Atapi & Google Redirect Virus!!!!!!

Welcome to Major Geeks!

You need to finish the instructions given and attach the logs that were requested.

 

Okay I see we were posting at the same time. You have 3 more logs to attach from ComboFix, RootRepeal and MGtools.

 

Downloaded from where? As far as I know this is just freeware and does not contain any malware.


Download TDSSKiller from Kaspersky to your directly onto your Desktop

• Now double click the TDSSkiller.exe file to run it ( if using Vista or Windows 7 do not double click on it but rather, right click and select Run As Administrartor. )
• Allow the application to run if prompted by Windows or any security programs you have installed
• It will start the scan and run rather quickly and will notify you of whether anything is found or not.
• Follow the instructions to delete/quarantine if asks you what to do when if finds something.
• Whether an infection is found or not, a log file should be created on your C: drive ( or whatever drive you boot from) in the root folder named something like TDSSKiller.2.1.1_27.12.2009_14.17.04_log.txt which is based on the program version # and date and time run. Please attach this log to your next reply. (See: HOW TO: Attach Items To Your Post )

 

What are the below files for? If unknown then attach anyone of them here:

Code:

"C:\Windows\System32\"
gzocse~1.log  Dec  7 2010       65422  "GzOCsetup_20101207.log"
gzocse~2.log  Dec  8 2010       25371  "GzOCsetup_20101208.log"
gzofse~1.log  Dec  7 2010       65075  "GzOFsetup_20101207.log"
gzofse~2.log  Dec  8 2010       25411  "GzOFsetup_20101208.log"
gzogse~1.log  Dec  7 2010       65898  "GzOGsetup_20101207.log"
gzogse~2.log  Dec  8 2010       26123  "GzOGsetup_20101208.log"
gzohse~1.log  Dec  7 2010       66232  "GzOHsetup_20101207.log"
gzohse~2.log  Dec  8 2010       26060  "GzOHsetup_20101208.log"

 

If you don't trust them and if your problems only began after installing this software then maybe you should uninstall it.

Part of Windows. It's a folder, not a file.

None of your logs are showing any remaining problems. Are you still having redirects? If so, do they occur in safe boot mode too?

Did you setup your DNS servers to use the below or did your ISP default to these OPEN dns IPs

Code:

   DNS Servers . . . . . . . . . . . : 208.67.222.222
                                       208.67.220.22

 

Someone likely set those DNS addresses. They are not the typical malware ones that point to Russia. You could check with your ISP to see what you are supposed to have.

If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /uninstall
     • Notes: The space between the combofix" and the /uninstall, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
3. Go back to step 6 oof the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
7. Go to add/remove programs and uninstall HijackThis.
8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
   related to MGtools and some other items from our cleaning procedures.
9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning procedures pointed to by step 7 of the READ ME
     for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!

 

Possibly just due to the fact that you are running your F-secure security suite and also Iobit360. Uninstall Iobit360 and then reboot and make sure it is gone. Then see how things are running.

1. The first is a false detection of the process.exe file in the MGtools folder. It is just a command line based Task Manager that is well known and documented.
2. I have no idea what the second is as it does not seem to be a documented name. Show me the log.
3. And the third is from some garabage you had installed at one time. Your logs showed the below folder from UniBlue so you did install this
   Code:

   "C:\Users\Ravenstarr\AppData\Roaming\"
   UNIBLUE       Sep 16 2010              "Uniblue"

 

None of the logs you had previously attached had showed any malware found or removed. So it would seem more likely that you are having Windows problems that you may want to post about in the Software Forum.