Redirection problem, please help.

Discussion in 'Malware Help (A Specialist Will Reply)' started by Nozzer76, Jan 29, 2011.

  1. Nozzer76

    Nozzer76 Private E-2

    Hi ,I have followed the malware removal and google redirection threads and I am still being redirected on internet searches.
    This all started after I had a rundll32 virus which I believe was sent to vault but have no trace of it now. Not sure if this is linked.
    I have attached logs but for some reason cannot get combofix to run?

    Any help would be appreciated.
    Nozzer76
     
    Nozzer76, Jan 29, 2011
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You didn't attach any logs.
     
    TimW, Jan 29, 2011
    #2
  3. Nozzer76

    Nozzer76 Private E-2

    Nozzer76, Jan 30, 2011
    #3
  4. Nozzer76

    Nozzer76 Private E-2

    First time I used combofix it worked fine and never dtected anything, but I cant find any logs and for some reason it wont run anymore.

    Thanks
     
    Nozzer76, Jan 30, 2011
    #4
  5. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    What browser are you using? Does it happen in all browsers? Are you having the same issue with other computers on you network?

    Use windows explorer to find and delete:
    C:\WINDOWS\Tasks\fiqwhgyhqc.job
    C:\Documents and Settings\User\Local Settings\Temp\004b34c7-362e-4270-a8bf-ba011ceadb23.rsf
    C:\Documents and Settings\User\Local Settings\Temp\4c961567-a625-4a0c-9f6c-8b79243f23e6.rsf
    C:\Documents and Settings\User\Local Settings\Temp\639d3061-aa1e-48e3-af0d-e114c065f94b.rsf
    C:\Documents and Settings\User\Local Settings\Temp\774cf79f-661b-4557-9cf7-6e1b063d402f.rsf
    C:\Documents and Settings\User\Local Settings\Temp\cd95ff2d-d555-4b9c-9276-faab8f820fd6.rsf

    Have you followed these procedures:
    Fixing Google Redirection/Hijacking Problems
     
    TimW, Jan 30, 2011
    #5
  6. Nozzer76

    Nozzer76 Private E-2

    Thanks for the reply, I am using IE8 and have not tried any other, do you think it could be worth downloading firefox? All other computers are fine.

    I have deleted all files except for - C:\WINDOWS\Tasks\fiqwhgyhqc.job - which I cannot see. and I have followed all instructions on the link including resetting router to factory settings.

    Thanks again.
    Nozzer76
     
    Nozzer76, Jan 31, 2011
    #6
  7. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Download The Avenger by Swandog469, and save it to your Desktop.

    * Extract+ avenger.exe from the Zip file and save it to your desktop

    Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

    * Run avenger.exe by double-clicking on it.
    * -Do not change any check box options!!
    * Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

    * Now click the Execute button.
    * Click Yes to the prompt to confirm you want to execute.
    * Click Yes to the Reboot now? question that will appear when Avenger finishes running.
    * Your PC should reboot, if not, reboot it yourself.
    * A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

    Now run Ccleaner to clean out only temp files and nothing else!

    Yes, you should download Mozilla FireFox and see if you are still redirected. Do not copy anything over from IE to FireFox.

    Tell me if you are still getting redirected in IE as well.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:

    * C:\Avenger.txt
    * C:\MGlogs.zip
     
    TimW, Jan 31, 2011
    #7
  8. Nozzer76

    Nozzer76 Private E-2

    Nozzer76, Feb 2, 2011
    #8
  9. Nozzer76

    Nozzer76 Private E-2

    Sorry, ignore previous post, I realised after posting avenger had not run right.
    Did all steps again, logs here.
    View attachment avenger.txt

    View attachment MGlogs.zip

    Not redirecting at the moment, But wasn't doing it all the time anyway. I will post back tomorrow.
    Thanks
    Nozzer76
     
    Nozzer76, Feb 2, 2011
    #9
  10. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    What is this:
    C:\32788R22FWJFW\iexplore.exe
    Click on the following link and use the below steps to scan a file: Virustotal
    Click the Browse... button
    Navigate to the file C:\32788R22FWJFW\iexplore.exe

    • Where C:\32788R22FWJFW\iexplore.exe is the actual file to be scanned.
    Let me know the results.

    Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    After clicking Fix, exit HJT.

    Then do this:
    Change Proxy Settings.

    Let me know it you get any more redirects!!!
     
    TimW, Feb 2, 2011
    #10
  11. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    As noted in another thread, it is just from ComboFix and not necessary to scan. ;)
     
    chaslang, Feb 2, 2011
    #11

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds