I have a Google Redirect Virus

Hi,
I have a Google redirect virus. It happens in both Firefox and Chrome. I have diligently gone through the entire process from the "Fixing Google Redirect" sticky...every single step. Then I went through every step of the READ & RUN ME FIRST including the clean for Vista. SAS and Combofix detected a couple of things, but I still have the problem. Thought it was gone for a bit as I wasn't redirected for 5 minutes or so, but then it happened again. I am always redirected to happili.com or gimmeanswers.com.

I am attaching all logs in these messages. It will take me 2 messages b/c there are 8 logs. Thank you so much for any help you can provide, this is driving me batty. I've spent this entire day over 12 hours going through the steps!

Attached to this message are the GooredFix, TDSSKiller, MBRCheck and defogger logs. The following post will contain SAS, MBAM, ComboFix and MG Logs.

Thank you so much!
Mel

 

And now here are the SAS, MBAM, ComboFix and MG Logs. I was unable to do the RootRepeal b/c I have a 64 bit system.

 

No, I don't. The computer didn't come with one. I do have some blank DVD-r if you could please direct me how to make one.

 

It is not booting from the disk drive when I reboot. How do I make it boot from the disk drive? And thanks again, I appreciate all of this help more than you will know.

 

I've got a problem. It is saying all my boot devices are disabled. DVD drive was listed first, followed by SATA, then USB, then Network and all are showing parentheses as Disabled.

 

OK. I completely unhooked the computer from the internet. After a couple of tries, it did boot from the DVD drive with the disc you had me create. The instructions from there did not quite match. It did not offer me the option to "Repair Computer" but it did give the option to choose the command screen. I chose that and entered the comment you gave me: Bootrec.exe /fixmbr

Very quickly, it said it was done, it almost seemed like it didn't do a thing! I then rebooted in normal mode and ran MBRcheck again. It seems to have come out clean. I attached the log. I'm half scared to hook this thing up to my router again though b/c I don't know if it had corrupted my router or not. Once I disconnected my computer from it I hooked another one up to it and went back to factory settings and set it all up again. I know I have to hook the bad one back up to the internet again in order to test the redirect problem though.

Please advise me where to go from here. Also any information about how these type of viruses infiltrate? I've never had one in all my years of internet and I am a bit shocked at how this could have happened.

 

OK. Update. Still has the virus. Hooked it back up to the internet and after about 10 google searches, it redirected me to gimmeanswers.com

I'm at the end of my rope. I have backed up what I can't live without (pics, important documents) on a flash drive. If we have to wipe it, I'm willing to try that at this point. I fear this thing is so deeply rooted in the boot though that it's hindering whatever we do with the recovery disc. I'm willing to try anything. I don't want to lose this computer, it is only 2 years old.

 

Thanks for the continued support. Again, so greatly appreciated.

Here is the log you requested.

 

I will try it this evening when I get home from work. I haven't used IE in years and so I know it's not upgraded to the newest version. Should I upgrade it before I test it?

I don't know if this helps, but this all started to happen right after my gf did a Firefox upgrade she was prompted to do on Thursday I believe. You can probably see that in the logs though. She uses Firefox and I use Chrome on the same machine and profile.

 

OK, home on my lunch break. I tried it. I am in a hurry so I didn't try it on more than about 8 searches, and it did not redirect, but every time I did the search for norton, symantec, viruses, ect (this is what I use to test it now) it kept popping up a window that said,

Security Alert
You are about to view pages over a secure connection
Any information you exchange w/ this site cannot be viewed by anyone else on the web

Then if I clicked on more info, it said this version of windows had no information. Sometimes it would open several of these windows all on top of each other when I went to the site and a couple of times I had to hit back several times to get back to Google.

 

I also noticed just now that someone else has this "Security Alert" problem with their IE and posted for help today.

 

No.

Just the new problem of cascading security alert windows when I click on link from the Google search.

 

OK, thanks so much. Any special way to look for folders having anything to do with Chrome once I uninstall? Would it also be pertinent to just get rid of Firefox and start afresh with that?

 

This seems to have worked. No redirects after the new Chrome after an hour of performing endless searches. I haven't reinstalled Firefox and I'm not sure if I will......

One more question: In the original procedures it told me to go clean out Java. I had Java on here but it did not show up in the control panel so I could not delete the temp files. I uninstalled the ones listed in programs, re-installed the newest one from the JRE website and still no Java in control panel. So I have uninstalled it again. But some folders for it are still showing in C:\program files (x86). I just want to make sure none of this had anything to do with Java since it's acting weird and not showing in my control panel.

Thanks so much for your help. I have been singing your praises here for the past two days to everyone I come in contact with. What you are doing to help folks is amazing. Wish there was a donate button on the page!

 

Also, while I was away from the computer, my norton ran it's quick scan and removed combofix from the computer. Just as an FYI. I don't know if that's a good or bad thing.

 

Thank you so much!!

Do you know what it was? I've been really curious myself. You might have noticed in my logs, I don't download or run much on the computer b/c I've been so paranoid of viruses. I'd love to know what caused this and be able to research how it might have come to be on my computer.

I really can't thank you guys enough. Your time and dedication to strangers for nothing in return, is noticed and immensely appreciated by me. You've given me great peace of mind and lifted what for me had been a heavy burden the past few days.