Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect


  • This topic is locked This topic is locked
6 replies to this topic

#1 ie.redirect

ie.redirect

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:54 PM

Posted 04 October 2012 - 01:46 PM

Dear BleepingComputer,

I have tried to be careful over the years - even installing WOT to watch where I go but once again, I have been punked with the Google Redirect virus/malware. Originally, a month ago, I had this:
googleads.g.doubleclick.net/page.

Now, I have additional redirects:
rcm.amazon.com/e/cm?lt1=blank&b
this.content.served.by.adshuffle
sana.newsinc.com/sana.html?wid=8
platform.twitter.com/widgets/fol
etc, etc, etc.

Sadly, I am restricted from instaling anything because I am on a company computer and do not have administrative rights. However, after fussing with them for over a month about this malware, I have finally gotten them to agree to allow me to have admin rights for a day to remove this thing. They have only allowed this under the condition that I do everything under their watchful eye. So, IF you are willing to help with them looking over our shoulder, I really will appreciate it and I do need it.

I am contacting you now and setting up the account and the topic so that by the time you are ready, I will be able to contact my IT guys and begin to remove this thing.

Thanks in advance,
Ken

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,256 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:54 PM

Posted 06 October 2012 - 08:48 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Before anything can be suggested I need to see the result of these scans.


Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
    • DDS.scr <- not recommended if you use Chrome to download this .scr file. Use the other options.
    • DDS.pif
    • DDS.COM
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.
==

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

p.s.
Before posting the logs you can X out any references to your organization, nothing else.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,256 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:54 PM

Posted 12 October 2012 - 08:36 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,256 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:54 PM

Posted 17 October 2012 - 10:02 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,256 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:54 PM

Posted 17 October 2012 - 01:51 PM

Topic is reopened.

p.s. Please do not request that a topic be reopened in the Profile. Use the Personal message.
Thanks.

#6 ie.redirect

ie.redirect
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:54 PM

Posted 18 October 2012 - 08:52 AM

Nasdaq,

Thank you for re-opening my forum topic. I greatly appreciate it.

As I mentioned, this is my company's computer/laptop and I do not have admin rights. Therefore, I am unable to install any file or tool.

I have been fussing with these people for over 2 months trying to get them to fix this - they have not understood the problem nor have they expressed any but passing interest in fixing it. Finally about 2 weeks ago, they decided that they would give me admin priveleges for about 2 hours!! unbelievable! Obviously, they don't have a clue...

Anyway, after I explained to them, one more time, that this was going to take days to fix, they decided to hire an outside contractor tech to come in and remove the virus! (I secretly doubt they will have a clue either... i hope i'm wrong).

For their lack of professionalism and ability to make a decision, I apologize to you. I will not be allowed to use your expertise to fix this problem.

Best Regards,
Ken

#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,256 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:54 PM

Posted 18 October 2012 - 12:44 PM

Thank you for the feed back.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users