Jump to content
  • Announcements

    • Rodion Nagornov

      Недоступность форума // Forum maintenance   08/16/2017

      В связи с техническими работами форум будет недоступен с 20.00 (МСК) 18.08.2017. Максимальное время недоступности - до 20.00 (МСК) 20.08.2017. *** Due to maintenance forum will be unavailable since 8pm (+3 GMT) 18-Aug-2017. The longest possible time of maintenance - till 8.pm (+3 GMT) 20-Aug-2017.
immanuelbeech

Google Redirect Virus

Recommended Posts

richbuff   

Welcome. Please see the first Important topic. There, you will find instructions for logs. And screenshot, too.

 

Please see the small print that is located at the bottom of this message.

Share this post


Link to post
Share on other sites
richbuff   

You used the old, outdated AVZ that is built into the old Kaspersky 2012, instead of downloading the fresh, new and shiny AVZ that is downloaded by following the link in the AVZ instructions that is posted in the first Important topic.

 

 

Share this post


Link to post
Share on other sites
You used the old, outdated AVZ that is built into the old Kaspersky 2012, instead of downloading the fresh, new and shiny AVZ that is downloaded by following the link in the AVZ instructions that is posted in the first Important topic.

 

My apologies, for I also saw a link that explained how to use Kaspersky. Here is the new file.

virusinfo_syscure.zip

Share this post


Link to post
Share on other sites
richbuff   

You are very low on ram.

 

Please add another two GB of ram. You have 64-bit Windows 7 with only 2 GB of ram. That is like the Navy buying the biggest aircraft carrier that they can afford, and then putting a Piper Cub on it.

 

Run this script, instructions: http://forum.kaspersky.com/index.php?showt...mp;#entry678368 PC will reboot:

begin
QuarantineFile('C:\Windows\system32\drivers\ottolsnj.sys','');
StopService('ottolsnj');
DeleteService('ottolsnj');
DeleteFile('C:\Windows\system32\drivers\ottolsnj.sys');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.

After run script, attach a Combofix log, please review these instructions carefully before downloading Combofix, and follow these instructions carefully after downloading Combofix.

 

Before downloading and Saving combofix to Desktop, please rename combofix to something like 123.exe to stop malware from disabling it.

 

Now, please make sure no other programs are running, close all other windows and pause Kaspersky (right click the K icon and click pause protection > Choose the

option "resume manually" if still active) until after the scanning and removal process has taken place.

 

Please double click on the Combofix file you downloaded. Follow the onscreen prompts to start the scan.

Once the scanning process has started please DO NOT click on the Combofix window or attempt to use your computer as this can cause the scanning process to stall.

It may take a while to complete scanning and this is normal.

 

You will be disconnected from the internet and your desktop icons/toolbars will disappear during scanning, do not worry, this is normal and it will be restored after

scanning has completed.

 

Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please attach it to your next post. Also, please don't

forget to resume the Kaspersky that you paused.

 

Download Combofix here -> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

--------------------

The instructions posted here are for the original poster Only. If you have same or other issue, please see the first Important read me topic, and then open a New Topic for yourself.

Share this post


Link to post
Share on other sites

Thank you, but before I begin all of this, is it required that I add more RAM? Or was that just your advice for future reference if I want to continue to have a functional computer?

 

edit: del quote.

Edited by richbuff

Share this post


Link to post
Share on other sites
richbuff   

Run this script, instructions same as the last one:

begin
CreateQurantineArchive('c:\quarantine.zip');
end.

A file called quarantine.zip should be created in C:\. Then please zip up C:\qoobox\quarantine and upload both it and C:\quarantine.zip to a filehost such as http://www.mediafire.com/

Then, Private Message me the Download link to the uploaded file. Click my user name and select Send message. Lastly, uninstall Combofix by: pause Kaspersky > Start > run >

type combofix /uninstall > ok. The space between the x and the / is needed. Or Start > run > type 123 /uninstall > ok. Restart Kaspersky.

 

Please attach a HiJackThis log: http://www.bleepingcomputer.com/download/hijackthis/

Share this post


Link to post
Share on other sites
richbuff   

Please right click HiJackThis and select Run as administrator, and Fix Checked the below items, if you do not recognize them as belonging to your internet service provider. Instructions, please scroll down to figure 6, here: http://www.bleepingcomputer.com/tutorials/...use-hijackthis/

 

O17 - HKLM\System\CCS\Services\Tcpip\..\{256AF131-1843-4C8E-89A5-7C0DA90BEBFC}: NameServer = 66.228.116.178,66.228.116.179
O17 - HKLM\System\CCS\Services\Tcpip\..\{658E85EB-BF65-418D-AF7B-05047B857A0B}: NameServer = 66.228.116.178,66.228.116.179
O17 - HKLM\System\CCS\Services\Tcpip\..\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 66.228.116.178,66.228.116.179
O17 - HKLM\System\CCS\Services\Tcpip\..\{9687B1F6-7150-477A-87BE-AFC48DBE098F}: NameServer = 66.228.116.178,66.228.116.179
O17 - HKLM\System\CS1\Services\Tcpip\..\{256AF131-1843-4C8E-89A5-7C0DA90BEBFC}: NameServer = 66.228.116.178,66.228.116.179
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 66.228.116.178,66.228.116.179

 

Reboot when done. Any better?

 

If not, please Private Message me links to websites that you get redirected to.

Share this post


Link to post
Share on other sites

I reset IE and it works for now. I am unable to do anything with the router because I live in an apartment, and they own it. I usually use google chrome as my browser, however. I uninstalled and reinstalled it. Right now it seems as if the virus is gone. How do I prevent myself from getting it again?

Share this post


Link to post
Share on other sites
richbuff   

It looks like the malware changed your IE proxy settings.

 

Prevent by following all of the universally recognized rules for safe computing.

 

Safe computing is just like safe other things. Be careful where you stick your pointer.

 

Don't open malicious email attachments. Don't click on links in malicious emails. Don't stick other peoples removable media in your PC.

 

Other people use their own PCs; only you use your PC.

 

Keep everything on the PC up to date, including Windows and all applications.

 

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×