Google Redirect on all Browsers

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by chorath, Jul 22, 2011.

  1. chorath

    chorath Private E-2

    Hi,

    I think my computer is infected with a malware that redirects about 1/2 my searches to ad-sites.

    Thanks for any help that you guys can provide.

    P.S.
    I tried running rootrepeal, but it freezes/uses up a large amount of memory when analyzing c:\windows\winsxs\manifests
    At the end it returns this error: could not read our index block!
     

    Attached Files:

  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Please follow these instructions while I take a look at your logs:

    TDSSkiller - How to run

    (EDIT> I see you already ran this, so please just attach the log in your next reply)

    Please also download MBRCheck to your desktop

    • Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
    • It will show a Black screen with some information that will contain either the below line if no problem is found:
      • Done! Press ENTER to exit...
    • Or you will see more information like below if a problem is found:
      • Found non-standard or infected MBR.
      • Enter 'Y' and hit ENTER for more options, or 'N' to exit:
    • Either way, just choose to exit the program at this point since we want to see only the scan results to begin with.
    • MBRCheck will create a log named similar to MBRCheck_07.16.10_00.32.33.txt which is random based on date and time.
    • Attach this log to your next message.
     
    Last edited: Jul 22, 2011
  3. chorath

    chorath Private E-2

    Hi, these are the logs you requested. I also ran tdsskiller again just in case and attached both logs.
     

    Attached Files:

  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Please go HERE and create this disc.

    Then:
    Boot to the bios and change your boot order to have the CD/DVD drive as the first boot device.

    Reboot with the disc in the drive and do the following:

    Once in the Recovery Console, go to the command prompt and type this:

    Bootrec.exe /fixmbr

    Exit and restart in normal mode.

    Then re-run MBRCheck and attach the new log.
     
  5. chorath

    chorath Private E-2

    Here's the mbr log
     

    Attached Files:

  6. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Good job. That fixed the MBR. So tell me if you are still having issues. ;)
     
  7. chorath

    chorath Private E-2

    Thanks for all your hard work! :)
    I'm not seeing any more redirects!

    Just to understand what happened...
    So my MBR was edited by a virus and the vista boot cd fixed the MBR?
     
  8. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Yes. ;)

    If you are not having any other malware problems, it is time to do our final steps:

    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real time protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.We recommend them for doing backup scans when you suspect a malware infection.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /uninstall
        • Notes: The space between the combofix" and the /uninstall, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.


    3. Go back to step 6 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
    4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    7. Go to add/remove programs and uninstall HijackThis.
    8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures pointed to by step 7 of the READ ME
        for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.

    10. After doing the above, you should work thru the below link:


    Malware removal from a National Chain = $149
    Malware removal from MajorGeeks = $0

    Help Support MajorGeeks
    Buy Discounted Software @ Majorgeeks Store. Giveaways Too!

    Majorgeeks Geek Wear. Hats, T-Shirts, Hoodies

    MajorGeeks on FaceBook
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds