google links redirect and fake "your comp infected" message

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by stmas, Dec 31, 2009.

  1. stmas

    stmas Private E-2

    Greetings!

    I have windows xp sp3.
    Have Mcafie real time installed.
    From run me first list:
    Combofix failed to download: had an error "your computer protected or not enough space"... have more that 1.5G available.
    When running mgtools looks like it hangs when running 'highjackthis'....

    still noticed the following problems:

    1. google redirect
    2. "your computer infected" - popup

    Thank you very much!
     

    Attached Files:

    stmas, Dec 31, 2009
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Please try doing this first:

    * Please download TDSSKiller to your Desktop
    * Extract its contents to your Desktop so that you have TDSSKiller.exe directly on your Desktop and not in any subfolder of the Desktop.
    * Click Start > Run and copy/paste the following bold command into Run box and hit Enter.

    "%userprofile%\Desktop\TDSSKiller.exe" -v

    * Follow the instructions to type in "delete" when it asks you what to do when if finds something.
    * When done, a log file should be created on your C: drive named something like TDSSKiller.2.1.1_27.12.2009_14.17.04_log.txt which is based on the program version # and date and time run. Please attach this log to your next reply.

    Now use windows explorer to find and delete:
    C:\cygwin
    C:\Documents and Settings\misha\Local Settings\Application Data\jvcums

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:

    * C:\MGlogs.zip
     
    TimW, Jan 2, 2010
    #2
  3. stmas

    stmas Private E-2

    Tim, thank you very much!
    let me bring you up to speed what is going on.
    1. I found on the internet that stopzilla removes the redirect virus and when running stopzilla my inspiron 6400 xp sp3 hanged.
    2. After I pushed the power off button, I got Blue screen with stop 7E, and could not reboot in any mode other than using DELL Windows CD in repair mode, where i run rebuil boot.ini, after realizing it does not create the correct boot file, I'm trying to solvage my files from this laptop before proceeding any further (any suggestion?) I run DELL diagnostics for blue screens errrors -and recieved no errors! I run the chkdsk in repair mode: first from the main windows - and get an errors saying that there are problem with the disck c:, then I ran the same chkdsk c: /p /r from the mediadirect windows partition in repair mode and recieved no error!
    3. I'm using another DELL laptop, and got a blue screen today on this one with the same 7E, but was able to restart the windows and run the kassperski utility you suggested, and the log is attached.

    Your help is appreciated
     

    Attached Files:

    stmas, Jan 3, 2010
    #3
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Which computer are we working on? I am confused. We need to work on one computer at a time, any other computer needs its own thread.

    Whichever computer that log was from is clean. Did you have MBAM fix the issues that it found? Where you able to find and delete the two items I asked you to find and delete?

    Are you dual booting?
     
    TimW, Jan 4, 2010
    #4
  5. stmas

    stmas Private E-2

    hi Tim,

    No do not use dual boot (think VM is much better choice...:)
    MBAM did not fix serach redirect problem.

    I followed the addvice and put the hard drive from the infected laptop into external HD enclosure and was able to copy my data.
    After I copied those file I removed them from the infected HD, and have removed the folders you suggested .... It added to 4GB left space another 75 GB.
    After putting back the infected HD to the laptop, I was able to boot, my 7E Blue screen dissapeared, and guess what? the search redirect problem dissapered too.

    I can explain that may be 7E was caused by lack of space on the drive, but how to explain redirect problem gone?
    Any ideas?

    thanks a lot!
     
    stmas, Jan 10, 2010
    #5
  6. stmas

    stmas Private E-2

    Was able to get logs from mgtools.
    thanks!
     

    Attached Files:

    stmas, Jan 10, 2010
    #6
  7. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Your logs look clean, so I am assuming that you did in fact have MBAM fix all the items that it found in the original logs you posted.

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real-time protection. They are useful as backup scanners.They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /uninstall
        • Notes: The space between the combofix" and the /u, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
    3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    4. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    5. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    6. Go to add/remove programs and uninstall HijackThis.
    7. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    8. If you are running Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures in step 3 the READ ME for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore ato create a new clean Restore Point.
    9. After doing the above, you should work thru the below link:
     
    TimW, Jan 11, 2010
    #7
  8. stmas

    stmas Private E-2

    Hi there,

    you would be surprised, but the redirect search virus come back again, and this happened after I installed security patch from Microsoft (not sure if there is correlation).
    When installing the previous Microsoft patch it came with microsoft virus scanneer, it found an Alureon B and disabled it, suggesting that SW like Mcfee must ultimately delete it, but neither Mcfee nor MBAM nor Superantispyware discovered anything.

    And after I installed the latest MS security patch (again not sure there is correlation) I started getting messages that Microsoft DEP service spoted problem and need to reboot my computer. Next I was getting a Microsoft message that NT spoted somebody writing into protected area and windows must shutdown.

    I tried to restore windows to an earlier date, but restore failed.
    Finally I resinstalled windows without reformatting my drive (after installation it hung when starting for 2hours, I had to power it off). After I restarted windows the redirect virus does not show up so far. I uninstalled IE 8 and installed IE 7.

    Will appreciate your comments...
     
    stmas, Jan 23, 2010
    #8
  9. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    It is possible that when you did a repair install, it over wrote any corrupt file. Please keep me informed if you start getting re-directed again.

    Just to be certain, please:

    * Please download TDSSKiller to your Desktop
    * Extract its contents to your Desktop so that you have TDSSKiller.exe directly on your Desktop and not in any subfolder of the Desktop.
    * Click Start > Run and copy/paste the following bold command into Run box and hit Enter.

    "%userprofile%\Desktop\TDSSKiller.exe" -v

    * Follow the instructions to type in "delete" when it asks you what to do when if finds something.
    * When done, a log file should be created on your C: drive named something like TDSSKiller.2.1.1_27.12.2009_14.17.04_log.txt which is based on the program version # and date and time run. Please attach this log to your next reply.
     
    TimW, Jan 24, 2010
    #9

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds