My husband has been having a problem with google search redirect of websites for a few weeks and recently AVAST has been blocking things like Win32:DNSChanger-VJ [Trj] Infection and a couple others and sending them to the chest. I have run full scan on boot and usually at least one infection, if not more, is sent to the chest. I have also downloaded and run several anti-malware programs which have removed some infections, but each time I reboot and go back online we are still redirected to strange sites upon doing a google search and receive warnings from AVAST about blocking threats.
I am sending this from my own laptop now. I see there are several topics on this subject and suggestions on fixes…but it looks like each issue and/or computer fix may be different.
With it coming back, then it is likely to have a hidden element restoring/downloading them again…
What is your OS and firewall ?
With this recurrence issue, it needs further analysis and probably specialist help.
This needs further analysis by a malware removal specialist:
Go to this topic http://forum.avast.com/index.php?topic=53253.0 for information on Logs to assist in cleaning malware. Use the information about getting and using the logs and attach (additional Options in the Reply window) the logs here in this topic, not in the LOGS topic.
It is almost 2:40am in the UK and I’m about to call it a night, also the malware removal specialist is in the UK too and it will be later this even before he is on the forums. So if you can download the tools, run the scans, attach the logs and he will have something to work with when he is on-line.
I am using Windows 7 Home Premium 64-Bit operating system. I can not access my firewall which is turned off, nor do I have any restore points to revert back to.
Last evening I ran a quick scan through aswMBR which showed nothing. I started a scan of C:\ and after almost 2 hours (and after showing in red: File: C:\Windows\assembly\tmp\u\80000032.@ INFECTED win32:DNSChanger-v3 [Tr - I can’t see the end of the file or expand the window) windows shut down unexpectedly. When it restarted there was no evidence of aswMBR being started, so I went to bed.
This morning I have started a full scan again but may have to wait until I am home from work to send the logs. Also, this morning I could not get into my network and sharing center and had to change settings to do so.
In my task manager I noticed PING.EXE*32. Is this normal?
Quickscan of aswMBR showed no infections. When I tried to scan C:\ (twice) once an infected file was shown in red, the computer shut down. Should I attach the quickscan log only, or try to do a scan of C:\ ?
Nope - I have found the culprit but it does need removing in a certain sequence. First I will remove the non critical malware and then get a stronger and better tool for the main miscreant. Please disable all Avast shields whilst these programmes are running as it could interfere
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Hmm the fix is a bit to big for the forum. At the end of this post will be a fix.txt attachment, download that to your desktop
Run OTL
[*]Press the Run Fix button
[*]A dialogue will open asking for the fix.txt location
[*]Browse to the text file you downloaded and select
[*]Then click the Run Fix button again
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
THEN
Download and Install Combofix
Download ComboFix from one of the following locations: Link 1 Link 2
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
[*]Double click on ComboFix.exe & follow the prompts.
[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks