IPB

Welcome Guest ( Log In | Register )

 
Reply to this topicStart new topic
> Google redirect virus?
daidalos74
post 1.08.2012 16:23
Post #1


Newbie
*

Group: Members
Posts: 9
Joined: 1.08.2012




Hi, I think I have the Google redirect virus on my computer and would really appreciate any help to solve the problem.

Date issue started: I think yesterday morning (CET), July 31st.

First noticed: I think I was clicking too fast on a pop-up prompt to update the chipset on my computer, but not sure it had anything to do with it sad.gif

Symptoms: At first I got mulitple windows claiming something about error rewriting or something and desktop wallpaper turnec black rearranging my desktop icons. Possibly some other windows warnings that I don't recall now. Later google searches redirected me, but for most of the time it seemed like my browser (Firefox) blocked these attempts showing the bar "someone attempts to redirect..." Seems to be primarely related to google searches and gmail. Browser became very slow.

Steps taken: Ran Malwarebytes Anti Malware which detected a trojan which I deleted. Problem remained. Ran Windows defender, Malwarebytes, Kaspersky Virus Removal Tool and Webroot Secure Anywhere but none identified any threats. Tried to run Kaspersky TDSSkiller, but it wouldn't run on my computer. Tried everything in safe mode too, but without sucess.

GSI Log: http://www.getsysteminfo.com/read.php?file...d3bb51029d5a382


Attached File(s)
Attached File  virusinfo_syscure.zip ( 30K ) Number of downloads: 2
 
Go to the top of the page
 
+Quote Post
richbuff
post 2.08.2012 06:49
Post #2


Are You Kidding?
*****************

Group: Moderators
Posts: 1000056
Joined: 14.06.2007




If you don't have Kaspersky installed, please feel free to use the Kaspersky Malware Removal Tool (AVPTool). It is linked in the first Important topic.
Attach its sysinfo.zip, located at Virus Removal Tool\LOG\avptool_sysinfo.zip


--------------------
Please see the Important topics, located at the top of this section, and at the top of other sections of this forum.
Go to the top of the page
 
+Quote Post
daidalos74
post 2.08.2012 08:30
Post #3


Newbie
*

Group: Members
Posts: 9
Joined: 1.08.2012




Here is the requested file!
Attached File(s)
Attached File  avptool_sysinfo.zip ( 13,02K ) Number of downloads: 7
 
Go to the top of the page
 
+Quote Post
richbuff
post 2.08.2012 13:53
Post #4


Are You Kidding?
*****************

Group: Moderators
Posts: 1000056
Joined: 14.06.2007




Your log looks clean.

QUOTE
Tried to run Kaspersky TDSSkiller, but it wouldn't run on my computer.


Attach a Combofix log, please review these instructions carefully before downloading Combofix, and follow these instructions carefully after downloading Combofix.

Before downloading and Saving combofix to Desktop, please rename combofix to something like 123.exe to stop malware from disabling it.

Now, please make sure no other programs are running, close all other windows and pause Kaspersky (right click the K icon and click pause protection > Choose the
option "resume manually" if still active) until after the scanning and removal process has taken place.

Please double click on the Combofix file you downloaded. Follow the onscreen prompts to start the scan.
Once the scanning process has started please DO NOT click on the Combofix window or attempt to use your computer as this can cause the scanning process to stall.
It may take a while to complete scanning and this is normal.

You will be disconnected from the internet and your desktop icons/toolbars will disappear during scanning, do not worry, this is normal and it will be restored after
scanning has completed.

Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please attach it to your next post. Also, please don't
forget to resume the Kaspersky that you paused.

Download Combofix here -> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

--------------------
The instructions posted here are for the original poster Only. If you have same or other issue, please see the first Important read me topic, and then open a New Topic for yourself.


--------------------
Please see the Important topics, located at the top of this section, and at the top of other sections of this forum.
Go to the top of the page
 
+Quote Post
daidalos74
post 2.08.2012 21:00
Post #5


Newbie
*

Group: Members
Posts: 9
Joined: 1.08.2012




Thanks alot for this. Here is the Combofix-file!
Attached File(s)
Attached File  ComboFix.txt ( 11,29K ) Number of downloads: 1
 
Go to the top of the page
 
+Quote Post
richbuff
post 3.08.2012 08:43
Post #6


Are You Kidding?
*****************

Group: Moderators
Posts: 1000056
Joined: 14.06.2007




You're welcome. Any changes noted with the issues?

please zip up C:\qoobox\quarantine and upload to a filehost such as http://www.mediafire.com/
Then, Private Message me the Download link to the uploaded file. Click my user name and select Send message. Lastly, uninstall Combofix by: Start > run >
type combofix /uninstall > ok. The space between the x and the / is needed. Or Start > run > type 123 /uninstall > ok.


--------------------
Please see the Important topics, located at the top of this section, and at the top of other sections of this forum.
Go to the top of the page
 
+Quote Post
daidalos74
post 3.08.2012 11:01
Post #7


Newbie
*

Group: Members
Posts: 9
Joined: 1.08.2012




Thanks, you have the link PMed. After the combofix the problems persisted, but now I could not open any programs from desktop icons or start menue. Did a clean boot and fixed some broken links, now it works again. Had some redirects after though, but firefox seems to block them. Strange.
Go to the top of the page
 
+Quote Post
richbuff
post 3.08.2012 11:08
Post #8


Are You Kidding?
*****************

Group: Moderators
Posts: 1000056
Joined: 14.06.2007




Redirects in other browsers?

Please try Tdsskiller again. Please follow this Tech Article to run tdsskiller: http://support.kaspersky.com/viruses/solutions?qid=208280684
Please attach the tdsskiller log. Located at: C:\TDSSKiller.~~~~~log.txt

Are you using a router? If yes, reset the router and set a strong password.


--------------------
Please see the Important topics, located at the top of this section, and at the top of other sections of this forum.
Go to the top of the page
 
+Quote Post
daidalos74
post 3.08.2012 11:23
Post #9


Newbie
*

Group: Members
Posts: 9
Joined: 1.08.2012




Thanks, I can't run the TDSSkiller from desktop in either normal or safe mode. Tried to rename before downloading too. Yes I am using a router for wifi.
Go to the top of the page
 
+Quote Post
daidalos74
post 4.08.2012 10:10
Post #10


Newbie
*

Group: Members
Posts: 9
Joined: 1.08.2012




News: I did find something in the autostart panel (in the control panel, file alternatives) called qmiLNIQvQJ (dot) exe that I dont recognize. I thought for a while that the computer was up an running and startet to clean out som programs, everything worked fine including starting from menu and desktop icons. Now I am back to be able to open any programs besides web browser and the computer is slow again.
Go to the top of the page
 
+Quote Post
richbuff
post 4.08.2012 10:34
Post #11


Are You Kidding?
*****************

Group: Moderators
Posts: 1000056
Joined: 14.06.2007




QUOTE
autostart panel (in the control panel, file alternatives) called qmiLNIQvQJ (dot) exe...
Please post the screenshot of that.

How to take and post screenshot: PrtSc (Print screen) key (upper right part of keyboard)> open Paint (Start > All programs > Accessories) > Edit > Paste, File > Save as (jpeg or
png, Not bmp). When replying, Browse > click once to select file > Open > Upload > add reply.


--------------------
Please see the Important topics, located at the top of this section, and at the top of other sections of this forum.
Go to the top of the page
 
+Quote Post
daidalos74
post 4.08.2012 11:37
Post #12


Newbie
*

Group: Members
Posts: 9
Joined: 1.08.2012




Screenshot
Attached File(s)
Attached File  Unknown_program.jpg ( 109,7K ) Number of downloads: 13
 
Go to the top of the page
 
+Quote Post
daidalos74
post 4.08.2012 11:41
Post #13


Newbie
*

Group: Members
Posts: 9
Joined: 1.08.2012




I made a new GSI log and attached a new AVZ file (both in safe mode) for you to see. Many thanks!

GSI Log: http://www.getsysteminfo.com/read.php?file...68d55a1f13d033c
Attached File(s)
Attached File  virusinfo_syscure.zip ( 21,93K ) Number of downloads: 1
 
Go to the top of the page
 
+Quote Post
richbuff
post 4.08.2012 14:18
Post #14


Are You Kidding?
*****************

Group: Moderators
Posts: 1000056
Joined: 14.06.2007




You're welcome. Your screenshot: Enable Always show all icons, then post the screenshot of the notification area icons.

You do not have an anti virus application installed. Please install anti virus and do a scan.


--------------------
Please see the Important topics, located at the top of this section, and at the top of other sections of this forum.
Go to the top of the page
 
+Quote Post
daidalos74
post 4.08.2012 16:42
Post #15


Newbie
*

Group: Members
Posts: 9
Joined: 1.08.2012




Thanks. Antivirus enabeled, scan showed no threat. Attached is new screenshot.
Attached File(s)
Attached File  Notification_area_icons.jpg ( 150,12K ) Number of downloads: 7
 
Go to the top of the page
 
+Quote Post

Reply to this topicStart new topic

 



Lo-Fi Version Time is now: 22.10.2014 10:22