1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Can't get rid of google redirect...

Discussion in 'Malware Removal' started by jenandlaw, Dec 2, 2012.

Thread Status:
Not open for further replies.
  1. jenandlaw

    jenandlaw Private E-2

    I'm getting this ridiculously-persistent Google redirect in Firefox and Chrome. I don't use IE so I'm not sure about that one. It only happens about once every four or five searches. I'll get sent to a completely different page. If I hit the back button, I'll get the page I wanted, but it seems like the original redirect happens so fast I never even see the page I wanted before it forwards me to another page.

    I believe, but I'm not certain, that it started a few weeks ago when I had to redownload drivers to get my iTunes to play cds.

    Attaching the logs as requested.

    Attached Files:

  2. jenandlaw

    jenandlaw Private E-2

    I have been trying to verify that it is still redirecting, and although my husband says it did it twice to him this morning, it hasn't happened to me yet. He rebooted and maybe that was all that it needed after all the scans. I'm temporarily going to say this issue is solved. If it happens again, I will bump the thread and get back in line. Thanks!
  3. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Re run Hitman and have it delete Potential Unwanted Programs

    [​IMG] Fix items using RogueKiller.

    Double-click RogueKiller.exe to run. (Vista/7 right-click and select Run as Administrator)
    When it opens, press the Scan button
    Now click the Registry tab and locate these 1 detection:
    • [STARTUP][SUSP PATH] _uninst_26864385.lnk @andyandjenni : C:\Users\andyandjenni\AppData\Local\Temp\_uninst_26864385.bat -> FOUND

    Place a checkmark each of these items, leave the others unchecked.
    Now press the Delete button.
    When it is finished, there will be a log on your desktop called: RKreport[2].txt
    Attach RKreport[2].txt to your next message. (How to attach)
    Reboot the machine.

    Delete this file.
    C:\Users\andyandjenni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_26864385.lnk

    Everything running okay still?
  4. jenandlaw

    jenandlaw Private E-2

    So glad you replied. It's not gone. I got a redirect today while trying to go to Youtube. Sent me to some wackadoodle russian credit card site.

    Attached are two logs. When I right clicked on Roguekiller it started scanning right away. Then I selected the registry tab and scanned. I made sure it only had a checkmark by the line you stated, but when it deleted it said it deleted three.

    After rebooting that file you asked me to delete isn't there.

    Attached Files:

  5. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Attach JRT.txt to your next message.

    Run this and attach the results.

    Using ESET's Online Scanner
  6. jenandlaw

    jenandlaw Private E-2

    Just to be clear, you want me to run the Junkware Removal Tool AND the Eset Online Scanner, correct?
  7. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Oh yes. :)
  8. jenandlaw

    jenandlaw Private E-2

    Sorry for the delay. Took hours to run last night. Eset found something. Wonder why it didn't find it the first time I ran Eset Online Scanner? Oh well....

    Thanks, Kestrel.

    Attached Files:

  9. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    ESET didn't find anything bad anyway.

    Download OTL to your desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Vista and Windows 7 users Right-click OTL and choose Run as Administrator)
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check.
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

    When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

    Attach both of these logs into your next reply.
  10. jenandlaw

    jenandlaw Private E-2

    See attached.

    Attached Files:

  11. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    This only occurs in Firefox and Chrome, right?
  12. jenandlaw

    jenandlaw Private E-2

    I haven't tried it in I.E. yet since I never use it. Will try tonight.

    Do I need to just buy a new laptop and burn this one?
  13. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    No!!! :)

    Let me know about IE, ok? Then we can make a plan of action from there. Getting late for me here and I'm about to splurge pretty soon. But will be about tomorrow as soon as poss!
  14. jenandlaw

    jenandlaw Private E-2

    Surfed a little tonight using I.E. and didn't have any redirects. Switched over to Firefox for something and immediately got the redirect to that russian credit card company, ANNNNNNDDDD this time, AVG popped up with a "threat detected" message. See attached. Does that help?

    Attached Files:

  15. jenandlaw

    jenandlaw Private E-2

    FYI shortly after posting the previous message i got the blue screen. Then got it twice more. Start the computer. It starts booting up for about 2 mins then blue screen. :(
  16. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    We are going to be uninstalling your old version of FireFox and installing the new version. (Except we will be using Revo Uninstaller to uninstall) So do the below to save bookmarks:

    • Run FireFox and click Bookmarks.
    • Then select Organize Bootmarks.
    • Then on the next window click File and then select Export. Save the bookmarks.html file to your Desktop for later use in importing.
    Now download and save the installer for the current version of FireFox but DO NOT install it yet. Get it here: Mozilla FireFox

    You will need exit FireFox now and use Internet Explorer to continue with the below until we reinstall FireFox.

    Start by uninstalling FireFox and then reboot. Do not skip the reboot.
    After reboot, delete the below folders:
    • C:\Program Files\Mozilla Firefox
    • C:\users\UserAccount\AppData\Roaming\Mozilla\Firefox

    where UserAccount is the actual user account name being used.

    Now reinstall FireFox from the file previously downloaded.
    Import your bookmarks file. (similar process to exporting).

    Any better?
  17. jenandlaw

    jenandlaw Private E-2

    Oh my. Things going downhill. Couldn't get past the blue screen that happens when I login. Finally got it to boot in safe mode. Ran malwarebytes because I didn't know what else to do. See attached log. Then did as you suggested in your last post. Haven't reinstalled Firefox. Don't have to have it. Tried to login without safe mode, keep getting the blue screen. See attached screenshots of what errors I'm getting.

    Just got the redirect in "safe mode with networking" when I got online to post this using Chrome.

    Attached Files:

  18. jenandlaw

    jenandlaw Private E-2

    more screenshots

    Attached Files:

  19. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Please download Combofix to your desktop. Please refer to these instructions prior to running. Attach log once done.
  20. jenandlaw

    jenandlaw Private E-2

    Since my last post, I couldn't get the computer to boot in anything but safe mode. I would get blue screens immediately. I had about decided that I was going to have to order a new hard drive and start all over. I went to try to find out what kind of hard drive I have (sata or IDE) and device manager wouldn't show me any hard drives. I googled that, and found a reference that some TDSS rootkits would do that, and to run a specific Kaspersky scan. I did, but it didn't save a log so I don't know what it did. Afterwards, I could boot normally again and haven't had the blue screen since.

    I'm sorry I did this unsupervised, but I really didn't know what to do and only getting my next step once a day is dragging this process out so badly and I need my computer so desperately. Please don't misunderstand, I'm very grateful for the help.

    Anyway, I tell you that in case it affects your instructions.
Thread Status:
Not open for further replies.

Share This Page

MajorGeeks.Com Menu

MajorGeeks.Com \ All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ NEW! PC Games \ System Tools \ Macintosh \ Demonews.Com \ Top Downloads

MajorGeeks.Com \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds