google redirect ie sys progressive protection

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by vingle, Oct 11, 2012.

  1. vingle

    vingle Private E-2

    Initially had System Progressive Protection popups.
    Removed with Malwarebytes scan.

    Now this morning I have google redirect in Internet Explorer. When I click on google search results link I get redirected.

    I did Runfirst Steps CCleaner thru MGTools for XP. Here are the results:

    MBam zipped reports are both from the after cleaned scan and the mbam log from system progressive protection removal (earlier))


    Thank you for your help
     

    Attached Files:

  2. vingle

    vingle Private E-2

    More info
    redirect happens most but not all times
    it redirects to url portalquery.com
    then it redirects to other site
    Exotxxx.net (wow)
    spryliving.com
    relish.com

    sometimes goes to selected link
    sometimes goes to www.google.com

    thanks in advance
     
    Last edited by a moderator: Oct 12, 2012
  3. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Before we continue I would like for you to use MSConfig to put this machine back into normal start up mode

    Uninstall the below.
    • Viewpoint Media Player


    [​IMG] Fix items using RogueKiller.

    Double-click RogueKiller.exe to run. (Vista/7 right-click and select Run as Administrator)
    When it opens, press the Scan button
    Now click the Files/Folder tab and locate these 4 detections:

    • [ZeroAccess][FOLDER] U : C:\RECYCLER\S-1-5-18\$10bdbca1b47c5640f3105ac1453750eb\U --> FOUND
    • [ZeroAccess][FOLDER] U : C:\RECYCLER\S-1-5-21-1177238915-1972579041-839522115-1003\$10bdbca1b47c5640f3105ac1453750eb\U --> FOUND
    • [ZeroAccess][FOLDER] L : C:\RECYCLER\S-1-5-18\$10bdbca1b47c5640f3105ac1453750eb\L --> FOUND
    • [ZeroAccess][FOLDER] L : C:\RECYCLER\S-1-5-21-1177238915-1972579041-839522115-1003\$10bdbca1b47c5640f3105ac1453750eb\L --> FOUND
    Place a checkmark each of these items, leave the others unchecked.
    Now press the Delete button.
    When it is finished, there will be a log on your desktop called: RKreport[2].txt
    Attach RKreport[2].txt to your next message. (How to attach)
    Do not reboot your computer yet.

    Delete these folders unless you know what the contents is (or they might be empty)

    C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
    C:\Documents and Settings\All Users\Application Data\7DEC4C2D1736E10F00747DEBD822C21E
    • Run Ccleaner (not the registry side, just the cleaner itself)
    • Reboot the machine.
    • Re run RogueKiller, just a scan and attach the log.
    • Now run the C:\MGtools\GetLogs.bat file by double clicking on it. (Right click and run as admin if using Vista or Windows7) Then attach the new C:\MGlogs.zip file that will be created by running this.
    • Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!
     
  4. vingle

    vingle Private E-2

    Did as you suggested:
    msconfig norm startup, Viewpoint Media uninstall, RogueKiller delete the 4 files, delete 2 folders frm doc sett\all user\app data, ran ccleaner, reboot,

    However, MGtools getlogs.bat ran for 45mins with no results. It stopped at 32 window os found.

    Then ran full MGTools It stopped at 35min at NOTE: Ignore and errors ... finish running!!

    I have RKreport[3], [4] ran RK once before but did not do anything.


    The redirect is still there. Was redirected as before from query results to portalquery.com then to a google webpage. Also was redirect to portalquery.com then to merchantcircle.com. A few times the link went straight to correct website.

    Other computers on network are not affect by google redirect.

    Thanks for your help
     

    Attached Files:

    Last edited by a moderator: Oct 12, 2012
  5. vingle

    vingle Private E-2

    Also Java will not install. When did first clean with Malwarebytes on System Progressive Protection, Java came up on reboot that it needed to upgrade to 7.7. It failed the ug. It will not ug even from off line install. I get corrupted java_cp.dll error.

    Thanks,
     
  6. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Explain which browser(s) are redirecting.
     
  7. vingle

    vingle Private E-2

    Internet Explorer is redirecting
     
  8. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

  9. vingle

    vingle Private E-2

    I ran the ESET Online scan as directed. It found and deleted 3 files.
    It did not delete a file/program that was in operating memory.

    I wrote the log file it is now attached.

    Internet Explorer now does not redirect.

    Rebooted the computer and Internet Explorer does not redirect.


    Thanks
     

    Attached Files:

  10. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Good. Ready for final steps? Everything running as it should do? :)
     
  11. vingle

    vingle Private E-2

    Ready, however a couple of things.
    1 when should I try to reload java? It failed an upgrade and off line upgrade.

    2 the AV software is TrendMicro OfficeScan from my corp. It is showing update needed. When I select update now the OfficeScan monitor crashes with a "encountered a problem and needs to close" error.

    Thanks
     
  12. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Download Windows Repair by Tweaking.com and unzip the contents into a newly created folder on your desktop.
    • Now run Repair_Windows.exe by double clicking on it ( if you are running Vista or Win 7, use right click and select Run As Administrator)
    • Now select the Start Repairs tab.
    • The click the Start button.
    • Create a System Restore point if prompted.
    • On the next screen, click the Unselect All button to first deselect all repairs.
    • Now select the following repair options:
      • Reset Registry Permissions
      • Reset File Permissions
      • Register System Files
      • Repair WMI
      • Repair Windows Firewall
      • Remove Policies Set By Infections
      • Repair Winsock & DNS Cache
      • Repair Proxy Settings
      • Repair Windows Updates
      • Set Windows Services To Default Startup
    • Now on the lower right side check the box to Restart/Shutdown System When Finished
    • Then make sure the Restart System radio button is enabled.
    • Shutdown any other programs that you are running now before continuing.
    • Now click the Start button.
    • Be patient while the tool repairs the selected items.
    • It should reboot automatically when finished.

    After reboot, check to see if your firewall is working.

    And is your antivirus able to update now? Java ok etc?
     
  13. vingle

    vingle Private E-2

    Executed the Windows Repair.

    Internet Explorer redirect is gone, thanks.

    Windows reports the firewall as on.

    Java loaded fine.

    TrendMicro OfficeScan (corporate roaming) is still reporting it is outdated. In order for it to update it uses the vpn to corporate. The Cisco vpn client fails to connect. It has a failed to connect, reason 414.

    I am contacting corporate now. To reload or reinstall.

    Do you have any sage advice for this?

    Thanks
     
  14. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Do this, let me just have one more check.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it. (Right click and run as admin if using Vista or Windows7) Then attach the new C:\MGlogs.zip file that will be created by running this.
     
  15. vingle

    vingle Private E-2

    Here is the MGlogs.zip.

    Thanks
     

    Attached Files:

  16. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    You can ask about it in the software forum if you like. :)

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /uninstall
        • Notes: The space between the combofix" and the /uninstall, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
    3. Go back to step 4 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
    4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    7. Go to add/remove programs and uninstall HijackThis.
    8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
      related to MGtools and some other items from our cleaning procedures.
    9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures pointed to by step 6 of the READ ME
        for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    10. After doing the above, you should work thru the below link:
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds