Search Engine Links Lead me to Virus-Detected Sites

Hello,

Yesterday night (May 31, 2010), I searched Google for Hyundai. I clicked on the Wikipedia link, and was redirected to a website that caused Avast to pop up with the warning siren that says “Caution: A virus has been detected.”

I tried this with several other searches with the same result.

I did not click on any “sponsored links” either. These links were the normal ones.

I even tried a different search engine, Bing, and the same thing still occurs.

Thankfully unlike my previous virus troubles, my computer isn’t 99% crippled by this one. :stuck_out_tongue:

What program(s) should I download and what log(s) should I post and how would I go about finding them? :slight_smile: (Please remember that I cannot use any search engines due to the nature of my problem)

What exactly do you want? Get your computer clean?
Are you experiencing trouble in any search you perform?

Yes, I am experiencing trouble in every search I perform.

And yes, I would like to get my computer clean please. I think a virus might be causing this problem.

I suggest:

  1. Clean your temporary files.
  2. Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! instead.
  3. Use MBAM (or SUPERantispyware or even Spyware Terminator) to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete them.
  4. Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.
  5. Make a HijackThis log to post here or this analysis site. Or even submit the RunScanner log to to on-line analysis.
  6. Clean your Hosts file (replacing it) with HostsMan tool.
  7. Disable System Restore and then reenable it again.
  8. Immunize your system with SpywareBlaster.
  9. Check if you have insecure applications with Secunia Software Inspector.

Step 6 seems to be essential.

Please follow Essexboy’s instructions.

I have attached the MBAM log and the OTL log to this post. Due to the file size restriction, I must most the OTL extra file in the next post.

I have attached the OTL extra file to this post.

Those look clear - are your still getting re-directed ?

http://www.geekstogo.com/misc/guide_icons/gmer.png
GMER Rootkit Scanner - Download - Homepage
[] Download GMER
[
] Extract the contents of the zipped file to desktop.
[*] Double click GMER.exe.

http://img.photobucket.com/albums/v666/sUBs/gmer_zip.gif

[*] If it gives you a warning about rootkit activity and asks if you want to run a full scan…click on NO, then use the following settings for a more complete scan…
[*] In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED
[] IAT/EAT
[
] Drives/Partition other than Systemdrive (typically C:)
[*] Show All (don’t miss this one)

http://www.geekstogo.com/misc/guide_icons/GMER_thumb.jpg

Click the image to enlarge it

[*] Then click the Scan button & wait for it to finish.
[*] Once done click on the [Save…] button, and in the File name area, type in “ark.txt”
[*]Save the log where you can easily find it, such as your desktop.
CautionRootkit scans often produce false positives. Do NOT take any action on any “<— ROOKIT” entries
Please copy and paste the report into your Post.

I’m not being redirected anymore, but should I still do the GMER thing to make sure I got everything off?

Yes please

Hey essexboy, sorry about this, but the problem returned before I got around to doing the GMER scan. I ran another MBAM and OTL scan. I’ve attached the files to this post. I don’t know if this will change anything, so I will wait for further instructions to proceed with anything.

Sorry about this complication :-[

Hi I will need the GMER log as that will show me which file has been patched

The GMER log is attached to this post.

I don’t know what is happening to my computer at this point; it got so slow that I had to restart it because it froze multiple times while I was scanning with GMER. After the GMER scan finally finished (took roughly 3 hours), I had to restart my computer again because my internet wouldn’t load.

OK me sees it

Download TDSSKiller and save it to your Desktop.

[*]Extract the file and run it.
[*]Once completed it will create a log in your [b]C:[/b] drive
[]Reboot your computer
[
]Please post the contents of that log

Haha that made my day ;D

The scan produced two logs, so I’m posting both. :slight_smile:

Edit: I think the first file was older, but was updated by the restart, I was looking at the dates that the files were last updated when I posted them.

The redirects should now have ceased

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

[*]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

[*]Double click on ComboFix.exe & follow the prompts.

[*]As part of it’s process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it’s strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

[*]Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it’s malware removal procedures.

http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v706/ried7/whatnext.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

The log is attached to this post.

What problems do you have now ?

None that I can see as of now. I will keep you updated if anything comes up.

I will remove my tools now and give some recommendations, but I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so…The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself. MBAM can be uninstalled via control panel add/remove along with ERUNT. But they may be useful tools to keep

We will now confirm that your hidden files are set to that, as some of the tools I use will change that

[*]Click Start.
[*]Open My Computer.
[*]Select the Tools menu and click Folder Options.
[*]Select the View Tab.
[*]Under the Hidden files and folders heading select Do not show hidden files and folders.
[]Click Yes to confirm.
[
]Click OK.

SPRING CLEAN

Download TFC to your desktop

[*]Open the file and close any other windows.
[*]It will close all programs itself when run, make sure to let it run uninterrupted.
[*]Click the Start button to begin the process. The program should not take long to finish its job
[*]Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

THEN

Download Flush Flash from Here and follow the easy to use instructions on the same page

NEXT

Download and run Puran Disc Defragmenter

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
[*]SpywareBlaster to help prevent spyware from installing in the first place.

http://img233.imageshack.us/img233/7729/mbamicontw5.gif
Malwarebytes. Run weekly to keep your system clean

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit
[*]Microsoft Windows Update

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe :wave: