Hi,

Looks like we’ve been hit with this same Google redirect malware that so many other here have. Humbly requesting help. Attached is the OTS log.

Thanks

Start OTS. Copy/Paste the information in the quotebox below into the panel where it says “Paste fix here” and then click the Run Fix button.

[Unregister Dlls]
[Registry - Safe List]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {5C255C8A-E604-49b4-9D64-90988571CECB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
[Files/Folders - Modified Within 30 Days]
NY ->  ~16375588 -> C:\Documents and Settings\All Users\Application Data\~16375588
NY ->  ~16375588r -> C:\Documents and Settings\All Users\Application Data\~16375588r
NY ->  16375588 -> C:\Documents and Settings\All Users\Application Data\16375588
[Files - No Company Name]
NY ->  Microsoft Security Essentials.lnk -> C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
NY ->  ~16375588 -> C:\Documents and Settings\All Users\Application Data\~16375588
NY ->  ~16375588r -> C:\Documents and Settings\All Users\Application Data\~16375588r
NY ->  16375588 -> C:\Documents and Settings\All Users\Application Data\16375588
[Empty Temp Folders]
[EmptyFlash]
[Reboot]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here

I will review the information when it comes back in.

Thanks - here’s the information from the log file. (The “Avast blocked 64.211…” pop-up and re-direct is still happening though).

Download aswMBR.exe ( 1.8mb ) to your desktop.

Double click the aswMBR.exe to run it

Click the “Scan” button to start scan

http://i1224.photobucket.com/albums/ee362/Essexboy3/aswMBR2-1.gif

On completion of the scan click save log, save it to your desktop and post in your next reply

http://public.avast.com/~gmerek/aswMBR2.png

Thanks again - here’s the results from the scan.

MBR:Sst [Rtk] - what is a beast? This is something new or what?

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
Remember to re-enable them afterwards.

Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt

A variant from the Alureon family.

Here is the Combofix log. Thanks again for all the help.

Now, when you reboot Windows, you’ll see it briefly displays the following:

Using the arrow keys on your keyboard to choose the first item: Microsoft Windows Recovery Console.

After entering the RC (Recovery Console) it is necessary to click 1 and you press Enter:

It is necessary to enter password the Administrator account
If the administrator password not, just press Enter

When the screen is written C: \ Windows> _ Type the following command:

fixmbr

If you are prompted: Are you sure you want to write a new MBR, click:

Y

Shortly after that the screen will show: The new master boot record has been successfully written.

Attachment Images