Jump to content
  • Announcements

    • Rodion Nagornov

      Долгое сохранение сообщений || Delays while posting (click here to read the full text RU/EN)   09/20/2017

      Due to some technical reasons visual delays are possible while message sending. Actually your message is published immediately - just interface works long. In such case, please, do not re-send your message immediately! Press F5 to reload the page and check if your message/topic is published. || По техническим причинам возможно визуально долгое отправление сообщений на форуме. Фактически ваше сообщение публикуется мгновенно - долго отрабатывает графика. В случае подобной ситуации, пожалуйста, сначала обновите страницу (F5) и проверьте, появилось ли ваше сообщение. Не пытайтесь сразу отправить его заново.
Sign in to follow this  

Google redirect virus?

Recommended Posts

Hi, I think I have the Google redirect virus on my computer and would really appreciate any help to solve the problem.


Date issue started: I think yesterday morning (CET), July 31st.


First noticed: I think I was clicking too fast on a pop-up prompt to update the chipset on my computer, but not sure it had anything to do with it :(


Symptoms: At first I got mulitple windows claiming something about error rewriting or something and desktop wallpaper turnec black rearranging my desktop icons. Possibly some other windows warnings that I don't recall now. Later google searches redirected me, but for most of the time it seemed like my browser (Firefox) blocked these attempts showing the bar "someone attempts to redirect..." Seems to be primarely related to google searches and gmail. Browser became very slow.


Steps taken: Ran Malwarebytes Anti Malware which detected a trojan which I deleted. Problem remained. Ran Windows defender, Malwarebytes, Kaspersky Virus Removal Tool and Webroot Secure Anywhere but none identified any threats. Tried to run Kaspersky TDSSkiller, but it wouldn't run on my computer. Tried everything in safe mode too, but without sucess.


GSI Log: http://www.getsysteminfo.com/read.php?file...d3bb51029d5a382



Share this post

Link to post

If you don't have Kaspersky installed, please feel free to use the Kaspersky Malware Removal Tool (AVPTool). It is linked in the first Important topic.

Attach its sysinfo.zip, located at Virus Removal Tool\LOG\avptool_sysinfo.zip

Share this post

Link to post

Your log looks clean.


Tried to run Kaspersky TDSSkiller, but it wouldn't run on my computer.


Attach a Combofix log, please review these instructions carefully before downloading Combofix, and follow these instructions carefully after downloading Combofix.


Before downloading and Saving combofix to Desktop, please rename combofix to something like 123.exe to stop malware from disabling it.


Now, please make sure no other programs are running, close all other windows and pause Kaspersky (right click the K icon and click pause protection > Choose the

option "resume manually" if still active) until after the scanning and removal process has taken place.


Please double click on the Combofix file you downloaded. Follow the onscreen prompts to start the scan.

Once the scanning process has started please DO NOT click on the Combofix window or attempt to use your computer as this can cause the scanning process to stall.

It may take a while to complete scanning and this is normal.


You will be disconnected from the internet and your desktop icons/toolbars will disappear during scanning, do not worry, this is normal and it will be restored after

scanning has completed.


Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please attach it to your next post. Also, please don't

forget to resume the Kaspersky that you paused.


Download Combofix here -> http://download.bleepingcomputer.com/sUBs/ComboFix.exe



The instructions posted here are for the original poster Only. If you have same or other issue, please see the first Important read me topic, and then open a New Topic for yourself.

Share this post

Link to post

You're welcome. Any changes noted with the issues?


please zip up C:\qoobox\quarantine and upload to a filehost such as http://www.mediafire.com/

Then, Private Message me the Download link to the uploaded file. Click my user name and select Send message. Lastly, uninstall Combofix by: Start > run >

type combofix /uninstall > ok. The space between the x and the / is needed. Or Start > run > type 123 /uninstall > ok.

Share this post

Link to post

Thanks, you have the link PMed. After the combofix the problems persisted, but now I could not open any programs from desktop icons or start menue. Did a clean boot and fixed some broken links, now it works again. Had some redirects after though, but firefox seems to block them. Strange.

Share this post

Link to post

Thanks, I can't run the TDSSkiller from desktop in either normal or safe mode. Tried to rename before downloading too. Yes I am using a router for wifi.

Share this post

Link to post

News: I did find something in the autostart panel (in the control panel, file alternatives) called qmiLNIQvQJ (dot) exe that I dont recognize. I thought for a while that the computer was up an running and startet to clean out som programs, everything worked fine including starting from menu and desktop icons. Now I am back to be able to open any programs besides web browser and the computer is slow again.

Share this post

Link to post
autostart panel (in the control panel, file alternatives) called qmiLNIQvQJ (dot) exe...
Please post the screenshot of that.


How to take and post screenshot: PrtSc (Print screen) key (upper right part of keyboard)> open Paint (Start > All programs > Accessories) > Edit > Paste, File > Save as (jpeg or

png, Not bmp). When replying, Browse > click once to select file > Open > Upload > add reply.

Share this post

Link to post

You're welcome. Your screenshot: Enable Always show all icons, then post the screenshot of the notification area icons.


You do not have an anti virus application installed. Please install anti virus and do a scan.

Share this post

Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this