MajorGeeks Support Forums

Go Back   MajorGeeks Support Forums > ----------= PC, Desktop and Laptop Support =---------- > Malware Removal
Register FAQ Members List Calendar Casino Mark Forums Read

Malware Removal Malware removal forum. Please see the READ ME FIRST thread before you post. Forum is staffed by a small number of volunteers, please be patient.


Closed Thread
 
Thread Tools Display Modes
  #1  
Old 01-04-13, 18:33
okolao okolao is offline
Private E-2
 
Join Date: Jan 2013
Posts: 5
Thanks: 0
Thanked 0 Times in 0 Posts
Unhappy Can't get rid of stubborn redirect virus

Hi there,

Let me start by saying I run windows 7 64bit on a laptop and I do not have a boot disk, neither did I create a factory image

I have the findgala google redirect virus. I have gone through the redirect virus removal guide and the clean up one to no avail.

I have run MBAM multiple times, in safe mode, after updating it and did find something eventually, removed it and i'm still getting the redirects.
MSE has failed to find anything all together.

I run chrome as my sole browser but did also clear the cache in IE.

I'm really at a loss and need help
Attached Files
File Type: txt MBAM-log-2013-01-04 (22-17-31).txt (2.2 KB, 1 views)
File Type: txt RKreport[1]_S_01042013_02d2316.txt (2.9 KB, 3 views)
File Type: txt dds.txt (29.8 KB, 0 views)
File Type: txt attach.txt (17.4 KB, 0 views)
Sponsored links
  #2  
Old 01-04-13, 18:57
okolao okolao is offline
Private E-2
 
Join Date: Jan 2013
Posts: 5
Thanks: 0
Thanked 0 Times in 0 Posts
Exclamation Stubborn redirect virus, Need help

Hi there,

Let me start by saying that I am running windows 7 64bit on a laptop, I don't have the boot disk neither did I create a factory image I'm an idiot, I know.

I have some kind of redirect virus, it redirects me to findgala, so after lots of searching and trying things I'm at a loss. I have followed both the redirect virus removal guide and the more general one to no avail.

However whilst MBAM did find something finally after an update (spyware.banker??) whilst in safe mode after deleting it and restarting I am still getting the redirects. MSE also found nothing.

I have attached all the logs that were mentioned, I really just don't know what to do next
Attached Files
File Type: txt MBAM-log-2013-01-04 (22-17-31).txt (2.2 KB, 1 views)
File Type: txt RKreport[1]_S_01042013_02d2316.txt (2.9 KB, 1 views)
File Type: zip MGlogs.zip (517.2 KB, 5 views)
File Type: txt dds.txt (29.8 KB, 1 views)
File Type: txt attach.txt (17.4 KB, 0 views)
  #3  
Old 01-04-13, 22:44
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,771
Thanks: 62
Thanked 7,836 Times in 4,254 Posts
Default Re: Can't get rid of stubborn redirect virus

Welcome to Major Geeks!

Is your redirection problem only happening with Chrome? Shutdown Chrome and test with IE.
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
  #4  
Old 01-05-13, 07:23
okolao okolao is offline
Private E-2
 
Join Date: Jan 2013
Posts: 5
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: Can't get rid of stubborn redirect virus

Hi,

Thanks for the reply. I am getting the redirects on both chrome and IE and some sites such as my gmail aren't secure.
I am not currently getting them on IE as of this afternoon but last night I was and these redirects happen on and off with worsening severity.
  #5  
Old 01-05-13, 13:31
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,771
Thanks: 62
Thanked 7,836 Times in 4,254 Posts
Default Re: Can't get rid of stubborn redirect virus

It may just be that you have allowed an addon to Google Chrome. I did see signs of Yontoo and there may be other junk too. Please attach the requested log from Hitman Pro.

Also what did you use that put in the large hosts file. Sometimes things can hide in large hosts files because it is hard to locate them when the file is so large.
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Sponsored links
  #6  
Old 01-05-13, 18:56
okolao okolao is offline
Private E-2
 
Join Date: Jan 2013
Posts: 5
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: Can't get rid of stubborn redirect virus

Hi,

I've attached that hitmanpro log. I hope that helps.

I'm not sure what you mean? I'm not even sure what a host file is, so if I did do something it wasn't on purpose.

I thought I may of gotten rid of it until I just had another redirect after searching for antivirus software as this is what triggers the redirects most often.

Also my boyfriend whilst I was at work removed yontoo from chrome extensions.
Attached Files
File Type: log HitmanPro_20130105_2355.log (9.6 KB, 1 views)
  #7  
Old 01-05-13, 22:37
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,771
Thanks: 62
Thanked 7,836 Times in 4,254 Posts
Default Re: Can't get rid of stubborn redirect virus

Quote:
Originally Posted by okolao View Post
Also my boyfriend whilst I was at work removed yontoo from chrome extensions.
Not completely and since you still have a problem, we will have to remove Chrome to fix this.

So uninstall Chrome now. Do not reinstall until requested. Just use Internet Explorer for now.

Uninstall the below very old versions of software:
Java(TM) 6 Update 30



Please download OTM by Old Timer and save it to your Desktop.
  • Right-click OTM.exe and select Run as administrator to run it.
  • Copy the lines from the below codebox to the clipboard by highlighting ALL of them and pressing CTRL + C
    (or, after highlighting, right-click and choose Copy): Do not include the word Code: which is just a title line of
    the code box
Code:
:Processes
explorer.exe
 
:Files
C:\Program Files (x86)\Yontoo
C:\Users\Lia\AppData\Local\Google\Chrome
echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
ipconfig /flushdns /c
 
:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{80922ee0-8a76-46ae-95d5-bd3c3fe0708d}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{99066096-8989-4612-841F-621A01D54AD7}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Tarma Installer\Components\{8D8654CD-7FBC-4C7E-84E9-371BFA8DB04E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Tarma Installer\Components\{9D9785E5-3424-40B6-A287-BA143AD53109}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Tarma Installer\Components\{B6783DFA-B8C8-4CB6-AB9F-EF1A1F7F7AE8}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Tarma Installer\Components\{F5F971A9-DBF8-4EEC-81E3-5F1660573E6C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Tarma Installer\Products\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc]
:Commands
[purity]
[EmptyTemp]
[start explorer]

[Reboot]
  • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar
    ) and choose Paste.
  • Now click the large button.
  • If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
  • Close OTM.
Now navigate to the C:\_OTM\MovedFiles folder ( assuming your Windows drive is C). This is where your log will be
saved in the form of Date and Time mmddyyyy_hhmmss.log. Just look for the most recent .log file. Attach this log file to your next message.


Now download HostsXpert and then follow the below steps.
  • Unzip HostsXpert.zip
  • It will create a folder named HostsXpert in whatever folder you extract it to.
  • Run HostsXpert.exe by double clicking on it.
  • Click the Make Writeable? button. (if you only see a Make Read-Only selection, it is already writeable so skip this button).
  • Click Restore Microsoft's Hosts File and then click OK.
  • Click the X to exit the program
Now download and install Chrome from the below link:

Google Chrome 23.0.1271.97 Stable


Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).


Then attach the below logs:
  • the C:\_OTM\MovedFiles log
  • C:\MGlogs.zip
Make sure you tell me how things are working now!
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
  #8  
Old 01-06-13, 11:26
okolao okolao is offline
Private E-2
 
Join Date: Jan 2013
Posts: 5
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: Can't get rid of stubborn redirect virus

Hi,

It hasn't happened yet so far so that's good, not even when searching for some anti virus software.
I've attached the logs too
Attached Files
File Type: zip MGlogs2.zip (412.0 KB, 1 views)
File Type: log 01062013_140601.log (8.4 KB, 2 views)
  #9  
Old 01-06-13, 17:18
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,771
Thanks: 62
Thanked 7,836 Times in 4,254 Posts
Default Re: Can't get rid of stubborn redirect virus

I still see Java(TM) 6 Update 30 in your logs. Did you forget to uninstall it?

Also now Yontoo shows in your Uninstall Programs list. It was not showing there in your first logs. The below show remove it.


Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
Quote:
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}]
Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Closed Thread

Tags
findgala, malware, redirect, redirect google website, virus

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Stubborn Google Redirect MaitakeBoy Malware Removal 13 10-04-12 17:37
Stubborn virus ergeek Malware Removal 14 11-06-10 11:28
Stubborn Virus Russ Murphy Majorgeeks Welcome Center 4 02-14-10 02:28
Stubborn Virus Mike Boland Majorgeeks Welcome Center 2 08-28-06 12:31
Stubborn Virus! Please Help HunterKiller_ Malware Removal 6 07-05-06 02:52


All times are GMT -5. The time now is 20:04.

MajorGeeks.Com Menu

MajorGeeks.Com \ All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ NEW! PC Games \ System Tools \ Macintosh \ Demonews.Com \ Top Downloads

MajorGeeks.Com \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds


All content Copyright MajorGeeks.com source code Powered by vBulletin® Version 3.8.4
Copyright © 2009 vBulletin Solutions, Inc. All rights reserved.
Ad Management by RedTyger