IPB

Welcome Guest ( Log In | Register )

 
Closed TopicStart new topic
> google redirect virus
mdawso2
post 29.06.2009 08:23
Post #1


Newbie
*

Group: Members
Posts: 2
Joined: 29.06.2009




So i think i have the infamous google redirect virus. it only happens when i search with the search bar in my browser (firefox 3.0.11). my search refers me to google's page as normal, but when i click on a result, i get referred to websites like x-xn.com

if i manually type google's url and use that page this doesn't happen

i updated and ran kav, and it found nothing. i have also run malware bytes and it found 3 things, i removed them but the problem still persists (i don't think they were related)

how should i proceed with this? i read some other threads on this but it doesn't look like there is a solution yet
Go to the top of the page
 
+Quote Post
Lucian Bara
post 29.06.2009 08:53
Post #2


Are You Kidding?
*****************

Group: Gold beta testers
Posts: 56947
Joined: 28.01.2006
From: Timisoara, Romania




hello
post an avz log please: http://forum.kaspersky.com/index.php?showtopic=69276
Go to the top of the page
 
+Quote Post
mdawso2
post 30.06.2009 07:39
Post #3


Newbie
*

Group: Members
Posts: 2
Joined: 29.06.2009




QUOTE(Lucian Bara @ 28.06.2009 23:53) *


Attached File(s)
Attached File  sysinfo.zip ( 33,05K ) Number of downloads: 2
 
Go to the top of the page
 
+Quote Post
Lucian Bara
post 30.06.2009 13:07
Post #4


Are You Kidding?
*****************

Group: Gold beta testers
Posts: 56947
Joined: 28.01.2006
From: Timisoara, Romania




run this script please:
CODE
begin
SetAVZGuardStatus(True);
SearchRootkit(true, true);
QuarantineFile('D:\autorun.inf','');
DelBHO('{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}');
DelBHO('{5C255C8A-E604-49b4-9D64-90988571CECB}');
DelBHO('{50A5992C-3A9C-4DA1-AA9E-EEBAAB82C3AC}');
QuarantineFile('C:\WINDOWS\system32\mlJAtutr.dll','');
DeleteFile('C:\WINDOWS\system32\mlJAtutr.dll');
DeleteFile('D:\autorun.inf');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.


instructions: http://forum.kaspersky.com/index.php?showt...st&p=678328

-----------------
afterwards post a combofix log:
Download it here: http://download.bleepingcomputer.com/sUBs/ComboFix.exe . Save the file to your desktop.

Now, please make sure no other programs are running, close all other windows and pause Kaspersky (Choose the option "resume manually" if still active) until after the scanning and removal process has taken place.

Please double click on the file you downloaded. Follow the onscreen prompts to start the scan.
Once the scanning process has started please DO NOT click on the Combofix window or attempt to use your computer as this can cause the scanning process to stall. It may take a while to complete scanning and this is normal.

You will be disconnected from the internet and your desktop icons/toolbars will disappear during scanning, do not worry, this is normal and it will be restored after scanning has completed.

Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt , please attach it to your next post. Also, please don't forget to resume the Kaspersky that you paused.
Go to the top of the page
 
+Quote Post

Closed TopicStart new topic

 



Lo-Fi Version Time is now: 21.10.2014 22:22