Internet Security and Google Redirect Viruses

Discussion in 'Malware Help (A Specialist Will Reply)' started by sbernsto, Jan 15, 2010.

  1. sbernsto

    sbernsto Private E-2

    A couple of days ago I began to get these random pop up ads when I was using Firefox (I have Windows XP). From there it progressed to getting Internet Security 2010 popups that I believe I was able to get rid of using rkill and then mbam. However, I still think I have a virus on my computer because whenever i search for something on google the links redirect me to random other sites. I have McAfee Security Center for my virus protection software. When scanning using McAfee I get a bunch of viruses called Vundo. I tried my best to follow the directions but had trouble with combofix, rootrepeal, and MGtools. However, i will try to post my logs for SuperAntiSpyware and Malwarebytes.


    Any advice and/or help would be greatly appreciated? Thank you for your time
     

    Attached Files:

    sbernsto, Jan 15, 2010
    #1
  2. sbernsto

    sbernsto Private E-2

    I worked on it again today and was able to generate a MGTools scan. Here it is:
     

    Attached Files:

    sbernsto, Jan 16, 2010
    #2
  3. dr.moriarty

    dr.moriarty Malware Super Sleuth Staff Member

    Hello, sbernsto

    Step 1:
    Please download and run Win32kDiag per the below instructions:
    • Download this Win32kDiag and save to C:\Win32kDiag.exe. You must save it here!!!!
    • Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK.

      C:\win32kdiag.exe -f -r

    • When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please attach this log.

    Step 2:
    Now download Junction,zip to your Windows folder
    • Please download Junction.zip and save it to your Windows folder (i.e, C:\Windows\Junction.zip This assumes C:\ is your Windows boot drive.)
    • Now unzip it and put junction.exe into the Windows folder (i.e., C:\Windows\junction.exe)
    • Do not try to run it right now. We will run something that uses it later.

    Step 3:
    Now we need to reset the permissions altered by the malware on some files.
    • Download and save inherit.exe to your Desktop: Inherit.exe
    • It must be in your Desktop or the below fix will not work!
    Now run the C:\MGtools\FixPerm.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).
    • A command prompt window opens and also a license agreement from SysInternals will appear for Junction.
    • Accept the license agreement and the scan will begin.
    • Wait until it finishes we can take a while to run since it scans your whole harddisk. e patient and don't do anything else while it is scanning.
    • The command prompt window should close when it finishes.
    • While this is running, you will get several/many popups that have a title Finish and say OK. Just click the OK button each time. This is an indication that it has found a file and has attempted to fix permissions. Depending on how many files that need to be fixed, you could get only a few or many of these popups.

    Step 3:
    Try now to run ComboFix

    Step 4:
    Then run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, use right click and select Run As Administrator).

    Please attach the below logs to your next reply:
    • C:\MGlogs.zip
    • Win32kDiag.txt
    • C:\ComboFix.txt

    dr.m
     
    dr.moriarty, Jan 17, 2010
    #3

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds