Google Redirect

davidadein · Oct 13, 2012

I've been fighting a Google Redirect Virus for about a month now. I've noticed that the Java Dump and the DNS Dump seem to temporarly fix the problem, but it always comes back.

I've uploaded the various reports you suggested. Any help would be appreciated.

TimW · Oct 14, 2012

You neglected to attach these logs:
HitmanPro
C:\MGLogs.zip

Double-click RogueKiller.exe to run. (Vista/7 right-click and select Run as Administrator)
When it opens, press the Scan button
Now click the Registry tab and locate these detections:

[TASK][SUSP PATH] IHSelfDeleteTASK : CMD /C DEL C:\Users\DAVIDA~1\AppData\Local\Temp\IHU19D7.tmp.exe -> FOUND
[TASK][SUSP PATH] IHUninstallTrackingTASK : CMD /C DEL C:\Users\DAVIDA~1\AppData\Local\Temp\IHU17F2.tmp.exe -> FOUND
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

Place a checkmark each of these items, leave the others unchecked.
Now press the Delete button.
When it is finished, there will be a log on your desktop called: RKreport[2].txt
Attach RKreport[2].txt to your next message. (How to attach)

Now also attach the missing logs.

davidadein · Oct 14, 2012

Thank you for your help so far. Pardon my ignorance, but I can't figure out how to post the Hitman logs. I did post the other two documents you suggested, though.

davidadein · Oct 14, 2012

Thank you for the help! I have added all the reports you requested.

TimW · Oct 15, 2012

Your MGLogs was incomplete. Please run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator). Wait for it to tell you it is finished.

Then attach the new C:\MGLogs.zip

davidadein · Oct 15, 2012

Here is the completed MSG Logs! Sorry about that!

TimW · Oct 16, 2012

What browsers are the redirecting coming from? FF? IE? Chrome?

davidadein · Oct 16, 2012

All of them! I mostly use firefox - but it happens in IE and I tried Chrome and it happened there too.

TimW · Oct 16, 2012

Please download ComboFix to your desktop. Turn off any AV software you have before you run it. Attach the log when finished. Do not do anything while it is running or it may stall the program.

davidadein · Oct 16, 2012

Here you go!

TimW · Oct 17, 2012

I did not find any malware in that log. Let me ask one of my colleagues to have a look and see if I am missing something.

Log in or Sign up

Google Redirect

davidadein Private E-2

Attached Files:

RKreport[1].txt

GooredFix.txt

hs_err_pid5456.log

mbam-log-2012-10-13 (13-41-06).txt

MBRCheck_10.13.12_12.41.34.txt

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

davidadein Private E-2

Attached Files:

MGlogs.zip

RKreport[2].txt

davidadein Private E-2

Attached Files:

MGlogs.zip

HitmanPro_20121014_1910.log

RKreport[2].txt

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

davidadein Private E-2

Attached Files:

MGlogs.zip

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

davidadein Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

davidadein Private E-2

Attached Files:

Combofix.txt

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member