Help - Redirects from Searches

Discussion in 'Malware Help (A Specialist Will Reply)' started by titusgroan, Jul 23, 2009.

  1. titusgroan

    titusgroan Private E-2

    Hello - I got it!! and its bad. I've dont spy bot and CClean and now i dont know what to do. I have the SpyBot logs if that helps. THANK YOU!!
     
    titusgroan, Jul 23, 2009
    #1
  2. AbbySue

    AbbySue MajorGeeks Administrator

    Welcome to Major Geeks!

    Please follow the instructions in the READ & RUN ME FIRST link given futher down and attach the requested logs when you finish these instructions.
    • If you have problems where no tools seem to run, please try following the steps given in the below and then continue on no matter what you find. You only need to try the TDSSserv steps if having problems getting scans in the Read & Run Me First. If TDSSserv is not found, just continue on with the READ & RUN ME.
    READ & RUN ME FIRST. Malware Removal Guide
    • If something does not run, write down the info to explain to us later but keep on going.
    • Do not assume that because one step does not work that they all will not.
    • After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
    Helpful Notes:
    1. If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
    2. If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware, Malwarebytes and Spybot ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
    3. If you cannot seem to login to an infected user account, try using a different user account (if you have one) in either normal or safe boot mode and running only SUPERAntiSpyware and Malwarebytes while logged into this other user account. Then reboot and see if you can log into the problem user account. If you can then run SUPERAntiSpyware, Malwarebytes, ComboFix and MGtools on the infected account as requested in the instructions.
    4. To avoid additional delay in getting a response, it is strongly advised that after completing the READ & RUN ME you also read this sticky:
    Any additional post is a bump which will add more delay. Once you attach the logs, your thread will be in the work queue and as stated our system works the oldest threads FIRST.
     
    AbbySue, Jul 25, 2009
    #2
  3. titusgroan

    titusgroan Private E-2

    Hello and THANK YOU for responding. I've run the RUN and READ ME first. I've got the logs. I found these that i think were the problems but as far as i know there could be more. but i'm not longer getting redirects either in IE or Mozilla. Also - my computer has stopped shutting down for no reason! YEAH! and i've got restore points again. oh - and i found out i still had Norton on and didnt even know it - its gone now though!!! thank you all at Major Geeks for your help - i was just about to reformat and put XP back on!!! please let me know if i've run something wrong or you need more info on anything! I'm attaching 3 - i'll do the other 2 in the next reply. thank you again, D.
     

    Attached Files:

    titusgroan, Jul 26, 2009
    #3
  4. titusgroan

    titusgroan Private E-2

    heres the other 2 - thanks again!!! D
     

    Attached Files:

    titusgroan, Jul 26, 2009
    #4
  5. titusgroan

    titusgroan Private E-2

    Hello Again - one more question... When i run AVG now it shows the infected files as being in Quarantine in one of the other programs i ran. Should i "Heal" using AVG or do i go in to the actual files and delete myself? Thanks again for the help! D
     
    titusgroan, Jul 26, 2009
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You need to attach the requested log from running MGtools which is C:\MGlogs.zip

    Also you need to attach the log from SUPERAntiSpyware

    You also need to remove ComboFix from here: c:\program files\ComboFix.exe
    And put it on your Desktop as was requested or any further instructions will not work.
     
    chaslang, Jul 29, 2009
    #6
  7. titusgroan

    titusgroan Private E-2

    SORRY!! I read it wrong! here are the logs. And I will redo MGtools and set on desktop... Sorry- misread that too. thanks for the help. D
     

    Attached Files:

    titusgroan, Jul 29, 2009
    #7
  8. titusgroan

    titusgroan Private E-2

    and again I read that wrong too - I'll be fixing ComboFix not MGtools.... D
     
    titusgroan, Jul 29, 2009
    #8
  9. titusgroan

    titusgroan Private E-2

    One more question - if ComboFix is the thing holding the virus captive - will removing ComboFix let the virus go or delete it? i'm confused. thanks, D
     
    titusgroan, Jul 29, 2009
    #9
  10. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    It will all be cleaned up when we get finished.;)

    I strongly advise you to cleanup your Desktop. Remove eveything but links to run programs. Do not download and save programs here and defintely do not use it for long term storage. You need to keep ComboFix.exe here for now as we need it, but we will be removing it when we are finished with your cleanup. A cluttered Desktop is malware's playground and it can also cause performance degradation especially when you start saving large files here like you are doing.

    Also you are saving things to the C:\Program Files folder as mentioned in my last message. You must not do this either. You need to remove all of the below NON-malware items from your Desktop and from the C:\Program Files folder:
    Code:
    "C:\Documents and Settings\David & Vanessa\Desktop\"
279day~1.pdf  Apr 27 2009      543337  "279days[1].pdf"
avg_fr~1.exe  Jul 23 2009      847768  "avg_free_stb_all_8_30_cnet.exe"
ccsetu~1.exe  Oct 19 2008     2922072  "ccsetup210.exe"
ccsetu~2.exe  Jul 22 2009     3252640  "ccsetup221.exe"
cleani~1.txt  Jul 24 2009        7665  "CleaningXPinstructions.txt"
combofix.txt  Jul 24 2009       15670  "Combofix.txt"
combof~1.txt  Jul 24 2009       30135  "Combofix7.24.09log.txt"
firefo~1.exe  Dec 16 2008     7518240  "Firefox Setup 3.0.5.exe"
firefo~2.exe  Apr  4 2009     7518920  "Firefox Setup 3.0.8.exe"
flash.mdi     Nov 17 2008      175614  "Flash.mdi"
foxitr~1.exe  Apr  6 2009     6806784  "Foxit Reader.exe"
foxitr~1.ini  Jul 23 2009        5992  "FoxitReader_Preferences.ini"
hijack~1.lnk  Jul 22 2009        1743  "HijackThis.lnk"
hjtins~1.exe  Jul 22 2009      812344  "HJTInstall.exe"
ice-25.pdf    May 31 2009      198783  "ice-25.pdf"
instal~1.exe  Feb 20 2009     1851544  "install_flash_player.exe"
mamdoc.txt    Jul 24 2009        1845  "MAMdoc.txt"
mbam-l~1.txt  Jul 24 2009        1191  "mbam-log-2009-07-24 (22-15-18).txt"
mediam~1.exe  Jul 19 2009     7572600  "MediaMonkey_3.1.0.1256.exe"
mgtool~1.txt  Jul 24 2009       13369  "MGToolsdoc.txt"
procdll.txt   Jul 24 2009       57943  "procdll.txt"
rootre~1.txt  Jul 24 2009        1980  "rootrepealdoc.txt"
rootre~2.txt  Jul 24 2009        6400  "RootRepeal report 07-24-09 (23-31-13).txt"
spend5~1.pdf  Jun  8 2009       24106  "spend50rebate.pdf"
spybot~1.exe  Jul 22 2009    16409960  "spybotsd162.exe"
supers~1.txt  Jul 24 2009        5491  "SuperScanDOC.txt"
utorrent.exe  Jun  6 2007      177152  "utorrent.exe"
winrar.lnk    Apr  5 2009         701  "WinRAR.lnk"
wrar380.exe   Apr  5 2009     1234120  "wrar380.exe"

 
C:\Program Files\
combofix.exe  Jul 24 2009     3150579  "ComboFix.exe"
mbam-s~1.exe  Jul 24 2009     3775176  "mbam-setup.exe"
mgtools.exe   Jul 24 2009     1343372  "MGtools.exe"
rootre~1.exe  Jul 12 2009      469504  "RootRepeal.exe"
settings.dat  Jul 24 2009           0  "settings.dat"
supera~1.exe  Jul 24 2009     6568480  "SUPERAntiSpyware.exe"

    Uninstall the below old versions of software:
    J2SE Runtime Environment 5.0 Update 4
    J2SE Runtime Environment 5.0 Update 6
    J2SE Runtime Environment 5.0 Update 9

    You must disable Spybot's Teatimer as requested in the READ & RUN ME. See this: How to disable Spybot's TeaTimer

    You have left overs from Symantec wasting system resoureces. Please run the below then reboot. After reboot run it one more time.

    Norton Removal Tool (SymNRT)


    Now after the last reboot, install the current version of Sun Java from: Sun Java Runtime Environment

    Now run Ccleaner. Only use the Run Cleaner button. Do not run anything else on any other forms.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

    Then attach the below log:
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
    chaslang, Jul 31, 2009
    #10
  11. titusgroan

    titusgroan Private E-2

    Hello - Finally have been able to complete this. Heres the log - let me know if i've missed anything. THANKS!! D
     

    Attached Files:

    titusgroan, Aug 12, 2009
    #11
  12. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You forgot to install the new version of Sun Java. Other than that, things are fine.



    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we used Pocket Killbox during your cleanup, do the below
      • Run Pocket Killbox and select File, Cleanup, Delete All Backups
    3. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /u
        • Notes: The space between the combofix" and the /u, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
    4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    7. Go to add/remove programs and uninstall HijackThis.
    8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    9. If you are running Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures in step 3 the READ ME for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    10. After doing the above, you should work thru the below link:
     
    chaslang, Aug 15, 2009
    #12
  13. titusgroan

    titusgroan Private E-2

    I noticed that too a couple days ago and then got it... Everything seems to be working great! THANK YOU SO MUCH FOR ALL THE HELP!!! This site and the help rocks. I plan on using this forum in the future to help keep this old computer working... I'm going to follow up with the follow up steps listed and go from there!!! THANKS AGAIN!!!!!!!!!!!!!!!!!!!!! D
     
    titusgroan, Aug 15, 2009
    #13
  14. titusgroan

    titusgroan Private E-2

    Hello Again - In doing the final clean up of everything i installed to find the problem... I think i've lost ComboFix. I had put it in the C: but then moved it to the desktop as per instructions. Then i cleaned off my desktop i think i must have thought it was a shortcut and not the actual program - I can't find it now! I think i deleted it but it's not uninstalled. I've looked in the recycle bin but i've emptied it a couple times since then. what do i need to do to get it back and properly uninstall? thanks, D
     
    titusgroan, Aug 16, 2009
    #14
  15. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Just download ComboFix.exe again and save it to your Desktop. Then run the uninstall procedure and finish the rest of my instructions too.
     
    chaslang, Aug 17, 2009
    #15

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds