Google Search Redirection

Discussion in 'Malware Help (A Specialist Will Reply)' started by Daemonicus, Apr 25, 2010.

  1. Daemonicus

    Daemonicus Private E-2

    Hiya

    Had loads of problems this weekend and have tried just about everything. I have removed a lot of the problems by following guides on this and other websites but I can not seem to shift this final problem with google search results redirecting me.

    Kaspersky has picked up and blocked a few things but none of the scans seem to be finding any further infections.

    I have attached logs for the stuff I have run and included the kaspersky log.

    Thanks in advance to anyone who can cure this really annoying problem.

    D.
     

    Attached Files:

    Daemonicus, Apr 25, 2010
    #1
  2. Daemonicus

    Daemonicus Private E-2

    Additional Kaspersky log.

    Thanks

    D.
     

    Attached Files:

    Daemonicus, Apr 25, 2010
    #2
  3. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You need to read this:
    Warning about Porn, Keygens, Cracks, and other Illegal Software
    E:\MemoryMapProKeygen.exe

    It looks like you did not make the license agreement to run HJT when you ran MGTools. Please do so next time.

    I strongly advise you to cleanup your Desktop. Remove everything but links to run programs. Do not download and save programs here and definitely do not use it for long term storage. You need to keep ComboFix.exe here for now as we need it, but we will be removing it when we are finished with your cleanup. A cluttered Desktop is malware's playground and it can also cause performance degradation especially when you start saving large files here like you are doing.

    It appears as though you have moved ComboFix to your desktop, but you were running it at first from here:
    Running from: e:\documents and settings\Daemonicus\My Documents\MyFix.exe

    * Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
    If it is not on your Desktop, the below will not work.
    * Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
    * If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
    * Open Notepad and copy/paste the text in the below code box into it (make sure you scroll all the way down in the code box to get all lines selected ):
    Code:
    KILLALL::

File::
E:\Documents and Settings\Daemonicus\Local Settings\Application Data\H04cgm7
E:\Documents and Settings\Daemonicus\Local Settings\Application Data\IJr7hXvRY2
E:\Documents and Settings\All Users\Application Data\H04cgm7
E:\Documents and Settings\All Users\Application Data\IJr7hXvRY2
E:\Documents and Settings\Daemonicus\Templates\H04cgm7
E:\Documents and Settings\Daemonicus\Templates\IJr7hXvRY2
E:\WINDOWS\system32\drivers\tsk24.tmp
E:\WINDOWS\system32\drivers\tsk34.tmp.
E:\WINDOWS\temp\jna26585.tmp
E:\WINDOWS\temp\jna38306.tmp
E:\WINDOWS\temp\jna59083.tmp
E:\WINDOWS\temp\jna62968.tmp
E:\Documents and Settings\Daemonicus\Local Settings\temp\bck23.tmp
E:\Documents and Settings\Daemonicus\Local Settings\temp\bck6.tmp
E:\Documents and Settings\Daemonicus\Local Settings\temp\bck7.tmp
E:\Documents and Settings\Daemonicus\Local Settings\temp\bck8.tmp
E:\Documents and Settings\Daemonicus\Local Settings\temp\bck9.tmp
E:\Documents and Settings\Daemonicus\Local Settings\temp\d9377.mst
E:\MemoryMapProKeygen.exe

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"=-
    * Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    * At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    * You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    If it asks you to overide the previous file with the same name, click YES.
    * Now use your mouse to drag CFscript.txt on top of ComboFix.exe
    http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
    * Follow the prompts.
    * When it finishes, a log will be produced named c:\combofix.txt
    * I will ask for this log below

    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.

    Please run this: GMER - running with a random name and attach the log from GMER.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:
    * GMER log
    * C:\ComboFix.txt
    * C:\MGlogs.zip
     
    TimW, Apr 26, 2010
    #3
  4. Daemonicus

    Daemonicus Private E-2

    Hi,

    Thank you Tim for your reply but yesterday I ran a Kaspersky repair cd and it seems to have cleared things. I am just running a full system scan at the moment and will follow it up with some malware scans to be sure.

    Thanks

    D.
     
    Daemonicus, Apr 28, 2010
    #4
  5. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Let me know.
     
    TimW, Apr 28, 2010
    #5

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds