Ran through all steps in stickies, still being redirected to adult searches on google

Hey guys,

I am hoping that you are familiar with or have heard of the spyware/malware that seems to have infected my computer, and might be able to help. Before I post anything else, just for your information I would put myself at 8/10 in terms of computer literacy -- that is, I don't need my hand held through every little mouseclick I have to go through, and I have done some basic programming in C++/java/etc, and have a good handle on computers, but still son't know *everything* there is to know about computers and computer talk. That being said, hopefully it will save whoever replies to this from typing more than he or she needs to

Anyway, here's the problem... While visiting a website at some point over the last three days (yes, I'm not afraid to admit, most likely an adult-oriented website), I picked up some kind of malware. I had my McAfee virusscan disabled at the time, as I had been running a CPU-intensive program earlier, and the program slipped in. It included Spysheriff, among other programs. I got rid of spysheriff, the toolbar that the malware put on my IE, and the active desktop toolbar that had links to such garbage as online pharmacies, sex shops, and home mortgage and travel offers.

All was well, until I found that when trying to visit one of a multitude of websites, I am redirected to an interesting site... the sites that lead to redirection include any site containing a number of keywords (tight, among others - many seem to be often "adult"-related). The site that I am redirected TO is either a) a website with an offer for something, including spyware removal tools at times or (much more often) b) a google search page that searches for a combination of two of the following words (I'm sure I've missed some words, but these are examples anyway): adult, sex, dating, black, transexual, etc.

So, I went through and followed your seven-step process for spyware removal in safe mode, etc etc, including running cwshredder, kill2me, and your instructions for removing both spysheriff and smitfraud, both of which appeared to be on my computer according to McAfee. I also did a quick amateurish job of removing suspected spyware lines from hijackthis while in safe mode. I rebooted, and the problems still remain (at least the Google search redirect still happens...).

I've attached my Hijackthis log, my Bitdefender log, and my Panda Active Scan log.

I hope that someone here can help - I look forward to your replies to help out

- Rossilius
USA

 

Oh, and one more thing of note... dmeny.exe (don't know if it appears in the particular hijackthis log I attached here) reappears in hijackthis whenever I restart after deleting it. I know that it's a part of a malware bundle, but don't know how to remove it permanently, or whether it's the source of my problem.

 

Alright, I ran Ewido as you said, and have attached a log file for it along with a new hijackthis log here.

As I thought, dmeny.exe may be a part of it.

I look forward to your replies

- Rossilius
USA

 

Alright, that seems to have done the trick... I can now access pages that used to redirect me to the google searches.

I do have a couple of other questions, though - first, did deleting all of the files in my prefetch folder come with any risk of deleting anything important? Also, is there anything else that you saw in my hijackthis log that I could remove? I'm always looking for ways to unclutter and speed up my computer.

Regardless, thanks for the help you've provided here. I will keep an eye out for similar lines in hijackthis in the future

- Rossilius
USA

 

Alright, I checked through hijackthiis again (have given the computer two days of normal usage), and I don't see any of the lines that were there before. Also, I haven't had any of the symptoms of the malware return. It might be the case that in my original attempt to remove this malware (before I headed to the MG forums) I actually got rid of a file that's necessary for the malware to start back up.

I'll run the procedure you described, anyway, and post the log here

Thanks again.

- Rossilius
USA

 

Alright, got it all done, and I'm attaching the HijackThis log along with the report from the other program. Let me know what you think at this point...

Oh, and thanks by the way for directing me to that startup manager program It's very much appreciated.

- Rossilius
USA