Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

When Doing Google Search I Am Getting Redirected


  • Please log in to reply
4 replies to this topic

#1 Mark Wenholz

Mark Wenholz

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:44 PM

Posted 07 January 2013 - 10:00 AM

Hello, whenever I do a google search I am getting redirected to the following address. I have run my virus scan as well as a malwarebytes finder and nothing is ever found. Please help.

http://63.209.69.107/search/web

BC AdBot (Login to Remove)

 


#2 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,284 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:10:44 PM

Posted 07 January 2013 - 10:03 AM

Hi, Mark Wenholz! I'm going to try to help you out. :)

TDSSKiller

I need you to run a scan using TDSSKiller.

  • Download TDSSKiller from here, and save it to your desktop.
  • Double click the file to launch the program. Once the program starts, click Start Scan. Don't change any default scan settings.
  • Once the scan is finished, you'll find a log in your root drive (usually C: ) that will start with TDSS in the file name, please copy and paste it into your reply.

Malwarebytes

I need you to run a scan with Malwarebytes Anti-Malware.

  • Double-click the MBAM shortcut on your desktop to open MBAM.
  • Click the Update tab, and check for updates. If a new version of MBAM is included in the update, follow the prompts and install it.
  • Once the program is done updating, select the Perform full scan option on the main interface. Then click the Scan button, hit Scan, and let the scan run.
  • Once the scan is finished, a log will pop up. If any malware was found, click the Show Results button, and make sure everything present is checked and click Remove Selected. If MBAM asks you to reboot, do so immediately. Either way, please copy and paste the log into your reply. If your PC is rebooted, you can find the log by opening up MBAM and going to the Logs tab.

AdwCleaner

I need you to run AdwCleaner to see if it removes anything.

  • Download AdwCleaner from here, and save it to your desktop.
  • Close all open programs.
  • Open the file on your desktop, and click the Delete button. Confirm operations at every prompt. Your PC will be rebooted after the final prompt.
  • Once rebooted, a text file will open up. Please copy and paste it into your reply.

RogueKiller

I need you to run RogueKiller to see if it removes anything.

  • Download RogueKiller from here, and save it to your desktop.
  • Close all open programs.
  • Double click the file on your desktop. Once the automatic check completes, hit the Scan button.
  • Once the full scan has finished, click on the Delete button. Once it's done removing things, open the newest log on your desktop (should be called RKreport[2].txt) and copy and paste it into your reply.

Please tell me how the PC is running in your next reply.

Gunto

Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#3 Mark Wenholz

Mark Wenholz
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:44 PM

Posted 07 January 2013 - 01:25 PM

I have run everything and now when I attempt to open IE it just sits there and never goes to my home page or any page that I type in. I am working on getting the logs into the next reply. I am replying to this from another computer.

#4 Mark Wenholz

Mark Wenholz
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:44 PM

Posted 07 January 2013 - 01:34 PM

Ok, update: It takes the pages on the internet over 2 minutes 2 load but they will eventually load. Same problem with Google still. Not sure why the internet pages are now taking so long. There were no problems with speed prior to doing what you mentioned above. Here are the logs. Please help ASAP. Need this computer for our user working.



# AdwCleaner v2.104 - Logfile created 01/07/2013 at 11:57:54
# Updated 29/12/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (32 bits)
# User : thomas.billings - JOV-DAL-7D16
# Boot Mode : Normal
# Running from : C:\Users\Thomas.Billings\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

*************************

AdwCleaner[S1].txt - [625 octets] - [07/01/2013 11:57:54]

########## EOF - C:\AdwCleaner[S1].txt - [684 octets] ##########





Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.07.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
thomas.billings :: JOV-DAL-7D16 [administrator]

Protection: Disabled

1/7/2013 9:05:10 AM
mbam-log-2013-01-07 (09-05-10).txt

Scan type: Full scan (C:\|D:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 526754
Time elapsed: 1 hour(s), 30 minute(s), 8 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)





RogueKiller V8.4.2 [Jan 6 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : thomas.billings [Admin rights]
Mode : Scan -- Date : 01/07/2013 12:03:19

Bad processes : 1
[DLL] rundll32.exe -- C:\Windows\System32\rundll32.exe : C:\Users\Thomas.Billings\AppData\Roaming\vmdudg.dll -> KILLED [TermProc]

Registry Entries : 9
[RUN][SUSP PATH] HKCU\[...]\Run : vmdudg ("C:\Windows\System32\rundll32.exe" "C:\Users\Thomas.Billings\AppData\Roaming\vmdudg.dll",ReadLastObjectFromFile) -> FOUND
[RUN][SUSP PATH] HKLM\[...]\Run : vmdudg ("C:\Windows\System32\rundll32.exe" "C:\Users\Thomas.Billings\AppData\Roaming\vmdudg.dll",ReadLastObjectFromFile) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-1161501016-3420441695-713373109-1203[...]\Run : vmdudg ("C:\Windows\System32\rundll32.exe" "C:\Users\Thomas.Billings\AppData\Roaming\vmdudg.dll",ReadLastObjectFromFile) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorUser (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

Particular Files / Folders:
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-18\$bd139a42a8f5c55c25e31b72ecfd9ae2\@ --> FOUND
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-1161501016-3420441695-713373109-1203\$bd139a42a8f5c55c25e31b72ecfd9ae2\@ --> FOUND
[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-18\$bd139a42a8f5c55c25e31b72ecfd9ae2\U --> FOUND
[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-1161501016-3420441695-713373109-1203\$bd139a42a8f5c55c25e31b72ecfd9ae2\U --> FOUND
[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-18\$bd139a42a8f5c55c25e31b72ecfd9ae2\L --> FOUND
[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-1161501016-3420441695-713373109-1203\$bd139a42a8f5c55c25e31b72ecfd9ae2\L --> FOUND

Driver : [LOADED]

Infection : ZeroAccess

HOSTS File:
--> C:\Windows\system32\drivers\etc\hosts



MBR Check:

+++++ PhysicalDrive0: ST3250312AS ATA Device +++++
--- User ---
[MBR] af433ee5d5b30489872e6406aa8954a2
[BSP] 8381b734fcea3e2c927b049d29412913 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 12442 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 25563136 | Size: 225992 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_01072013_02d1203.txt >>
RKreport[1]_S_01072013_02d1203.txt

#5 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,284 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:10:44 PM

Posted 07 January 2013 - 11:58 PM

Hi,

You're infected with Zero Access, which is a pretty nasty infection, which would explain most if not all the problems you're having. You'll need advanced help.

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

Gunto

Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users