Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect Virus?


  • This topic is locked This topic is locked
3 replies to this topic

#1 AyuChan

AyuChan

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:42 PM

Posted 24 December 2015 - 03:03 PM

Hello, dear community. I've been having a few problems with my PC for two days now, and I think it's because of an malware, a Redirect virus to be exact.

 

I've tried several anti-malware software, like, AdwCleaner, AVG, Junkware Removal Tool, Hitman Pro, Avira and several others, but they either found something which didn't solve my problem, or didn't found anything at all.

 

I'm currently writing this on safe mode, as I 'kind of' have no access to normal windows. Everything works fine in the log in screen etc, until I actually open any of the three accounts I have, including the Adminstrator account. As soon as I open it, is the first thing I see either my desktop which doesn't have any icons and the task list not there, or a black screen with only my cursor in sight. 

 

The black screen only happened once, in my latest try to log in without safe modus on.

 

If the desktop is visible, a little box with the name of 'Windows Installer' appears in the middle of the screen, with a cancel button under the text. It doesn't matter if I click cancel or not,after a while the text changes and the cancel button isn't greyed out anymore if I clicked on it before. Then it says something like 'Program couldn't be found, search for it', which is, from what I believe, because I deleted the program it was searching. If the program was not deleted, then it would simply put a copy of the program on my desktop.

 

After that, the real problem starts. Everything freezes, and the cursor laggs, after a while, something like 500 google chrome's open from itself. Sometimes I have access to the STRG + ALT + ENTF option to start the task manager and force close all the chromes, so after literally ten minutes of constant lagging and waiting, do all the Chromes close. That doesn't bring much though, since it opens right after that another 100. Most of the time, though, a error message pops up, saying STRG + ALT + ENTF failed.

 

In the safe mode, the malware doesn't open any kind of browser from itself. But sometimes, when I boot in safe mode, a error pops up telling me to copy the 'wsvd.sys' file or something like that. If I click on 'browse' I open the path the 'wsvd.sys' file should be in, and the file is clearly there from what I can see.

 

The problem with the black screen, along with the strg + alt + entf and the constant opening of google chromes after bootup, only started right after I first opened the safe mode.

 

Before I had opened the safe mode, it was all like this:

 

The windows installer box was still there. Pressing any kind of button on the keyboard either opened google chrome, or redirected me to google.com (new tab page). Using firefox or internet explorer was futile, as they also refreshed themselves  constantly upon using the keyboard even once.

 

(Windows 7)

 

Huge thanks in advance for any kind of answer.



BC AdBot (Login to Remove)

 


#2 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:42 PM

Posted 26 December 2015 - 12:59 PM

Hi and welcome to the Virus/Trojan/Spyware/Malware Removal forum,

I am thcbytes and I am here to help you!

I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Please perform all steps in the order received and do not proceed if you need clarification.

Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems please stop and tell me about it. When your computer is clean I will alert you of such. I will also provide you with detailed suggestions for prevention.

In the upper right hand corner of the topic you will see a button called Watch this topic. Click on this then choose Immediate E-Mail notification and then Proceed and you will be advised when I respond to your topic by email.

Please try to complete the steps and reply at least every 24 hours.  If you find that your delayed just post a quick reply here and let me know!!  After 5 days if your topic is not replied I will assume it has been abandoned and I will close it.

I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!

Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes might delay my ability to help you.

<<<<<<<<<<

Lastly if you have not already done so you should consider backing up your important data - pictures, documents, etc... Worse case scenario is need for a wipe and reinstall your operating system to its factory settings. Therefore your precious data will be salvaged. There are both free and paid applications available.

Cobian Backup
DriveImage XML
CrashPlan
 
<<<<<<<<<<
 
Please download USBVaccineSetup.exe from Panda Software to the desktop of your clean / working computer to vaccinate your USB drive to prevent infection.
note: the download mirror is called MajorGeeks and the download should start automatically. Please do not click any advertisements.

  • Insert your USB flash drive into the clean / working computer
  • Double-click on USBVaccineSetup.exe to install the program
  • Select your language, then read and accept the agreement to continue
  • Choose if you would like the program to run at all times, and for all newly inserted USB drives
  • Click Next then Finish to complete the installation
  • The program will launch
  • Select your USB drive from the list, then click Vaccinate USB
    note: optionally you can click Vaccinate computer as well, this disables removable items from automatically running on the system entirely
  • A message should appear that your USB drive was vaccinated. If not please report the error in your next post

Next....
 
See if you can do this in safe mode in the sick computer please.  If it won't run just let me know and I will tell you what to do next.
 
Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your USB on the clean computer then move it to your sick computer ---> Important

  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open & can be found on your USB.
  • Please copy and paste the contents of both in your reply

Kind regards,
thcbytes


Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#3 AyuChan

AyuChan
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:42 PM

Posted 28 December 2015 - 10:10 AM

Hello thcbytes, it seems like the problem was coming from my keyboard, since as soon as I replaced it, the problem was gone. So I think the topic could be closed.

 

Still, I really appreciate your answer, as I'm sure if it was really a virus, you would have surely helped me out.

So a huge thanks to you, and I'm sorry if I wasted your time in any way by not instantly reporting back as soon as the problem got solved. 

 

Again, thank you!

 

 



#4 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:42 PM

Posted 28 December 2015 - 11:21 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users