Malware redirects Google Search Results

[GreenWithEnvy]

Hi Jeff. My system is running well. I mentioned some of these things before. These are things that don't seem right to me.

When I send email, I get a pop-up window that someone is trying to access my email addresses or contact list or something and I have to "allow" it. This is driving me crazy. This may have something to do with the hard drive I added which embedded a toolbar into outlook (can you believe that?). And when I delete the toor bar, it shows up again the next time I reboot. I can't know for sure if this Outlook behavior is because of the external hard drive software or not.

When I boot up, the system no longer sees my harddrive for some reason. I could probably fix that by removing all of the software for the product and starting over again. I'm sure I could fix it myself.

I could problaby fix it by running Microsoft Fixit Center, but I cannot pull the software from Microsoft using their downloaded setup exe. And when I looked up this problem, they said it's usually caused by malware removal software that prevents certain exes from running on your PC. I can live without this, just don't know how often I'll encounter this sort of thing.

Outside of those non-serious issues, everything's running well and I'm not noticing any issues.

[jeffce]

Hi,

This may have something to do with the hard drive I added which embedded a toolbar into outlook (can you believe that?)

I would say that sounds accurate.
----------

If your external hard drive is used through a USB port than it was ComboFix that stopped that. As a default action, ComboFix will stop all autorun features as a security measure. It is even recommended by Microsoft to not use the autorun feature any longer so that malware will not download and run automatically when you insert a USB drive or CD. If you want to access them you just need to manually run them.
----------

Providing there are no other malware related problems...

IT APPEARS THAT YOUR LOGS ARE NOW CLEAN :D SO LETS DO A COUPLE OF THINGS TO WRAP THIS UP!! :D

This infection appears to have been cleaned, but I can not give you any absolute guarantees. As a precaution, I would go ahead and change all of your passwords as this is especially important after an infection.
----------

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following text into the Run box as shown and click OK.
Combofix /Uninstall
(Note: There is a space between the ..X and the /U that needs to be there.)


----------

Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.

Here are some tips to reduce the potential for spyware infection in the future:

1. Make your Internet Explorer more secure - This can be done by following these simple instructions:

• From within Internet Explorer click on the Tools menu and then click on Options.
• Click once on the Security tab
• Click once on the Internet icon so it becomes highlighted.
• Click once on the Custom Level button.
• Change the Download signed ActiveX controls to Prompt
• Change the Download unsigned ActiveX controls to Disable
• Change the Initialize and script ActiveX controls not marked as safe to Disable
• Change the Installation of desktop items to Prompt
• Change the Launching programs and files in an IFRAME to Prompt
• Change the Navigate sub-frames across different domains to Prompt
• When all these settings have been made, click on the OK button.
• If it prompts you as to whether or not you want to save the settings, press the Yes button.
• Next press the Apply button and then the OK to exit the Internet Properties page.

2. Enable Protected Mode in Internet Explorer. This helps Windows Vista users stay more protected from attack by running Internet Explorer with restricted privileges as well as reducing the ability to write, alter or destroy data on your system or install malicious code. To make sure this is running follow these steps:

• Open Internet Explorer
• Click on Tools > Internet Options
• Press Security tab
• Select Internet zone then place check next to Enable Protected Mode if not already done
• Do the same for Local Intranet, Trusted Sites and Restricted Sites and then press Apply
• Restart Internet Explorer and in the bottom right corner of your screen you will see Protected Mode: On showing you it is enabled.

3. Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.

4. Firewall
Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly. A tutorial on firewalls can be found here. **There are firewalls listed in this tutorial that could be downloaded and used but I would personally only recommend using one of the following two below:
Online Armor Free
Agnitum Outpost Firewall Free

5. Make sure you keep your Windows OS current. Windows XP users can visit Windows update regularly to download and install any critical updates and service packs. Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems. Without these you are leaving the back door open.

6. WOT (Web of Trust) As "Googling" is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites. WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome.

7.Finally, I strongly recommend that you read TonyKlein's good advice So how did I get infected in the first place?

Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.

[GreenWithEnvy]

Hello Jeff:

I am confirming that my PC is in good shape and you can close this thread.

Thank you thank you thank you so much for assisting me in getting rid of this malware. Please post information on how I can show my gratitude further and can contribute to keeping this great forum up and running. It's such a valuable resource.

Thank you once again. I REALLY appreciate all of the help and assistance!

Mike

[jeffce]

Hi Mike,

Glad that it is back to running well. I am glad that we could be of help!

Please post information on how I can show my gratitude further and can contribute to keeping this great forum up and running. It's such a valuable resource.

You can go here to contribute if that is what you would like to do. It is very much appreciated.

[GreenWithEnvy]

Hello Jeff:

My Outlook email is back to normal. The storage device had its hooks in it and I uninstalled all of the features I did not want, and that solved that one issue.

Also, I just made a donation through Paypal. I wanted to mention your name in there, but unfortunately, I didn't see a place to add a note. Sorry about that, but I did contribute.

Thanks again,

Mike

[jeffce]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you are the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
----------