Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect and odd behavior


  • Please log in to reply
3 replies to this topic

#1 Winterdepths

Winterdepths

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 22 July 2012 - 12:43 PM

Hi I've been having google redirect issues where when searching I'm redirected to 7search.com. After using several malware/spyware removal tools including AVG and Avast new issues have popped up.

Randomly I'll get the following errors:
Blue screen of death
Windows failed to start and had to go back to restore point
Chrome unable to find locale data files when I try to start it.

Browser doesn't matter for redirect and it appears to only affect google. When attempting to reinstall chrome I have gotten 404 error page or diagnose connection issues page when going to https://www.google.com/chrome

Help! No clue what to do.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:45 AM

Posted 22 July 2012 - 12:53 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 Winterdepths

Winterdepths
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 22 July 2012 - 02:11 PM

Thank you so much for the help.

TDSSkiller
13:58:35.0256 1984 ============================================================
13:58:35.0256 1984 Scan finished
13:58:35.0256 1984 ============================================================
13:58:35.0270 2224 Detected object count: 2
13:58:35.0270 2224 Actual detected object count: 2
13:59:06.0251 2224 \Device\Harddisk0\DR0\# - copied to quarantine
13:59:06.0252 2224 \Device\Harddisk0\DR0 - copied to quarantine
13:59:06.0484 2224 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
13:59:06.0511 2224 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
13:59:06.0537 2224 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
13:59:06.0572 2224 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
13:59:06.0602 2224 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
13:59:06.0625 2224 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
13:59:06.0640 2224 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
13:59:06.0642 2224 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
13:59:06.0644 2224 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
13:59:06.0646 2224 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
13:59:06.0650 2224 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
13:59:06.0654 2224 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
13:59:06.0656 2224 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
13:59:06.0657 2224 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
13:59:06.0697 2224 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
13:59:06.0751 2224 \Device\Harddisk0\DR0 - ok
13:59:12.0299 2224 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
13:59:12.0300 2224 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
13:59:12.0300 2224 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

aswMbr log

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-22 14:04:02
-----------------------------
14:04:02.598 OS Version: Windows 6.1.7601 Service Pack 1
14:04:02.598 Number of processors: 8 586 0x1A05
14:04:02.599 ComputerName: RAWR-PC UserName: Rawr
14:04:10.307 Initialize success
14:04:15.697 AVAST engine defs: 12072200
14:04:24.114 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
14:04:24.116 Disk 0 Vendor: ST31500341AS CC1H Size: 1430799MB BusType: 3
14:04:24.123 Disk 0 MBR read successfully
14:04:24.126 Disk 0 MBR scan
14:04:24.129 Disk 0 Windows 7 default MBR code
14:04:24.132 Disk 0 MBR hidden
14:04:24.156 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
14:04:24.172 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 1430697 MB offset 206848
14:04:24.181 Disk 0 scanning sectors +2930274304
14:04:24.269 Disk 0 scanning C:\Windows\system32\drivers
14:04:42.512 Service scanning
14:05:09.367 Modules scanning
14:05:17.996 Disk 0 trace - called modules:
14:05:18.330 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x85ada3f8]<<
14:05:18.336 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x866695f0]
14:05:18.342 3 CLASSPNP.SYS[8c3b059e] -> nt!IofCallDriver -> [0x874f6580]
14:05:18.352 \Driver\atapi[0x8752eaf8] -> IRP_MJ_CREATE -> 0x877d34b1
14:05:29.197 Disk 0 MBR has been saved successfully to "C:\Users\Rawr\Desktop\MBR.dat"
14:05:29.202 The log file has been saved successfully to "C:\Users\Rawr\Desktop\asw log.txt"

ESET
C:\TDSSKiller_Quarantine\22.07.2012_13.54.41\mbr0000\tdlfs0000\tsk0001.dta Win32/Olmarik.AYI trojan
C:\TDSSKiller_Quarantine\22.07.2012_13.54.41\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.AK trojan
C:\TDSSKiller_Quarantine\22.07.2012_13.54.41\mbr0000\tdlfs0000\tsk0003.dta Win32/Olmarik.AYH trojan
C:\TDSSKiller_Quarantine\22.07.2012_13.54.41\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.AL trojan
C:\TDSSKiller_Quarantine\22.07.2012_13.54.41\mbr0000\tdlfs0000\tsk0005.dta a variant of Win32/Rootkit.Kryptik.NH trojan
C:\TDSSKiller_Quarantine\22.07.2012_13.54.41\mbr0000\tdlfs0000\tsk0006.dta Win64/Olmarik.AK trojan
C:\TDSSKiller_Quarantine\22.07.2012_13.54.41\mbr0000\tdlfs0000\tsk0010.dta Win32/Olmarik.AFK trojan
C:\TDSSKiller_Quarantine\22.07.2012_13.54.41\mbr0000\tdlfs0000\tsk0011.dta Win64/Olmarik.AK trojan
C:\TDSSKiller_Quarantine\22.07.2012_13.57.50\mbr0000\tdlfs0000\tsk0001.dta Win32/Olmarik.AYI trojan
C:\TDSSKiller_Quarantine\22.07.2012_13.57.50\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.AK trojan
C:\TDSSKiller_Quarantine\22.07.2012_13.57.50\mbr0000\tdlfs0000\tsk0003.dta Win32/Olmarik.AYH trojan
C:\TDSSKiller_Quarantine\22.07.2012_13.57.50\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.AL trojan
C:\TDSSKiller_Quarantine\22.07.2012_13.57.50\mbr0000\tdlfs0000\tsk0005.dta a variant of Win32/Rootkit.Kryptik.NH trojan
C:\TDSSKiller_Quarantine\22.07.2012_13.57.50\mbr0000\tdlfs0000\tsk0006.dta Win64/Olmarik.AK trojan
C:\TDSSKiller_Quarantine\22.07.2012_13.57.50\mbr0000\tdlfs0000\tsk0010.dta Win32/Olmarik.AFK trojan
C:\TDSSKiller_Quarantine\22.07.2012_13.57.50\mbr0000\tdlfs0000\tsk0011.dta Win64/Olmarik.AK trojan
C:\Users\Rawr\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\K72XKSFX\firstload_com[1].htm HTML/Hoax.FastDownload.C.Gen application
C:\Users\Rawr\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\K72XKSFX\mx_usenet[1].htm HTML/Iframe.B.Gen virus



>.< Any help on strangling family members who managed to mess up the family computer would also be welcome.

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:45 AM

Posted 22 July 2012 - 02:42 PM

Restart the PC,run TDSSkiller and aswmbr once again and post the new logs




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users