2011 - 03:38 PM

Thanks for the tip tommyboat, I will amazon me an external HD as soon as I get rid of this nasty virus!
Here's an update
SO I ran spybot. It never told me to reboot.. However, after running it three times I restarted my computer.
After restarting the computer, I got Malwarebytes. It detected some nasty stuff. I will put the log at the bottom of this post. I got rid of it and Malwarebytes then told me to restart the computer and I did. Then, I got rid of spybot because it was really annoying.
IT STILL REDIRECTED MY GOOGLE SEARCHES! (also, I have been noticing my internet is running slower)
So then I took your advice, narenxp (thank you!), and I ran the Kaspersky and it detected nothing, and my google searches are still being redirected.
What am I doing wrong? Please help me : ( I am a biology major, I don't know computers at all!

#11 tulanegirl

tulanegirl
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 29 December 2011 - 03:41 PM

here is the malwarebytes log.
ALSO I must mention that spybot found 3 things with a threat level of 1. Then it asked wether or not it wanted to fix it and I said yes.

Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org

Database version: v2011.12.29.01

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
sofie :: PATRICIAMONTENE [administrator]

Protection: Enabled

12/29/2011 12:17:03 AM
mbam-log-2011-12-29 (00-17-03).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 359408
Time elapsed: 40 minute(s), 18 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 3
C:\Users\sofie\AppData\Local\Apple Computer\AppleData\Appledata.dll (Trojan.FakeMS) -> Delete on reboot.
C:\Users\sofie\AppData\Local\Apple Computer\AppleUpdate\Appleupdt32.dll (Trojan.FakeMS) -> Delete on reboot.
C:\ProgramData\GoogleVerifierOnline.dll (Trojan.FakeMS) -> Delete on reboot.

Registry Keys Detected: 1
HKCR\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Detected: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|AppleData (Trojan.FakeMS) -> Data: rundll32.exe "C:\Users\sofie\AppData\Local\Apple Computer\AppleData\Appledata.DLL",DllRegisterServer -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Classes Update (Trojan.FakeMS) -> Data: rundll32 "C:\Users\sofie\AppData\Local\Apple Computer\AppleUpdate\Appleupdt32.DLL",DllRegisterServer -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|GoogleVerifierOnline (Trojan.FakeMS) -> Data: rundll32.exe "C:\ProgramData\GoogleVerifierOnline.dll",DllRegisterServer -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 6
C:\Users\sofie\AppData\Local\Apple Computer\AppleData\Appledata.dll (Trojan.FakeMS) -> Delete on reboot.
C:\Users\sofie\AppData\Local\Apple Computer\AppleUpdate\Appleupdt32.dll (Trojan.FakeMS) -> Delete on reboot.
C:\ProgramData\GoogleVerifierOnline.dll (Trojan.FakeMS) -> Delete on reboot.
C:\Windows\System32\srrstr.dll (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\srrstr.dll (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\Users\sofie\Local Settings\Application Data\Apple Computer\AppleUpdate\Appleupdt32.dll (Trojan.SHarpro) -> Delete on reboot.

#12 TommyBoat

TommyBoat

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Jean Nevada
  • Local time:04:27 PM

Posted 30 December 2011 - 11:49 AM

<_< Ok, lets do some cleaning up...

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important

Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.

Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.

If TDSSKiller does not run, try renaming it.

To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.

Click the Start Scan button

REBOOT and lets do some cleaning up on your PC
===========================================================================


1) Go into Control Panel

2) Add/Remove Programs... you will see a program listing

3) Remove all TOOLBARS (yahoo, google, Target, ASK.com, WSJ.com, Time.com, )

4) Remove any program associated with ASK.com

5) Remove any GAMES that you do not play

6) Remove ANY OTHER Anti-Virus programs that you do not use. LEAVE your current
Anti-Virus Program on your computer. Having more than one anti-virus program will cause registry, system problems, and odd/erradic behaviour.

8) Remove OLD versions of JAVA. Some PCs I have seen have had 7 versions
still loaded.

9) Remove OLD versions of ADOBE reader, shockwave, flash.

10) Remove TRIAL versions of software that you NEVER use!

11) Reboot the PC

12) Do a Windows Update

13) Go to JAVA.com and load the latest JAVA

14) Go to ADOBE.com and load the latest a.) Reader b.) Flash c.) Shockwave

Let me know .... Tom

IF you are STILL having these same erradic issues, your PC may need to
have a COMPLETE TUNE-UP by a reputable PC Tech (such as myself) or some
one nearby that knows what they are doing.

Related issues: a.) FULL TUNE-UP needed b.) RELOAD Op Sys may need to be reloaded. Files are to be backed up first, of course.

R We Good ?


#13 TommyBoat

TommyBoat

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Jean Nevada
  • Local time:04:27 PM

Posted 04 January 2012 - 08:32 PM

How'd you make out?

I have worked on several laptops with Win7 64Bit with
great success in removing trojans, bots, viruses etc.

R We Good ?


#14 tulanegirl

tulanegirl
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 04 January 2012 - 09:56 PM

Didn't work : ( I still have the virus the kaspersky didnt detect anything at all. Anything else I should try?

#15 TommyBoat

TommyBoat

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Jean Nevada
  • Local time:04:27 PM

Posted 10 January 2012 - 10:33 AM

TRY the following tools ... one at a time

http://us.mcafee.com/virusInfo/default.asp?id=stinger


http://us.mcafee.com/virusInfo/default.asp?path=/virusInfo/virusRemoval/bugbear.asp


http://home.mcafee.com/VirusInfo/SpecialVirusRemovalTool.aspx?viruskey=klez


http://home.mcafee.com/VirusInfo/VirusProfile.aspx?key=100547

Let me know if these work to remove your issues.

Tom

R We Good ?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users