Hi
Looks like I have the Google Redirect virus on my desk top and on the wife’s lap top . After clicking on a Google result I land up at an unexpected site…very annoying .
Can someone help me please?
What information do you want about my system ?
Thanks in anticipation .
Stonk
Thanks Asyn
Sorry for the delay
total file size was over the limit
so this is the last one
i see something called PC Tools Security…is that a another antivirus program installed
Yes
PC Tools Spyware Doctor with AntiVirus its DISABELED
Hi you say it is occuring on both the lapptop and the desktop ? This suggests that it may be the router that is infected…
Could you reset the router to defaults please, do you know how to do that ?
Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the “Scan” button to start scan
http://i1224.photobucket.com/albums/ee362/Essexboy3/aswMBR%20shots/aswMBRScan.gif
On completion of the scan click save log, save it to your desktop and post in your next reply
http://i1224.photobucket.com/albums/ee362/Essexboy3/aswMBR%20shots/aswMBRsavelog.gif
THEN
Please download GetPartitions from the link bellow. You must right click on the link and choose Save as…. Save it as GetPartitions.bat on your desktop
Double click it to run it (If running Vista or Windows 7, right click on it and select “Run as an Administrator”).
It will produce C:\DiskReport.txt log please post results from that log here to me.
The antivirus engine may conflict with avast so i would remove it
Dont have clue as to resetting the router
Spyware Doctor is now uninstalled
aswMBR log attatched
Disk report attatched
Dont have clue as to resetting the routerThere is usually a reset button on the back side....you usually need a needle to press it
what router do you have…Name and Number
Netgear WGR614v9
It has a reset button on top
Im not certain what pressing it will do ???
Press and hold it down for a few seconds and it will then reset to the default settings that were on it when you first recieved it
Once done could you see if the redirects still occur
Looks like I’m sorted. ;D
No problems with ether machine now.
Very many thank to you all for your help.
after you reset your router you need to secure it again…did you do that ?
I had to enter a SSID name and a security passphrase before I could connect my desk top PC (hard wired), but wife’s WIFI laptop was not affected .
Thanks for your concern
Just run OTL and hit the cleanup button to remove it - for the other two programmes just delete from the desktop ;D
Your router is one identified as suspect to DNS rebind attacks.
One way to parially protect yourself is to create a firewall rule to block any DNS resolution to localhost. That is create an outbound firewall rule to block TCP/UDP local port 53 local address any, remote port any remote address 127.0.0.1/255.0.0.0.
Hi Don
I goggled DNS rebind attacks and I’m still none the wiser ::).
I can find my way to Avast Fire Wall. All rules have been made by Avast without my intervention. So how do I create this new rule? Or would it be better to get a router without this vulnerability
If you have reset the router password to something other than default you should be OK
Oops! It was late last night when I was reading my router list vulernable to DNS rebind attacks. Yours is OK. Sorry about that.
Unfortunately I have reset the admin password on my router to a strong password multiple times only to get hit again with this rebind attack. Hence the firewall rule. Problem lies when you connect to your router GUI through your browser. That is when you can be hacked. It should be done through Telnet and I am too lazy to do that.
I have minimized the exploit’s impact by creating a honeypot server on my router to trap all unknown DNS requests which forces then to time-out and die.