Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect Virus - I think


  • Please log in to reply
3 replies to this topic

#1 reprosser

reprosser

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands of SC
  • Local time:10:36 AM

Posted 18 July 2012 - 09:47 PM

A week or so back, I noticed that a couple of google results I clicked on did not take me to the info. Since then I have noticed it happening a lot more. Not every time, but usually a redirect after 2 or 3 tries. Sometimes, if I use the back button and try again, I go directly to the correct link. It seems to be a bit random. I use Mozilla(13.0.1) mostly, and have not had the issue on the couple of tries with Internet Explorer (9.0.8112.16421)or Chrome.

I have my system info in my profile - running Win7 64bit.

I did some research online and have tried the following:

"No proxy" setting in Mozilla (I usually use Mozilla)

Installed and ran Malwarebytes around 7/12
Uninstalled Spotify around 7/13 (this is the only change I can remember making in the time frame it started)
Installed and ran TDSkiller 7/16
Installed and ran rkill 7/16
Installed and ran FixTDSS 7/16
Installed and ran ListParts64 7/16
Installed and ran Combofix 7/16
Ran Combofix 7/17

They seem to fix the problem initially, but the next day - back again.

There are some software packages for sale that say they will remove the virus, but I don't see any guarantees.

I would say I am pretty computer savvy (at least up to Win 7 - it is still pretty new to me)

Any help would be appreciated.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:36 AM

Posted 21 July 2012 - 08:06 AM

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

Download

adware cleaner

Launch it click on Delete

post the generated log

#3 reprosser

reprosser
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands of SC
  • Local time:10:36 AM

Posted 21 July 2012 - 10:17 PM

LOG from ASWMBR

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-21 20:43:31
-----------------------------
20:43:31.513 OS Version: Windows x64 6.1.7601 Service Pack 1
20:43:31.513 Number of processors: 4 586 0x2A07
20:43:31.514 ComputerName: PUGET-92489 UserName: Rick
20:43:32.864 Initialize success
20:51:49.509 AVAST engine defs: 12072101
21:02:21.139 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:02:21.141 Disk 0 Vendor: WDC_WD50 15.0 Size: 476940MB BusType: 3
21:02:21.248 Disk 0 MBR read successfully
21:02:21.251 Disk 0 MBR scan
21:02:21.255 Disk 0 Windows 7 default MBR code
21:02:21.258 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
21:02:21.267 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
21:02:21.286 Disk 0 scanning C:\Windows\system32\drivers
21:02:27.595 Service scanning
21:02:42.358 Modules scanning
21:02:42.366 Disk 0 trace - called modules:
21:02:42.531 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys
21:02:42.535 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800a3bb060]
21:02:42.540 3 CLASSPNP.SYS[fffff88001a0143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007dd4050]
21:02:43.841 AVAST engine scan C:\Windows
21:02:46.183 AVAST engine scan C:\Windows\system32
21:04:51.655 AVAST engine scan C:\Windows\system32\drivers
21:04:59.423 AVAST engine scan C:\Users\Rick
21:23:18.033 AVAST engine scan C:\ProgramData
21:23:49.352 Scan finished successfully
21:25:42.046 Disk 0 MBR has been saved successfully to "C:\Users\Rick\Desktop\MBR.dat"
21:25:42.049 The log file has been saved successfully to "C:\Users\Rick\Desktop\aswMBR.txt"



LOG from ESET

C:\Qoobox\Quarantine\C\Users\Rick\AppData\Roaming\wuiecp.dll.vir a variant of Win32/Medfos.AN trojan
C:\ShareFilesQuietPC\RickParkingLot\Miro_Installer.exe Win32/Toolbar.Zugo application
C:\Users\Rick\AppData\Local\{DECA7EFB-C8AC-11E1-8270-B8AC6F996F26}\chrome\content\browser.xul JS/Redirector.NIQ trojan
C:\Users\Rick\Desktop\RickParkingLot\Miro_Installer.exe Win32/Toolbar.Zugo application
E:\Rick_Backup\2011-12-29_15-24-10\Memeo\2011-12-29_15-24-10\C_\ShareFilesQuietPC\RickParkingLot\Miro_Installer.exe Win32/Toolbar.Zugo application
E:\Rick_Backup\2011-12-29_15-24-10\Memeo\2011-12-29_15-24-10\C_\Users\Rick\Desktop\RickParkingLot\Miro_Installer.exe Win32/Toolbar.Zugo application

LOG from ADW

# AdwCleaner v1.703 - Logfile created 07/21/2012 at 23:07:20
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Rick - PUGET-92489
# Running from : C:\Users\Rick\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default
File : C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\sss12p06.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v20.0.1132.57

File : C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted : "description": "The fastest way to search the web.",

*************************

AdwCleaner[S1].txt - [991 octets] - [21/07/2012 23:07:20]

########## EOF - C:\AdwCleaner[S1].txt - [1118 octets] ##########

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:36 AM

Posted 21 July 2012 - 10:28 PM

Uninstall firefox

Make sure to checkmark remove my personal data option

Reinstall firefox

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Let me know if you still face redirects




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users