Search Engine Redirection

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Lord Winston, Jul 4, 2011.

  1. Lord Winston

    Lord Winston Private E-2

    Hello, I seem to have a pretty bad search engine redirection problem, I have read read the Google redirection thread, and read and run me, and went through most of the steps. Ive tried scanning with Malware Bytes and a few other programs, such as Adaware, and spybot search and destroy, some Pups were found, one being a hijack pup (was found by Adaware), but I'm still having redirection problems like I was before the scan. I am not sure what to do at this point, any help would be greatly appreciated, thank you!
     
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You need to attach the requested logs from doing the Read and Run First instructions.

    Also do this:

    TDSSkiller - How to run
     
  3. Lord Winston

    Lord Winston Private E-2

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 07/04/2011 at 02:17 PM

    Application Version : 4.55.1000

    Core Rules Database Version : 7370
    Trace Rules Database Version: 5182

    Edit by chaslang: Inline SAS log removed. Logs need to be attachments.



    Yesterdays Malware bytes scan.

    Malwarebytes' Anti-Malware 1.51.0.1200
    www.malwarebytes.org

    Database version: 7012


    Edit by chaslang: Inline MBAM log removed.


    Todays Malware byte scan.


    Malwarebytes' Anti-Malware 1.51.0.1200
    www.malwarebytes.org

    Database version: 7012


    Edit by chaslang: Inline MBAM log removed.



    Combofix Log

    Edit by chaslang: Inline ComboFix log removed.
     

    Attached Files:

    Last edited by a moderator: Jul 5, 2011
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Please follow the instructions properly and attach your logs. (See: HOW TO: Attach Items To Your Post ) which was given in the link you were sent to. Your inline logs were the reason your posts did not show up!!! They were trapped in the spam filters.


    Make sure that you attach ALL of the logs too. You should be attaching logs from the below:
    • TDSSKiller
    • SUPERAntiSpyware
    • Malwarebytes
    • ComboFix
    • RootRepeal
    • MGtools
     
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Ah I see in your second set of logs you did at least attach MGlogs.zip. Since it includes the requested TDSSKiller and ComboFix logs automatically ( when it can find them ), please just properly attach logs from Malwarebytes, SUPERAntiSpyware and RootRepeal. Your inline logs will be deleted soon.

    I see TDSSKiller remove a TDL infection. Are you still have redirects?
     
  6. Lord Winston

    Lord Winston Private E-2

    Wow, ok, I guess I wasnt paying attention, thought copy and paste of the logs would be good. Only one attached was MGlogs.

    And, yes, still having major redirects, I will have to get back to you at a later date though unfortunately, the computer infected is my Moms, so I dont have access to attaching the logs at the moment, so, ill get back to you asap.
     
  7. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Once you get it back, please do the following:

    * Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
    If it is not on your Desktop, the below will not work.
    * Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
    * If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
    * Open Notepad and copy/paste the text in the below code box into it (make sure you scroll all the way down in the code box to get all lines selected ):
    Code:
    KILLALL::
    
    File::
    C:\ProgramData\~41541368
    C:\ProgramData\~42131192
    
    * Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    * At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    * You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    If it asks you to overide the previous file with the same name, click YES.
    * Now use your mouse to drag CFscript.txt on top of ComboFix.exe
    [​IMG]
    * Follow the prompts.
    * When it finishes, a log will be produced named c:\combofix.txt
    * I will ask for this log below

    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

    Then attach the below log:

    • C:\MGlogs.zip
    • SAS Log
    • MBAM log
    • RootRepeal log

    Make sure you tell me how things are working now!
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds