Another go.google.com post..

Discussion in 'Malware Help (A Specialist Will Reply)' started by ds530001713, Dec 7, 2008.

  1. ds530001713

    ds530001713 Private E-2

    I'm sure there are a lot of posts about the go.google.com malware virus, but here's another, hopefully more unique, post.
    I have two computers, so was able to research this problem pretty quickly, and determined the exact problem within 10-15 minutes of infection. So I went and downloaded Malwarebytes' install file on my second computer, and tried running the install it on the infected computer - Upon attempting to open the file, nothing happened, nothing opened, nothing installed. I verified the download wasn't corrupt or anything, by running it from the flashdrive on the UNinfected computer.
    So then what I did was I downloaded Avast, in hopes there may be something in their database in regards to this virus, considering there ARE fixes for it, and it's widely spreading. The install was successful, however, upon installation I had it go through with a schedule reboot and scan, and selected for it to reboot now, however it didn't initially boot at that time. Waited a few minutes, still no results. So, I went ahead and manually rebooted my computer.
    Upon rebooting, Avast failed to start and scan, it went straigh to loading my desktop, at which point I had NO network connections. I have two different wireless cards, and one wired connection, the wired connection being my primary connection. None of these three were effective. I set a static IP address on each of these three connections, as well as static DNS information, still no luck. I'm able to ping my router, however not able to ping DNS servers, other IP addresses, or hostnames. Without the static IP address set, I get a 169.254.x.x address. Each of these connections had the same results. I tried removing the static DNS information, still no luck. Not able to access router's configuration page in an uninfected web browser(Latest version of K-Meleon) nor in either of the infected browsers.

    Any suggestions? I really can't figure out why there's a problem with the network connection at this point, I can only assume it has something to do with the Avast install. When I try to open it, it tells me I need to activate it, so I'm guessing I've had it installed previously and so now I can't use it. I don't see how it would be blocking my connection then at that point. I'm level two support for D-Link, and I do their premium services for out of warranty products and more advanced problems, and I am using mostly D-Link networking devices, and am very much in my 'home turf' but can't get even this much to work. Wondering if this could be an effect of the malware currently infecting my computer.

    OS is Windows XP Professional SP3 - (Legal install.. for once.)
    Initial web browser infected is FireFox 3.0 (Latest version/updates installed)
    Downloaded Malwarebytes from downloads.com
    Downloaded Avast from downloads.com
    Proper drivers installed for wireless card and USB adapter both
    Proper drivers installed for NIC card

    Don't really know what other information could pertain here.. Any further information needed, just let me know, I'll shoot a response as quick as possible. Shouldn't take long at all. Thanks!
     
    ds530001713, Dec 7, 2008
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Welcome to Major Geeks!

    Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

    First : Click Start > Control Panel > System > Hardware > Device Manager > View > Show Hidden Devices.
    • Scroll down to “Non-plug and Play Drivers” and click the plus icon to open those drivers.
    • Then search for TDSSserv.sys
    • Let me know if you find this or not.
    • If you do find it, right click on it, and select Disable. Do not try to uninstall it.
    • Also if this is found and you disable it, then reboot and see if you can run the other scans that would not run.

    After completing ALL of the above, you need to do the below since the infection you have is known to infect router hardware. If you have a router hooked up then you need to follow the instructions for your hardware and reset it to factory default settings. Normally there is a recessed push button type switch that needs to be held down for some number of seconds to do this. After resetting to factory defaults on your router, you will need to reconfigure the router for your network if you have made any changes to the default network setup.


    • If something does not run, write down the info to explain to us later but keep on going.
    • Do not assume that because one step does not work that they all will not.
    READ & RUN ME FIRST. Malware Removal Guide

    Notes:

    1. If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode. You can running steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
    2. If you have problems downloading on the problem PC, download the tools on another PC and burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
     
    TimW, Dec 9, 2008
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds