Need Help Removing Firefox Redirects/Popups

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Americanbang, Apr 25, 2011.

  1. Americanbang

    Americanbang Private E-2

    Alright, I have been trying to remove this virus for the past week and I'm starting to get frustrated with it. I've been following a bunch of guides on how to remove malware, but nothing has worked yet. I keep getting google redirects on Firefox and recently it's started doing popups.

    I'm using Windows XP.

    I reboot/recover (which ever it is) but I had it fixed a while back and it doesn't let me anymore with this new harddrive they installed. I do not have a disc for my computer either.

    I have tried removing the virus with AVG, Malwarebytes, Superantispyware, Spybot - Search & Destroy, and Spyware Doctor with AntiVirus. Malwarebytes removed a few things, but it continued. I tried using Spyware Doctor with AntiVirus and it found a lot of things, I just couldn't remove them without paying for the full version. I'm not sure what kind of virus I have, so I'm not trying to pay for anything through the computer. If I have to go get something at the store, then I will.

    I was doing a guide yesterday that had me open up some files and look at a hosts file, it had hundreds of links to advertisement sites and I tried to remove them, but it wouldn't let me save the file after I did that.

    If somebody can help me out here that would be awesome. Hopefully I provided enough information about my problems and how much I've done so far to get rid of this.
     
    Americanbang, Apr 25, 2011
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Welcome to MG's. Please follow these instructions:

    READ & RUN ME FIRST. Malware Removal Guide

    ALSO:
    Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!


    Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.

    • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
      Vista/Windows 7 users right-click and select Run As Administrator.
    • If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123tdk.com).
    • Click the Start Scan button.
    • Do not use the computer during the scan
    • If the scan completes with nothing found, click Close to exit.
    • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_14.17.05_log.txt) will be created and saved to the root directory ( usually Local Disk C ).
    • Attach this log to your next message
     
    TimW, Apr 25, 2011
    #2
  3. Americanbang

    Americanbang Private E-2

    Edit - Here's the file. I didn't know you wanted the actual file.
     

    Attached Files:

    Americanbang, Apr 25, 2011
    #3
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Please read this:
    How to attach items to your post or view How to Attach Items: the Video.

    Now Please also download MBRCheck to your desktop

    • Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
    • It will show a Black screen with some information that will contain either the below line if no problem is found:
      • Done! Press ENTER to exit...

    • Or you will see more information like below if a problem is found:
      • Found non-standard or infected MBR.
      • Enter 'Y' and hit ENTER for more options, or 'N' to exit:

    • Either way, just choose to exit the program at this point since we want to see only the scan results to begin with.
    • MBRCheck will create a log named similar to MBRCheck_07.16.10_00.32.33.txt which is random based on date and time.
    • Attach this log to your next message.
     
    TimW, Apr 25, 2011
    #4
  5. Americanbang

    Americanbang Private E-2

    I edited my post for the other log file. Here's the MBRCheck log.
     

    Attached Files:

    Americanbang, Apr 25, 2011
    #5
  6. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Are you still being redirected?
     
    TimW, Apr 25, 2011
    #6
  7. Americanbang

    Americanbang Private E-2

    Nope :D

    If I encounter any redirects or popups I will reply back.

    Do I need to run/do anything else?

    Thanks Alot!
     
    Americanbang, Apr 25, 2011
    #7
  8. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You should be fine, but it's always best to double check your system when you are infected. So if you can, do the read and run first instructions and attach these logs for us to check:
    SAS
    MBAM
    RootRepeal -- if it runs
    ComboFix
    C:\MGLogs.zip --- from running the C:\MGTools.exe
     
    TimW, Apr 25, 2011
    #8

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds