Google redirect virus

Discussion in 'NZ Computing' started by J.Wilson, Oct 17, 2010.

  1. J.Wilson

    J.Wilson Guest

    Does anyone know of a little app that will get rid of this?

    Winxp sp3, ie8
     
    J.Wilson, Oct 17, 2010
    #1
    1. Advertising

  2. J.Wilson

    Dave Doe Guest

    In article <>, a@!b.c.ru says...
    >
    > Does anyone know of a little app that will get rid of this?
    >
    > Winxp sp3, ie8


    Malwarebytes should do it.

    I'd install that, and superantispyware, and check each for updates (sas
    is very slow to load and update, so be patient) - and run a quick scan
    with each. Prolly need to reboot after the detection/clean has been
    done.

    Links to those at:
    http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-
    10804572.html?tag=mncol;1

    http://download.cnet.com/SuperAntiSpyware-Free-Edition/3000-8022_4-
    10523889.html?tag=mncol;1



    Then I'd run a full scan w' each that found any problems (ie if they
    didn't find a problem - don't do a full scan).

    Hopefully you have a reasonably functioning system now.

    The I'd run a free online scan using Microsoft's online safety scanner.
    This might help fix some registry items - as well as doing a full virus
    scan. (You'll need to disable popup windows - don't forget to re-enable
    when done). The scanner is at:
    http://safety.live.com

    Then I'd install a good antivirus product - hard to go past Microsoft's
    free Security Essentials (don't think you'd have been duped/infected in
    the first place - well duped maybe, but stopped from proceeding by the
    antivirus product). MS's SE is at:
    http://microsoft.com/security_essentials/

    --
    Duncan.
     
    Dave Doe, Oct 18, 2010
    #2
    1. Advertising

  3. J.Wilson

    J.Wilson Guest

    "Dave Doe" <> wrote in message
    news:-september.org...
    > In article <>, a@!b.c.ru says...
    >>
    >> Does anyone know of a little app that will get rid of this?
    >>
    >> Winxp sp3, ie8

    >
    > Malwarebytes should do it.
    >
    > I'd install that, and superantispyware, and check each for updates (sas
    > is very slow to load and update, so be patient) - and run a quick scan
    > with each. Prolly need to reboot after the detection/clean has been
    > done.
    >
    > Links to those at:
    > http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-
    > 10804572.html?tag=mncol;1
    >
    > http://download.cnet.com/SuperAntiSpyware-Free-Edition/3000-8022_4-
    > 10523889.html?tag=mncol;1
    >
    >
    >
    > Then I'd run a full scan w' each that found any problems (ie if they
    > didn't find a problem - don't do a full scan).
    >
    > Hopefully you have a reasonably functioning system now.
    >
    > The I'd run a free online scan using Microsoft's online safety scanner.
    > This might help fix some registry items - as well as doing a full virus
    > scan. (You'll need to disable popup windows - don't forget to re-enable
    > when done). The scanner is at:
    > http://safety.live.com
    >
    > Then I'd install a good antivirus product - hard to go past Microsoft's
    > free Security Essentials (don't think you'd have been duped/infected in
    > the first place - well duped maybe, but stopped from proceeding by the
    > antivirus product). MS's SE is at:
    > http://microsoft.com/security_essentials/
    >
    > --
    > Duncan.


    Thanks for that, Duncan. Neither Malwarebytes nor SuperAntiSpyware
    picked it up but I came across 'ComboFix' which seems to have done
    the job. It found a few trojans the others did'nt and the 'winlogon.exe"
    and 'explorer.exe' system files infected and, hopefully, fixed all.
    Malwarebytes is default checker but I regularly run a small variety
    of checkers and cleaners as a matter of course. This 'Google redirect
    bastard beat them all. I'll check out the Microsoft one. Thanks again,

    John
     
    J.Wilson, Oct 18, 2010
    #3
  4. J.Wilson

    Dave Doe Guest

    In article <4cbbf674$>, a@!b.c.ru says...
    >
    > "Dave Doe" <> wrote in message
    > news:-september.org...
    > > In article <>, a@!b.c.ru says...
    > >>
    > >> Does anyone know of a little app that will get rid of this?
    > >>
    > >> Winxp sp3, ie8

    > >
    > > Malwarebytes should do it.
    > >
    > > I'd install that, and superantispyware, and check each for updates (sas
    > > is very slow to load and update, so be patient) - and run a quick scan
    > > with each. Prolly need to reboot after the detection/clean has been
    > > done.
    > >
    > > Links to those at:
    > > http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-
    > > 10804572.html?tag=mncol;1
    > >
    > > http://download.cnet.com/SuperAntiSpyware-Free-Edition/3000-8022_4-
    > > 10523889.html?tag=mncol;1
    > >
    > >
    > >
    > > Then I'd run a full scan w' each that found any problems (ie if they
    > > didn't find a problem - don't do a full scan).
    > >
    > > Hopefully you have a reasonably functioning system now.
    > >
    > > The I'd run a free online scan using Microsoft's online safety scanner.
    > > This might help fix some registry items - as well as doing a full virus
    > > scan. (You'll need to disable popup windows - don't forget to re-enable
    > > when done). The scanner is at:
    > > http://safety.live.com
    > >
    > > Then I'd install a good antivirus product - hard to go past Microsoft's
    > > free Security Essentials (don't think you'd have been duped/infected in
    > > the first place - well duped maybe, but stopped from proceeding by the
    > > antivirus product). MS's SE is at:
    > > http://microsoft.com/security_essentials/
    > >
    > > --
    > > Duncan.

    >
    > Thanks for that, Duncan. Neither Malwarebytes nor SuperAntiSpyware
    > picked it up but I came across 'ComboFix' which seems to have done
    > the job. It found a few trojans the others did'nt and the 'winlogon.exe"
    > and 'explorer.exe' system files infected and, hopefully, fixed all.
    > Malwarebytes is default checker but I regularly run a small variety
    > of checkers and cleaners as a matter of course. This 'Google redirect
    > bastard beat them all. I'll check out the Microsoft one. Thanks again,
    >
    > John


    Good to hear you're on the way to sorting it. Doesn't sound like the
    Google redirect virus - as I'm *fairly* sure malwarebytes gets that one.
    The google redirect virus hooks via a fake system driver file too - so
    yer winlogon and explorer infections sound like something else.

    You might wanna try HijackThis as an extra check for IE also (also at
    download.com). When it completes, it'll open it's results in the
    default .txt file viewer (probably notepad.exe) - copy n' paste the
    entirety into:
    http://www.hijackthis.de/

    And check the nastys off for fixing w' HiJackThis.

    If you can't run a scan at:
    http://safety.live.com - then you still have problems.

    If you think you know what yer doin - :) - you might want to check with
    a rootkit checker, such as Microsoft's rootkitrevealer...
    http://technet.microsoft.com/en-us/sysinternals/bb897445.aspx

    Have you managed to get antivirus onboard and working? - Microsoft's
    Security Essentials is a good product, free for personal and recently,
    business use, (up to ten PC's in a small business).

    --
    Duncan.
     
    Dave Doe, Oct 18, 2010
    #4
  5. J.Wilson

    J.Wilson Guest

    "Dave Doe" <> wrote in message
    news:-september.org...
    > In article <4cbbf674$>, a@!b.c.ru says...
    >>
    >> "Dave Doe" <> wrote in message
    >> news:-september.org...
    >> > In article <>, a@!b.c.ru says...
    >> >>
    >> >> Does anyone know of a little app that will get rid of this?
    >> >>
    >> >> Winxp sp3, ie8
    >> >
    >> > Malwarebytes should do it.
    >> >
    >> > I'd install that, and superantispyware, and check each for updates (sas
    >> > is very slow to load and update, so be patient) - and run a quick scan
    >> > with each. Prolly need to reboot after the detection/clean has been
    >> > done.
    >> >
    >> > Links to those at:
    >> > http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-
    >> > 10804572.html?tag=mncol;1
    >> >
    >> > http://download.cnet.com/SuperAntiSpyware-Free-Edition/3000-8022_4-
    >> > 10523889.html?tag=mncol;1
    >> >
    >> >
    >> >
    >> > Then I'd run a full scan w' each that found any problems (ie if they
    >> > didn't find a problem - don't do a full scan).
    >> >
    >> > Hopefully you have a reasonably functioning system now.
    >> >
    >> > The I'd run a free online scan using Microsoft's online safety scanner.
    >> > This might help fix some registry items - as well as doing a full virus
    >> > scan. (You'll need to disable popup windows - don't forget to re-enable
    >> > when done). The scanner is at:
    >> > http://safety.live.com
    >> >
    >> > Then I'd install a good antivirus product - hard to go past Microsoft's
    >> > free Security Essentials (don't think you'd have been duped/infected in
    >> > the first place - well duped maybe, but stopped from proceeding by the
    >> > antivirus product). MS's SE is at:
    >> > http://microsoft.com/security_essentials/
    >> >
    >> > --
    >> > Duncan.

    >>
    >> Thanks for that, Duncan. Neither Malwarebytes nor SuperAntiSpyware
    >> picked it up but I came across 'ComboFix' which seems to have done
    >> the job. It found a few trojans the others did'nt and the 'winlogon.exe"
    >> and 'explorer.exe' system files infected and, hopefully, fixed all.
    >> Malwarebytes is default checker but I regularly run a small variety
    >> of checkers and cleaners as a matter of course. This 'Google redirect
    >> bastard beat them all. I'll check out the Microsoft one. Thanks again,
    >>
    >> John

    >
    > Good to hear you're on the way to sorting it. Doesn't sound like the
    > Google redirect virus - as I'm *fairly* sure malwarebytes gets that one.
    > The google redirect virus hooks via a fake system driver file too - so
    > yer winlogon and explorer infections sound like something else.
    >
    > You might wanna try HijackThis as an extra check for IE also (also at
    > download.com). When it completes, it'll open it's results in the
    > default .txt file viewer (probably notepad.exe) - copy n' paste the
    > entirety into:
    > http://www.hijackthis.de/
    >
    > And check the nastys off for fixing w' HiJackThis.
    >
    > If you can't run a scan at:
    > http://safety.live.com - then you still have problems.
    >
    > If you think you know what yer doin - :) - you might want to check with
    > a rootkit checker, such as Microsoft's rootkitrevealer...
    > http://technet.microsoft.com/en-us/sysinternals/bb897445.aspx
    >
    > Have you managed to get antivirus onboard and working? - Microsoft's
    > Security Essentials is a good product, free for personal and recently,
    > business use, (up to ten PC's in a small business).
    >
    > --
    > Duncan.


    I'm not sure now if it was the Google redirect virus. ( I was being redirected to
    the 'k-directory' site) anyway, it came back so I have installed and running
    Microsoft Security Essentials and all seems well.

    I did run Microsoft's Rootkit Revealer as you suggested and, no, I don't know
    what I'm doing. I'll pass on that one. :)

    Thanks again, Duncan

    John
     
    J.Wilson, Oct 19, 2010
    #5
  6. J.Wilson

    Dave Doe Guest

    In article <4cbce370$>, a@!b.c.ru says...
    >
    > "Dave Doe" <> wrote in message
    > news:-september.org...
    > > In article <4cbbf674$>, a@!b.c.ru says...
    > >>
    > >> "Dave Doe" <> wrote in message
    > >> news:-september.org...
    > >> > In article <>, a@!b.c.ru says...
    > >> >>
    > >> >> Does anyone know of a little app that will get rid of this?
    > >> >>
    > >> >> Winxp sp3, ie8
    > >> >
    > >> > Malwarebytes should do it.
    > >> >
    > >> > I'd install that, and superantispyware, and check each for updates (sas
    > >> > is very slow to load and update, so be patient) - and run a quick scan
    > >> > with each. Prolly need to reboot after the detection/clean has been
    > >> > done.
    > >> >
    > >> > Links to those at:
    > >> > http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-
    > >> > 10804572.html?tag=mncol;1
    > >> >
    > >> > http://download.cnet.com/SuperAntiSpyware-Free-Edition/3000-8022_4-
    > >> > 10523889.html?tag=mncol;1
    > >> >
    > >> >
    > >> >
    > >> > Then I'd run a full scan w' each that found any problems (ie if they
    > >> > didn't find a problem - don't do a full scan).
    > >> >
    > >> > Hopefully you have a reasonably functioning system now.
    > >> >
    > >> > The I'd run a free online scan using Microsoft's online safety scanner.
    > >> > This might help fix some registry items - as well as doing a full virus
    > >> > scan. (You'll need to disable popup windows - don't forget to re-enable
    > >> > when done). The scanner is at:
    > >> > http://safety.live.com
    > >> >
    > >> > Then I'd install a good antivirus product - hard to go past Microsoft's
    > >> > free Security Essentials (don't think you'd have been duped/infected in
    > >> > the first place - well duped maybe, but stopped from proceeding by the
    > >> > antivirus product). MS's SE is at:
    > >> > http://microsoft.com/security_essentials/
    > >> >
    > >> > --
    > >> > Duncan.
    > >>
    > >> Thanks for that, Duncan. Neither Malwarebytes nor SuperAntiSpyware
    > >> picked it up but I came across 'ComboFix' which seems to have done
    > >> the job. It found a few trojans the others did'nt and the 'winlogon.exe"
    > >> and 'explorer.exe' system files infected and, hopefully, fixed all.
    > >> Malwarebytes is default checker but I regularly run a small variety
    > >> of checkers and cleaners as a matter of course. This 'Google redirect
    > >> bastard beat them all. I'll check out the Microsoft one. Thanks again,
    > >>
    > >> John

    > >
    > > Good to hear you're on the way to sorting it. Doesn't sound like the
    > > Google redirect virus - as I'm *fairly* sure malwarebytes gets that one.
    > > The google redirect virus hooks via a fake system driver file too - so
    > > yer winlogon and explorer infections sound like something else.
    > >
    > > You might wanna try HijackThis as an extra check for IE also (also at
    > > download.com). When it completes, it'll open it's results in the
    > > default .txt file viewer (probably notepad.exe) - copy n' paste the
    > > entirety into:
    > > http://www.hijackthis.de/
    > >
    > > And check the nastys off for fixing w' HiJackThis.
    > >
    > > If you can't run a scan at:
    > > http://safety.live.com - then you still have problems.
    > >
    > > If you think you know what yer doin - :) - you might want to check with
    > > a rootkit checker, such as Microsoft's rootkitrevealer...
    > > http://technet.microsoft.com/en-us/sysinternals/bb897445.aspx
    > >
    > > Have you managed to get antivirus onboard and working? - Microsoft's
    > > Security Essentials is a good product, free for personal and recently,
    > > business use, (up to ten PC's in a small business).
    > >
    > > --
    > > Duncan.

    >
    > I'm not sure now if it was the Google redirect virus. ( I was being redirected to
    > the 'k-directory' site) anyway, it came back so I have installed and running
    > Microsoft Security Essentials and all seems well.
    >
    > I did run Microsoft's Rootkit Revealer as you suggested and, no, I don't know
    > what I'm doing. I'll pass on that one. :)
    >
    > Thanks again, Duncan
    >
    > John


    OK, I'd check your hosts file, it's in a hidden folder at:
    %SystemRoot%\system32\drivers\etc\
    (just copy n' paste that into the address bar of an explorer window)

    Your hosts files should (probably) have nothing more than...
    ==========================
    # Copyright (c) 1993-1999 Microsoft Corp.
    #
    # This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
    #
    # This file contains the mappings of IP addresses to host names. Each
    # entry should be kept on an individual line. The IP address should
    # be placed in the first column followed by the corresponding host name.
    # The IP address and the host name should be separated by at least one
    # space.
    #
    # Additionally, comments (such as these) may be inserted on individual
    # lines or following the machine name denoted by a '#' symbol.
    #
    # For example:
    #
    # 102.54.94.97 rhino.acme.com # source server
    # 38.25.63.10 x.acme.com # x client host

    127.0.0.1 localhost
    ==========================



    And, you might have a hooked tcp/ip stack.

    Easy way to fix that is, open a command prompt (Start, (All) Programs,
    Accessories, Command Prompt), and type in and <Enter>...
    netsh int ip reset c:\tcpiplog1.txt

    Examine the results by opening tcpiplog1.txt in notepad.exe (or your
    favourite text editor) - and if it's more than a few lines long, I'd
    rerun it and check it again, say:
    netsh int ip reset c:\tcpiplog2.txt

    more info at:
    http://support.microsoft.com/kb/299357

    --
    Duncan.
     
    Dave Doe, Oct 19, 2010
    #6
  7. J.Wilson

    J.Wilson Guest

    "Dave Doe" <> wrote in message
    news:-september.org...
    > OK, I'd check your hosts file, it's in a hidden folder at:
    > %SystemRoot%\system32\drivers\etc\
    > (just copy n' paste that into the address bar of an explorer window)
    >
    > Your hosts files should (probably) have nothing more than...
    > ==========================
    > # Copyright (c) 1993-1999 Microsoft Corp.
    > #
    > # This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
    > #
    > # This file contains the mappings of IP addresses to host names. Each
    > # entry should be kept on an individual line. The IP address should
    > # be placed in the first column followed by the corresponding host name.
    > # The IP address and the host name should be separated by at least one
    > # space.
    > #
    > # Additionally, comments (such as these) may be inserted on individual
    > # lines or following the machine name denoted by a '#' symbol.
    > #
    > # For example:
    > #
    > # 102.54.94.97 rhino.acme.com # source server
    > # 38.25.63.10 x.acme.com # x client host
    >
    > 127.0.0.1 localhost
    > ==========================
    >
    >
    >
    > And, you might have a hooked tcp/ip stack.
    >
    > Easy way to fix that is, open a command prompt (Start, (All) Programs,
    > Accessories, Command Prompt), and type in and <Enter>...
    > netsh int ip reset c:\tcpiplog1.txt
    >
    > Examine the results by opening tcpiplog1.txt in notepad.exe (or your
    > favourite text editor) - and if it's more than a few lines long, I'd
    > rerun it and check it again, say:
    > netsh int ip reset c:\tcpiplog2.txt
    >
    > more info at:
    > http://support.microsoft.com/kb/299357
    >
    > --
    > Duncan


    Host file was ok. There were about two pages of deleted, added and reset lines
    in the first log and all clear in the second.
    Your help much appreciated, Duncan, I was starting to think format and start again.

    John
     
    J.Wilson, Oct 19, 2010
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Splibbilla
    Replies:
    2
    Views:
    4,801
    Splibbilla
    Jul 23, 2005
  2. Phil B

    Virus, Virus, Virus.....

    Phil B, Sep 22, 2003, in forum: Computer Support
    Replies:
    2
    Views:
    633
    DaveW
    Sep 22, 2003
  3. Dennis

    Google Redirect Problem

    Dennis, Jan 23, 2007, in forum: Computer Support
    Replies:
    2
    Views:
    3,803
    Shep©
    Jan 24, 2007
  4. google images redirect

    , Aug 28, 2007, in forum: Computer Support
    Replies:
    0
    Views:
    581
  5. darfun
    Replies:
    1
    Views:
    569
Loading...

Share This Page