Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect VIrus


  • Please log in to reply
5 replies to this topic

#1 kozikoro

kozikoro

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:00 AM

Posted 27 February 2012 - 09:48 PM

Hi, little over a week ago I was in a risky part of the internet ( TV streams), randomly while watching my computer restarted. I was briefly able see that something installed itself on my computer before it reset. Later I tried to use Google and whenever I pressed on a link it would redirect me to another website. I tried different anti-virus scans ( Avast, Spybot Search & Destroy, kaspersky, AVG, malawarebytes) some found Trojans which were cleared but it still persisted. I read that if I turned off my Javascript on Firefox the problem would stop, ( which as of right now it has). However I believe that I'm not in the clear and I would appreciate any help in removing whatever it is I might have.

BC AdBot (Login to Remove)

 


#2 sumeet pujari

sumeet pujari

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:00 AM

Posted 27 February 2012 - 09:52 PM

Try in safe mode with networking.
IF you have the same issue run the scans in SMWN also run trojan remover and see if it fixes.

#3 AGirlinChiTown

AGirlinChiTown

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:00 AM

Posted 27 February 2012 - 10:24 PM

I got the Google redirect virus too a few months ago and paid $125 to get rid of it. Today, I got rid of an even
worse virus and thankfully figured it out myself. This is what I did: Hope it works for you.

* Restart computer
* While it's rebooting, Press the F8 key a bunch of times
* A black & white screen will come up. Use your up/down arrows to select "Safe Mode with Networking"
* It will start loading alot of files that fill the screen. Don't worry about it.
* Then there will be a message that says: " Are you sure you want to do this? You could go back to a restore
point instead" ( or something to that effect..)
* Click "NO" ( meaning you don't want to continue and heck yeah let's try to go back to a restore point)
* Then just follow the prompts. Very easy
* You'll be asked to Pick a date to go back to. I clicked a date (1) week ago, just to be extra sure.
* Then the computer goes through the restoration process and restarts itself eventually. Stay calm.
* At some point there will be a screen that says Administrator or User. I clicked User.
* Computer came back up free of virus

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:00 AM

Posted 28 February 2012 - 04:57 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)


Please download GMER from here(doesnot work on 64 bit OS)

http://www2.gmer.net/download.php

Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)

If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

#5 Jonnygr

Jonnygr

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:00 AM

Posted 28 February 2012 - 08:14 AM

Hello I also got infected with this redirect virus yesterday, and I did a system restore to a week previous, as well as using ComboFix and OTmover, which seemed to find some stuff. I'm not sure if this is sufficient to get rid of whatever I had? Is a system restore to a previous week actually effective? Rkill no longer shows up that it is ending "dplaysvr.exe" like it did initially. I will try the programs in your post now narenxp.

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,734 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:00 AM

Posted 28 February 2012 - 08:32 AM

Welcome to BC Jonnygr

If you have an issue or problem you would like to discuss, please start your own topic. Doing that will help to avoid the confusion that often occurs when trying to help two or more members at the same time in the same thread. Even if your problem is similar to the original poster's problem, the solution could be different based on the kind of hardware, software, system requirements, etc. you are using and the presence of other malware. Further, posting for assistance in someone else's topic is not considered proper forum etiquette.

As for your question about System Restore...sometimes this method of recovery works but other times it may not since System Restore was not designed to be a virus or malware removal tool. Whether it will be successful depends on what type of infection you are dealing with, what damage the malware has already caused, and what is restored during the process.

This is what mvps.org has to say:
Can I use System Restore to remove virus or malware infection?

NO. System Restore was not designed to be a virus or spyware removal tool and should not be depended on.


Generally it's better to leave System Restore alone until the machine is clean and stable. However, in some cases, using System Restore may return some system stability if you are having problems running disinfection tools or booting up. If you are able to successfully use System Restore to return to a previous state there is no guarantee your computer will not still be infected. As such, you should immediately perform scans with your anti-virus and anti-malware tools afterwards, then monitor your system for any signs of infection.


Thanks for your cooperation.
The BC Staff
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users