Some redirect virus from Google to Bing

This bump cost you a day. See: Forum Rules and Guidelines

Why is the below running at startup?
C:\Users\lil-nicky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Angry Birds Gold Trilogy 2011 Full Setup.exe

It is also located here:
C:\Users\lil-nicky\AppData\Roaming\Angry Birds Gold Trilogy 2011 Full Setup.exe

In fact I would delete this file just based on where it is running from!!!!

The below is not the correct location to save MGtools or run it from. MGtools is not a Virus or Trojan Killer. Please see our instructions. Also delete this file.
C:\Users\lil-nicky\Desktop\Virus and Trojan Killers\MGtools.exe



Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista or Win 7, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.simplespeedy.info/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.simplespeedy.info/
O4 - HKLM\..\Policies\Explorer\Run: [Policies] C:\Windows\system32\Microsoft_KGEQWF\Micrsoft Update1.exe
O4 - HKCU\..\Policies\Explorer\Run: [Policies] C:\Windows\system32\Microsoft_KGEQWF\Micrsoft Update1.exe
Optionally fix the below which should not be running everytime you boot your PC.
O4 - Startup: Angry Birds Gold Trilogy 2011 Full Setup.exe

After clicking Fix, exit HJT.
Please download OTM by Old Timer and save it to your Desktop.

• Run it by double clicking on it (Note: if using Vista, Win7, or Win8, don't double click, use right click and select Run As Administrator).
• Copy the lines from the below codebox to the clipboard by highlighting ALL of them and pressing CTRL + C
  (or, after highlighting, right-click and choose Copy): Do not include the word Code: which is just a title line of
  the code box

Code:

:Processes
explorer.exe

:Files
C:\Users\lil-nicky\AppData\Roaming\Angry Birds Gold Trilogy 2011 Full Setup.exe
C:\Users\lil-nicky\AppData\Roaming\cglogs.dat
C:\Users\lil-nicky\AppData\Roaming\ctfmon.exe
C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
C:\ProgramData\contuinnUeToSaave
C:\Windows\TEMP\*.*
C:\Users\lil-nicky\AppData\Local\Temp\*.*

:Reg
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{5A002B38-00BB-4F28-B8B4-AD9905CDB762}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}]
:Commands
[purity]
[EmptyTemp]
[start explorer]
[Reboot]

• Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar
  ) and choose Paste.
• Now click the large http://forums.majorgeeks.com/chaslang/images/MoveIt!.png button.
• If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
• Close OTM.

Now navigate to the C:\_OTM\MovedFiles folder ( assuming your Windows drive is C). This is where your log will be
saved in the form of Date and Time mmddyyyy_hhmmss.log. Just look for the most recent .log file. Attach
this log file to your next message.


Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

• the C:\_OTM\MovedFiles log
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

Actually I said delete the exe file. You don't need it anymore.

C:\MGtools is a folder. analyse.exe is a file in the C:\MGtools folder.

Nope. You already have what you need in the C:\MGtools folder. Open up the folder in Windows Explorer and you will see all the files in that folder including analyse.exe

 

As stated, you already have what you need. That is the date of the last update to it.

 

Porn sites are a high running but I would no longer say they are the bulk. Torrent downloads of cracks and other illegal software is a very high runner too.

You do realize that Bing is not a problem and that to it is Microsoft's answer to Google. Also you have the ability to change your default search engines to what you want.

I see that simplesspeedy is still you home page in Chrome. You should fix this. Also let's run the below too.

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
• The tool will open and start scanning your system.
• Note: That JRT may reset your home page to a google default so you will need to restore your home page setting if this happens.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Attach JRT.txt to your next message.

 

It's not malicious and it is not your firewall blocking it. It is an antivirus/antispyware program that is blocking it (like Microsoft Security Essentials that you are running). So disable it or override the warning which is incorrect.

 

You're welcome. Just attach the JRT.txt log when you finish and let me know your status.

 

Good but you did not tell me your status.

 

You're welcome.

All security programs have issues detecting the malware that exists these days. Especially the most of the common causes of redirection which are in many cases, not really even malware. In many cases it is junkware that end users like youself have installed either knowingly or unknowingly because of not reading license agreements.

Is your copy of Malwarebytes a paid version? If not, it does not offer you any protection. MSE is nice in that it is free, but it is very easy to bypass. It is better than nothing, but if you have problems like this frequently or you have other peopler using the PC that have poor surfing habits, consider something better.


If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
3. Go back to step 4 oof the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
4. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
5. If running Vista or Win 7, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
6. Goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
8. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning procedures pointed to by step 6 of the READ ME
     for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!