Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect Virus help!


  • Please log in to reply
2 replies to this topic

#1 AshleyEmDee

AshleyEmDee

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:07:05 PM

Posted 28 June 2012 - 07:18 PM

Hi, I've been having problems with my PC for the past couple of months.

It's been running really slow and every time whenever I type a website or search something through google, I get redirected to a totally irrelevant page.

My computer runs on Windows XP if that makes any difference.

This is the log from a recent run on Malware Bytes. There were 9 infected items that I was able to remove.


Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.10.02

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 6.0.2900.2180
Owner :: SAT [administrator]

5/26/2012 4:42:46 PM
mbam-log-2012-05-26 (16-42-46).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 186474
Time elapsed: 10 minute(s), 34 second(s)

Memory Processes Detected: 1
C:\Program Files\LP\88C6\676.exe (Backdoor.CycBot) -> 3752 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 3
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Hijack.Shell.Gen) -> Data: explorer.exe,C:\Documents and Settings\Owner\Application Data\6C5EC\0FE88.exe -> Quarantined and deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyServer (PUM.Bad.Proxy) -> Data: http=127.0.0.1:52970 -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|676.exe (Backdoor.CycBot) -> Data: C:\Program Files\LP\88C6\676.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 5
C:\Documents and Settings\Owner\My Documents\Downloads\oi_msgr11us.exe (PUP.BundleInstaller.OI) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\0479121.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\5728.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\LP\88C6\676.exe (Backdoor.CycBot) -> Delete on reboot.

(end)



I'm not completely sure if I still have the virus as my computer seems to be running faster, but I'd appreciate any confirmation on this or any help on what my next steps should be.


Thanks so much for your time!

BC AdBot (Login to Remove)

 


#2 AshleyEmDee

AshleyEmDee
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:07:05 PM

Posted 28 June 2012 - 07:26 PM

I already posted this topic up a few weeks ago but I was away to respond to it so the topic was closed. I was told to download DeFogger, Security Check, and DDS. Here's the results:

SECURITY CHECK:


Results of screen317's Security Check version 0.99.42
Windows XP Service Pack 2 x86
Out of date service pack!!
Internet Explorer 6 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
McAfee Security Scan Plus
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.60.1.1000
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 10.3.183.7 Flash Player out of Date!
Adobe Reader X (10.1.0)
Mozilla Firefox 12.0 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 6%
````````````````````End of Log``````````````````````




DDS

Results of screen317's Security Check version 0.99.42
Windows XP Service Pack 2 x86
Out of date service pack!!
Internet Explorer 6 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
McAfee Security Scan Plus
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.60.1.1000
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 10.3.183.7 Flash Player out of Date!
Adobe Reader X (10.1.0)
Mozilla Firefox 12.0 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 6%
````````````````````End of Log``````````````````````




ATTACH

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 11/27/2010 6:45:10 PM
System Uptime: 6/26/2012 1:44:18 PM (55 hours ago)
.
Motherboard: Dell Computer Corp. | | 0WF887
Processor: Intel® Pentium® 4 CPU 2.80GHz | Microprocessor | 2793/533mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 63 GiB total, 38.746 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 10.965 GiB free.
E: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
Class GUID: {36FC9E60-C465-11CF-8056-444553540000}
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_8086&DEV_24DD&SUBSYS_01D51028&REV_02\3&172E68DD&0&EF
Manufacturer:
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_8086&DEV_24DD&SUBSYS_01D51028&REV_02\3&172E68DD&0&EF
Service:
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: D-Link DFE-530TX+ PCI Fast Ethernet Adapter (rev.F)
Device ID: PCI\VEN_1106&DEV_3106&SUBSYS_14061186&REV_86\4&1C660DD6&0&00F0
Manufacturer: D-Link
Name: D-Link DFE-530TX+ PCI Fast Ethernet Adapter (rev.F)
PNP Device ID: PCI\VEN_1106&DEV_3106&SUBSYS_14061186&REV_86\4&1C660DD6&0&00F0
Service: FETNDISB
.
==== System Restore Points ===================
.
RP461: 3/30/2012 11:07:24 PM - System Checkpoint
RP462: 3/31/2012 4:42:14 PM - Removed Google Talk Plugin
RP463: 4/2/2012 6:56:28 PM - System Checkpoint
RP464: 4/3/2012 10:45:33 PM - Removed Google Talk Plugin
RP465: 4/4/2012 11:28:31 PM - System Checkpoint
RP466: 4/6/2012 12:27:09 PM - System Checkpoint
RP467: 4/7/2012 1:26:27 PM - System Checkpoint
RP468: 4/8/2012 2:20:44 PM - System Checkpoint
RP469: 4/9/2012 11:40:33 PM - System Checkpoint
RP470: 4/11/2012 12:03:42 AM - System Checkpoint
RP471: 4/12/2012 12:53:53 AM - System Checkpoint
RP472: 4/12/2012 3:00:21 AM - Software Distribution Service 3.0
RP473: 4/13/2012 3:49:40 AM - System Checkpoint
RP474: 4/14/2012 6:19:14 PM - System Checkpoint
RP475: 4/15/2012 6:33:08 PM - System Checkpoint
RP476: 4/16/2012 9:14:44 PM - System Checkpoint
RP477: 4/17/2012 9:41:17 PM - System Checkpoint
RP478: 4/18/2012 9:46:34 PM - System Checkpoint
RP479: 4/19/2012 10:40:51 PM - System Checkpoint
RP480: 4/20/2012 11:35:08 PM - System Checkpoint
RP481: 4/21/2012 11:55:27 PM - System Checkpoint
RP482: 4/23/2012 8:13:05 PM - System Checkpoint
RP483: 4/24/2012 8:55:22 PM - System Checkpoint
RP484: 4/25/2012 9:56:05 PM - System Checkpoint
RP485: 4/26/2012 10:31:34 PM - System Checkpoint
RP486: 4/27/2012 11:44:44 PM - System Checkpoint
RP487: 4/29/2012 12:27:06 AM - System Checkpoint
RP488: 4/30/2012 5:39:10 PM - System Checkpoint
RP489: 5/1/2012 7:12:04 PM - System Checkpoint
RP490: 5/2/2012 7:45:11 PM - System Checkpoint
RP491: 5/3/2012 8:42:57 PM - System Checkpoint
RP492: 5/5/2012 12:46:11 AM - System Checkpoint
RP493: 5/6/2012 12:53:48 AM - System Checkpoint
RP494: 5/7/2012 3:45:38 PM - Removed Google Talk Plugin
RP495: 5/8/2012 5:30:01 PM - Software Distribution Service 3.0
RP496: 5/9/2012 6:03:43 PM - System Checkpoint
RP497: 5/10/2012 11:04:30 PM - System Checkpoint
RP498: 5/12/2012 12:34:44 AM - System Checkpoint
RP499: 5/13/2012 12:34:52 AM - System Checkpoint
RP500: 5/14/2012 1:34:53 AM - System Checkpoint
RP501: 5/15/2012 2:32:42 AM - System Checkpoint
RP502: 5/16/2012 9:58:47 PM - System Checkpoint
RP503: 5/17/2012 4:00:40 PM - Software Distribution Service 3.0
RP504: 5/18/2012 1:44:29 PM - Removed Google Talk Plugin
RP505: 5/19/2012 2:38:50 PM - System Checkpoint
RP506: 5/20/2012 3:32:45 PM - System Checkpoint
RP507: 5/21/2012 4:36:02 PM - System Checkpoint
RP508: 5/22/2012 5:24:46 PM - System Checkpoint
RP509: 5/23/2012 8:03:14 PM - System Checkpoint
RP510: 5/24/2012 10:29:38 PM - System Checkpoint
RP511: 5/25/2012 10:57:40 PM - System Checkpoint
RP512: 5/27/2012 12:12:02 AM - System Checkpoint
RP513: 5/28/2012 1:47:47 AM - System Checkpoint
RP514: 5/29/2012 1:51:22 AM - System Checkpoint
RP515: 5/30/2012 5:40:54 PM - System Checkpoint
RP516: 5/31/2012 5:59:36 PM - System Checkpoint
RP517: 6/2/2012 10:51:37 AM - System Checkpoint
RP518: 6/3/2012 11:34:08 AM - System Checkpoint
RP519: 6/4/2012 12:06:08 PM - System Checkpoint
RP520: 6/5/2012 3:04:00 PM - System Checkpoint
RP521: 6/6/2012 5:45:52 PM - System Checkpoint
RP522: 6/7/2012 9:36:39 PM - System Checkpoint
RP523: 6/8/2012 11:36:26 PM - System Checkpoint
RP524: 6/9/2012 11:46:39 PM - System Checkpoint
RP525: 6/11/2012 4:27:11 PM - System Checkpoint
RP526: 6/12/2012 10:23:42 PM - System Checkpoint
RP527: 6/14/2012 5:29:57 PM - System Checkpoint
RP528: 6/15/2012 7:05:35 PM - System Checkpoint
RP529: 6/16/2012 7:22:08 PM - System Checkpoint
RP530: 6/17/2012 8:18:38 PM - System Checkpoint
RP531: 6/18/2012 9:11:25 PM - System Checkpoint
RP532: 6/19/2012 10:09:35 PM - System Checkpoint
RP533: 6/20/2012 9:44:34 AM - Removed Google Talk Plugin
RP534: 6/22/2012 10:44:29 AM - Removed Google Talk Plugin
RP535: 6/23/2012 10:46:06 AM - System Checkpoint
RP536: 6/24/2012 10:53:31 AM - System Checkpoint
RP537: 6/24/2012 3:44:53 PM - Removed Google Talk Plugin
RP538: 6/25/2012 4:41:32 PM - System Checkpoint
RP539: 6/26/2012 5:12:05 PM - System Checkpoint
RP540: 6/27/2012 5:12:47 PM - System Checkpoint
RP541: 6/28/2012 5:49:39 PM - System Checkpoint
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.0.1)
Adobe Reader X (10.1.0)
Adobe Shockwave Player 11.6
AIM 7
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
Compatibility Pack for the 2007 Office system
D-Link DFE-530TX+
D-Link PCI Fast Ethernet Adapter
Dell ResourceCD
Disney Toontown Online
Download Updater (AOL LLC)
Facebook Video Calling 1.2.0.159
Google Chrome
Google Talk Plugin
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
Intel® Extreme Graphics 2 Driver
Intel® PRO Network Adapters and Drivers
iTunes
Malwarebytes Anti-Malware version 1.60.1.1000
McAfee Security Scan Plus
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Monopoly City (remove only)
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 6 Service Pack 2 (KB973686)
ooVoo
Plants vs. Zombies
QuickTime
Safari
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981350)
Security Update for Windows XP (KB982381)
Skype™ 5.5
SoundMAX
swMSM
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB898461)
Update for Windows XP (KB925720)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Vz In Home Agent
WebFldrs XP
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows XP Service Pack 2
Xvid Video Codec
.
==== End Of File ===========================

#3 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:05 PM

Posted 28 June 2012 - 08:03 PM

Please send a PM to gringo to reopen the topic

http://www.bleepingcomputer.com/forums/user-220281/gringo-pr/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users