Google Redirect Virus, Need Help (w/ Logs)

I got the google redirect virus from using IE5, some java exploit (i had an old version) and i got that fake anti-virus scanner. I quickly did a system restore and that fixed almost everything except I still have the google redirect virus! Ran avast, deleted what I could, ran Malwarebytes, deleted all I could, SUPERAntivirus and Ad-aware the same. Spybot S&D found nothing, they all find nothing now but the problem still persists! Attached are the logs of OTL, GMER and GooredFix. Any help would be very much appreciated!

I also have a browser redirect problem and I have yet to find out how to clear this from my computer. Today I bought Ad Aware Pro, however that does not clear the problem.

I have been using Avast for years, and have not had as many problems as in the last week. I am not blaming Avast, but it seems my computer has truly turned into a waster of my time. I am tired of scanning and then not being able to clear the virus.

I have run Malware Bytes Antimalware, which no longer recognizes any issues on my computer.

I really dont know what to do.

@ helpz

IE5 is as old as Methuselah

XP Professional Edition Service Pack 2 is way downlevel and will not be supported by Microsoft soon ::slight_smile:

Important notice for users of Windows XP with Service Pack 2 (SP2): The support for your product ended July 13, 2010! To ensure that you will receive all important security updates for Windows you need to upgrade to Windows XP with Service Pack 3 (SP3) or later versions such as Windows 7.
http://support.microsoft.com/gp/windowsxpsp2

Please read

Cons: A feature set that comes with a lot of promise and hype, but doesn’t deliver on even a fraction of what they claim.
http://anti-spyware-review.toptenreviews.com/ad-aware-se-pro-review.html

  1. Run a boot time scan with avast…!! (32bit only) Fixed…? If not see 2.
  2. Go here: http://support.emsisoft.com/forum/6-malware-removal-help/
    asyn

@helpz

Hi, :slight_smile:

Please read carefully and follow these steps.

[*]Download TDSSKiller and save it to your Desktop.
[*]Extract its contents to your desktop.
[*]Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerMain.png

[*]If an infected file is detected, the default action will be Cure, click on Continue.

http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerMal-1.png

[*]If a suspicious file is detected, the default action will be Skip, click on Continue.

http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerSuspicious.png

[*]It may ask you to reboot the computer to complete the process. Click on Reboot Now.

http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerCompleted.png

[*]If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
[*]If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of “TDSSKiller.[Version][Date][Time]_log.txt”. Please copy and paste the contents of that file here.

THEN

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

[*]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

[*]Double click on ComboFix.exe & follow the prompts.

[*]As part of it’s process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it’s strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

[*]Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it’s malware removal procedures.

http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v706/ried7/whatnext.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

thx essex i’ll report back

tds found 1 thing, trying combofix now

combofix log

I think the problem is fixed! I had almost gotten used to it! :smiley: TDSSKiller and then Combofix seems to have done the trick! Thanks so much everyone and special thanks to essexboy! Such top notch support! :smiley:

I like an easy one now and then ;D I would recommend updating to SP3 now

Looking at that I am a happy bunny :slight_smile:

I will remove my tools now and give some recommendations, but I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so…The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

:Commands
[resethosts]
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself. MBAM can be uninstalled via control panel add/remove along with ERUNT. But they may be useful tools to keep

We will now confirm that your hidden files are set to that, as some of the tools I use will change that

[*]Click Start.
[*]Open My Computer.
[*]Select the Tools menu and click Folder Options.
[*]Select the View Tab.
[*]Under the Hidden files and folders heading select Do not show hidden files and folders.
[]Click Yes to confirm.
[
]Click OK.

SPRING CLEAN

Download and run Puran Disc Defragmenter

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
[*]SpywareBlaster to help prevent spyware from installing in the first place.

http://img233.imageshack.us/img233/7729/mbamicontw5.gif
Malwarebytes. Run weekly to keep your system clean

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit
[*]Microsoft Windows Update

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe :wave:

thanks so much essex, I haven’t had any problems since! ;D I will do all those steps tomorrow right now I need some sleep :smiley: Thanks for the follow up!

No problems - enjoy