Google virus, NOT redirect virus. PLEASE HELP!

Ok, I am really angry. This has been going on for a week now, Avast, get your **** together >:(.
As you can see, when ever I search something in google, images or text it shows up as a virus, and on images some pictures dont load.
I know this cannot but a real virus, but is this a real virus?
Why is this happening?
Someone tell me how to fix this, or I’m going to stop using avast.

http://img69.imageshack.us/img69/6332/searchsomethingrecievev.png

http://img221.imageshack.us/img221/3350/unledyddc.png

Bump, Someone please help, now I can’t even access pages that are connected to google (like news.google.com )
because avast keeps blocking it. >:(

Follow this guide from our expert malware remover Essexboy
http://forum.avast.com/index.php?topic=53253.0
( post the logs here in this topic and not in the guide )

To avoid using multiple post with copy and paste you have to attach the log`s
Lower left corner: Additional Options > Attach ( Malwarebytes log / OTS log ) save OTS log as ANSI

Essexboy will look at the logs when posted…

is it maleware or is it just an error?

It seems that you are infected.

Heres the OST thing, someone please help me :frowning:
Also, how did I get this infection!? Avast is suppose to keep me from getting such infections!!

No security program have 100% detection…and never will

Essexboy is notified…

Yes but Avast is said to be the best free anti-virus out there!
Or am I wrong?
False marketing !?

the bad guys have access to the same AV tools you have, and they test there new malware before they release it, so AV companys will always be one step behind. And if lucky, you are the first one to meet this new malware :wink:

Currently I am working on systems using - to name a few, ESET, Trend, Norton, AVG, Kaspersky and CA all infected

The majority of infections are via social engineering, where you are tricked into running the malware

I believe you have an MBR type infection

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

[]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
[
]Double click on ComboFix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.

Double click the aswMBR.exe to run it

Click the “Scan” button to start scan

http://i1224.photobucket.com/albums/ee362/Essexboy3/aswMBR2-1.gif

On completion of the scan click save log, save it to your desktop and post in your next reply

http://public.avast.com/~gmerek/aswMBR2.png

Okay, im currently doing the scan combofix, how many stages are there?
right now im on stage 48.
Also how do you guys think I got this infection?

this thing has created tons of files!??! why ?

They will be removed once we have finished with it, I will not leave them on your system

Could I have the aswMBR next. As to how you got it I have no idea as there are no evident files showing in the log

ok now im just waiting for the aswMBR to finish. Do you think this is a serious infeciton :confused: ??

here is the aswMBR log

Don’t worry about the suspicious files which the .sys.mui ones we feel are due to an overly sensitive heuristics, seeing the double file extension; an old trick used to try and hide what the true file extension/purpose is.

The C:\Windows\System32\drivers\wimmount.sys we suspect is a false positive.

I think there is definitely something there but probably not an MBR Rootkit as aswMBR is reporting a Windows 7 default MBR code. But it is showing an Unknown hook. So this may be a TDL rootkit.

However, you may want wait for instructions form essexboy on how to proceed.

I think Essxeboy may well recommend that you run TDSSKiller to see if that can deal with it, but he may not be back on-line until tomorrow evening as it is now 11:57pm in the UK and he has to be up for work tomorrow.

I leave the choice up to you if you wish to wait:

[quote="essexboy"]
[b]Please read carefully and follow these steps.[/b]  

[*]Download [b][url=http://support.kaspersky.com/downloads/utils/tdsskiller.zip]TDSSKiller[/url][/b] and save it to your Desktop. 
[*]Extract its contents to your desktop. 
[*]Once extracted, open the TDSSKiller folder and doubleclick on [b]TDSSKiller.exe[/b] to run the application, then on [b]Start Scan.[/b] 
 
 

http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillermain.png
 
 
 
[*]If an infected file is detected, the default action will be [b]Cure[/b], click on [b]Continue.[/b] 
 

http://i1224.photobucket.com/albums/ee362/Essexboy3/TDSSKillerMal-1.png

 
 
[*]If a suspicious file is detected, the default action will be [b]Skip[/b], click on [b]Continue.[/b] 
 

http://i1224.photobucket.com/albums/ee362/Essexboy3/TDSSKillerSuspicious.png

 
 
[*]It may ask you to reboot the computer to complete the process. Click on [b]Reboot Now[/b]. 
 

http://i1224.photobucket.com/albums/ee362/Essexboy3/TDSSKillerCompleted.png

 
 
[*]If no reboot is require, click on [b]Report[/b]. A log file should appear. Please copy and paste the contents of that file here. 
[*]If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "[b]TDSSKiller.[Version]_[Date]_[Time]_log.txt[/b]". Please copy and paste the contents of that file here.
[/quote]

Snap ;D

Looks like it is an older variant - on completion of this run can you let me know what problems remain

Please read carefully and follow these steps.

[*]Download TDSSKiller and save it to your Desktop.
[*]Extract its contents to your desktop.
[*]Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillermain.png

[*]If an infected file is detected, the default action will be Cure, click on Continue.

http://i1224.photobucket.com/albums/ee362/Essexboy3/TDSSKillerMal-1.png

[*]If a suspicious file is detected, the default action will be Skip, click on Continue.

http://i1224.photobucket.com/albums/ee362/Essexboy3/TDSSKillerSuspicious.png

[*]It may ask you to reboot the computer to complete the process. Click on Reboot Now.

http://i1224.photobucket.com/albums/ee362/Essexboy3/TDSSKillerCompleted.png

[*]If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
[*]If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of “TDSSKiller.[Version][Date][Time]_log.txt”. Please copy and paste the contents of that file here.

TDSSKiller only found suspicious file, none infected.
so am I safe now?

Bear with me just rechecking the logs

Ok thanks. :slight_smile: