Google Searches also being redirected.

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by CAUK, Mar 23, 2009.

  1. CAUK

    CAUK Private E-2

    About ten days ago I used Bittorrent to download an .avi and paid the price for it. I got a legion of vundo-type trojans, hundreds of infections detected by SAS. I deleted the .avi, removed malicious startup items listed in msconfig, uninstalled Bittorrent, and ran SAS, Spybot, Malwarebytes, combo fix, and MGtools. This seemed to solve the problem.

    This week, I started having the same issues as other posters on the forum. Google search links get redirected to stuff like yellowpages, Elle magazine, etc. It happens only occasionally. I ran the steps again: Read & Run, Windows XP Cleaning Procedure, but last night it kept happening. I can't tell if it's left over from the torrent infection or a new infection. Please take a look at my logs.
     

    Attached Files:

    CAUK, Mar 23, 2009
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    IMPORTANT NOTE: Some if not many, of your Windows system files are infected. And many other non-Windows files could also be infected. Even if we attempt to fix these problems (which may not be easy to do unless you have an original Windows XP SP3 bootable CD), your system may be unreliable and untrustworthy.You may need to reinstall this system.


    I'm sorry to have to bring this bad news, but infections like Vitro, Virut,...etc. can infect every executable file on a PC. They will attack all executable and not just the ones related to the Windows OS. Infections like this are not repairable (at least not at this time) and thus continued scanning will eventually result in a PC becoming totally unusable since the scanners will be deleting required system files along with files for all other programs you have installed.


    The safest and most reliable thing to do for infections like this is to just perform a total clean reinstall. I suggest that hard disk partitions be deleted and then recreated. Then formatted followed by the reinstall of Windows and other programs. We don't recommend backing up anything since the files could be carrying the infection (especially anything that is an executable type file) and you will just reinfect a new installation if you restore these backups. However if you really need personally data from this hard disk, the only method I would use would be the below:

    • physically remove the hard disk from this PC and slave it into another well protected computer. I recommend having Avast on the other PC since it seems to catch this infection.
    • DO NOT RUN ANY PROGRAMS on this infected slave drive while plugged into the other computer.
    • Copy only your data files from the infected drive. DO NOT COPY any executable type files.
    • The put this infected hard disk back into the original PC and start the reinstall process beginning with the deletion of all partitions.

    Also note this infections can spread to shared drives and also writable removable type drives. So if you have a network with shared drives, other computers may be infected. Also if you have plugged a USB flash drive into this PC, the flash drive could now be carrying the infection if any executable type files were on the flash drive. Also any PCs this flash drive has been plugged into could now be infected.
     
    TimW, Mar 27, 2009
    #2
  3. CAUK

    CAUK Private E-2

    I was afraid you would say that, but thank you. Regarding personal data, I bought a new external drive (Segate Freeagent 500Gb) and copied my My Documents folder to it as soon as the Google hijacks started. Obviously, it would have been better to do that a long time ago; there are over 30 gigs of data saved there, but no .bat or .exe files. I'm prepared to do a clean reinstall of my system. Is there any hope for the data on my external drive? It's very important to me.
     
    CAUK, Mar 27, 2009
    #3
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Just be sure that once you have reformatted and reinstalled, and after you have installed all of your AV and AS programs, then scan the data before you transfer them back.
     
    TimW, Mar 27, 2009
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds