Google Redirect + blocked sites + crashing browsers

Discussion in 'Malware Help (A Specialist Will Reply)' started by smokeyberra, Apr 4, 2009.

  1. smokeyberra

    smokeyberra Private E-2

    Hello,

    I am currently having problems with some sort of virus. It has the following symptoms:

    1) Google searches are redirected to ad sites (fixed, see below)
    2) Firefox crashes randomly
    3) Unable to update antivirus software automatically
    4) Unable to visit some websites (bleepingcomputer.com)
    5) Unable to run regedit.exe

    I have followed the guide on this site and have attached the logs for the appropriate programs. However, I was unable to run combofix. I was forced to download combofix on another computer and copy it over, and when I run it, the bar fills up and then it shuts off.

    I ran Registry Mechanic and it found and fixed a fair number of things, and since then the google redirects have stopped but the other problems still persist. As you can see, SAS and Malwarebytes come up completely blank.

    I have attempted to boot off my recovery CD to reformat, but I am unable to do that. Please help!!
     

    Attached Files:

    smokeyberra, Apr 4, 2009
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Let's see if this helps:

    First:
    Please Disable Spybot's TeaTimer

    * Run Spybot and click Mode
    * Select Advanced Mode.
    * Then click Tools and select Resident.
    * Now in the right window pane, uncheck TeaTimer.
    * Also while this is open, in the left column now select IE Tweaks
    * and then in the right pane make sure all the Miscellaneous locks are unchecked.
    * Now quit Spybot!

    Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    After clicking Fix, exit HJT.

    Now use windows explorer to find and delete:
    C:\Documents and Settings\Default User\Local Settings\Temp\iehome.bat

    Have you tried either running Combo in safe mode or renaming it?

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file.
     
    TimW, Apr 8, 2009
    #2
  3. smokeyberra

    smokeyberra Private E-2

    Hey, thank you for replying to my thread.

    Since I posted, I have managed to fix my problem. I had "Trojan.KillAV" which could not be removed unless I booted into safemode and updated with the latest AVAST definitions.

    Please close this thread.

    Cheers.
     
    smokeyberra, Apr 8, 2009
    #3
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    No problem. :)
     
    TimW, Apr 11, 2009
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds