Google Redirect Virus

Welcome to MajorGeeks!

Please read ALL of this message including the notes before doing anything.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.

• Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
  Vista/Windows 7 users right-click and select Run As Administrator.
• If TDSSKiller does not run, try renaming it.
• To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
• Click the Start Scan button.
• Do not use the computer during the scan
• If the scan completes with nothing found, click Close to exit.
• If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
• Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
• A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_14.17.05_log.txt) will be created and saved to the root directory ( usually Local Disk C ).
• Attach this log to your next message

Then - Please follow the instructions in the below link:

READ & RUN ME FIRST. Malware Removal Guide


and then attach the requested logs to your next reply when you finish these instructions.

• **** If something does not run, write down the info to explain to us later but keep on going. ****
• Do not assume that because one step does not work that they all will not. MGtools will frequently run even when all other tools will not.

• After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!

Helpful Notes:

1. If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
   
   • Starting your computer in Safe mode
2. If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware and Malwarebytes ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
3. If you cannot seem to login to an infected user account, try using a different user account (if you have one) in either normal or safe boot mode and running only SUPERAntiSpyware and Malwarebytes while logged into this other user account. Then reboot and see if you can log into the problem user account. If you can then run SUPERAntiSpyware, Malwarebytes, ComboFix and MGtools on the infected account as requested in the instructions.
4. To avoid additional delay in getting a response, it is strongly advised that after completing the READ & RUN ME you also read this sticky:
   • Don't Bump! It Only Hurts You!!!

* Any additional post is a bump which will add more delay. Once you attach the logs, your thread will be in the work queue and as stated - our system works the oldest threads FIRST.
​

 

You need to attach the following logs from running the following for Dr Moriarty:

• Malware Bytes
• RootRepeal
• MGTools ---> C:\MGlogs.zip

 

When you attach the last two logs that the READ & RUN ME and also Kestrel13! requested then dr.moriarty will be able to continue with you.

 

As stated in the READ & RUN ME instructions at the very beginning, just skip it and continue.

 

Because it never finished. Let's make sure you have the current version. Download this MGtools and save it to your Desktop. Then SHUTDOWN all protection software and make sure that you have disable UAC and rebooted at least once since disabling then run MGtools.exe by right clicking on it and selecting Run As Administrator. See if it runs to completion this time.


By the way, Are you still having malware problems? TDSSkiller removed your redirect issue.

 

Are both systems running through a router? Have you tried connecting directly to your modem and tell if the redirect issue stops?

 

There is a possibility your router is infected. Unplug your computer from the router (if you are not going wireless). Then plug it directly into your modem. If the redirects stop, then you need to reset the router. There is a small recessed button on either the back or the bottom to reset it to factory setting. If you had any security settings, you will need to re-enter that info.

Also check this:
Change Proxy Settings.

 

Please start a new thread for your other PC. We can only work on one PC in a thread to avoid confusion.

You need to go back to step 4 of the READ & RUN ME and complete the instructions for MSconfig that you skipped. Then reboot. After reboot, you need to do the below.


Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).


Then attach the below logs:

• C:\MGlogs.zip

Make sure you tell me how things are working now!

What are the exact/specific current problems you are having with the PC we are currently working on in this thread. I see confusion already occurring now due to being side tracked with other topics that TimW is responding to. Please on work on one issue at a time.

 

You did not attach a log. Also you need to answer the question in my last message.