Google redict virus - can you help remove

Viruses and worms
1

I have this Google Redirect virus on my main computer
Dell Optiplex 745, win xp pro, Intel Pentium D cpu 3.00GHz, 3 gb ram, ATI HD 4300/4500 video card)

Using current versions of Avast and malware Bytes

attached is AdwCleaner Result (AdwCleaner–R1.txt)

Attached also is the OTL.txt file OTL files

Hope someone can help.

Thanks,
Doc

2

Opps, not sure why, but it only let one file attach.
Here is the other.
Doc

3

Ran the 3rd scan tool, here is aswMBR post scan log file as a text file.

Doc

4

when run AdwCleaner…you did click the delete button?..as the log posted is search log and does not remove

did you run a quick scan with a updated malwarebytes?..you dont have to attach log if nothing was detected

malware removers are notified

5

Run AdwCleaner again and select delete

After this run let me know if the redirects continue

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:OTL
DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\aqcrutfc.sys -- (pxybjo)
FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
[2013/01/15 15:21:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Local Settings\Application Data\Updater21804
@Alternate Data Stream - 24 bytes -> C:\WINDOWS:AD385070E26DDED7


:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

6

I reran malware bytes quick scan, no issues.

I reran Adwcleaner using delete. Txt file is attached.

I opened a new Firefox, and it seems to have cleared. Yeah! :wink:
Can you pls help me understand what was going on? Does adwcleaner deal with registry fix? I want to understand this.

Thanks.

Doc

7

also run the OTL instructions in essexboys post above

8

Done.

No redirects that i see so far.

Thanks for all the support. Very much appreciated.

Doc

9

you need to attach new OTL log also so essexboy can check
see instructions at bottom of essexboys last post

he will be back tomorrow

10

See attached.

Thanks again.

11

Any further problems ?

12

All is working properly. Did the same google searches,and no redirects seen.

Well done!

Thanks for helping.

Doc P.

13

Subject to no further problems :slight_smile:

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so…The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

:Commands [resethosts] [emptytemp] [CLEARALLRESTOREPOINTS] [Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
[*]Click Start.
[*]Open My Computer.
[*]Select the Tools menu and click Folder Options.
[*]Select the View Tab.
[*]Under the Hidden files and folders heading select Do not show hidden files and folders.
[]Click Yes to confirm.
[]Click OK.

: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article and this article.
I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

http://img233.imageshack.us/img233/7729/mbamicontw5.gif
Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

If you use on-line banking then as an added layer of protection install Trusteer Rapport

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
[*]Microsoft Windows Update

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:

14

All done.

Really want your team to know how much help you are. Simply excellent.

Your team is the best.

Doc P.

15

That’s what we are here for Enjoy ;D

16

After all teh redirects were removed, this computer started acting weirdly. I was trying to create a new folder, to move some files to an external drive. eah time Roxio Creator 9 opened the install window, and started to install. But this large program is already installed (was 2 years ago). When I cancelled out, then retried to create a folder (file, new, folder), then it worked.

I rebooted the computer, and tried to delete Roxio and it’s updater, which got stuck and froze in the middle. After a reboot, i used c cleaner again and remove the Roxio Creator Suite 9 and it updater.

After rebooting, it seems to be working, but there is a lot of hard drive activity, even when I’m only using ms publisher, or using firefox.

I’m also noticing a new, flash to black then back to windows xp screen when my XP pro starts up. Is that normal? Never really noticed it before.
Any ideas? maybe the hard drive is getting too full? I think it’s a 1 TB dive with 900 GB on it.

I deleted all your tools, but would appreciate any ideas. The second time I deleted Roxio using cCleaner, I first opener “Process viewer” and watch the msi at work and it took a long time… I think I might have not been patient the first time.

Any ideas?

17

Have you run combofix on this system as the black flash may well be the boot options for recovery console

Right-click on My Computer and choose Properties in the menu.
The System Properties dialog box will open. This dialog box is also available under the System item in the Control Panel.
Select the Advanced tab.
Select the Settings button under Startup and Recovery.
The Startup and Recovery dialog box will open.
Uncheck the box Time to display the list of operating systems

18

Unchecked, applied and saved. I’ll reboot and see now.

19

Sorry for the delay.

Every time I right click, I get this roxio program trying to install.
If I got to delete a file, when I right click, I have to cancel the install, then the file deletes.

Attached are the scan files. I hop I can get this figured out.

Thanks

20

Here is one more additional file of the pre-scan, aswMBR

Thanks