Google Re-direct Virus

[highspeedraptor]

still happening

[ken545]

This is a strange one as most of the logs are coming up ok, lets do this, go to Programs and Features in the Control Panel and completely uninstall Firefox, then go to C:\Program Files and delete the Firefox and or the Mozzila folder.

Reboot and download and install a clean new copy

http://www.mozilla.org/en-US/firefox/new/

[highspeedraptor]

I've reinstalled and so far it seems to have done the trick. Feeling pretty silly for not having though of this myself.

[ken545]

Feeling pretty silly for not having though of this myself.

Not really, almost 95% of the time redirects are caused by a rootkit type of infection but your logs where not that bad.

Let do this, run this free online virus scanner and post the log, then I will keep this thread open for you for a few days in case it returns.


ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.

1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
   ESET OnlineScan
2. Click the button.
3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
   1. Click on to download the ESET Smart Installer. Save it to your desktop.
   2. Double click on the icon on your desktop.
4. Check
5. Click the button.
6. Accept any security warnings from your browser.
7. Check
8. Make sure that the option "Remove found threats" is Unchecked
9. Push the Start button.
10. ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
11. When the scan completes, push
12. Push , and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
13. Push the button.
14. Push

Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Scanner.

[highspeedraptor]

C:\Qoobox\Quarantine\C\Users\Justin Cox\AppData\Local\Apps\Adobe\hvqaw.dll.vir a variant of Win32/Kryptik.APHW trojan
C:\Users\Thomas\Downloads\windows live messenger setup.exe a variant of Win32/Soft32Downloader.B application

[ken545]

Good Morning

This may be a false positive but it cant hurt to delete it
C:\Users\Thomas\Downloads\windows live messenger setup.exe

The file in Qoobox are just back ups of what Combofix removed, when we run cleanup they will be removed


We need to update your Java to keep you more secure

1. Go to your Control Panel and click on the Java Icon ( looks like a little coffee cup ) click on About and you should have Version 7 Update 7, if not proceed with the instructions.
   
2. Go to the update Tab and update it
   
3. Then go to your Add Remove Programs (WIN XP) or Programs and Features (Vista / Win 7) in the Control Panel and uninstall all previous versions.

You can verify the installation Here

• Click START then RUN
• Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.
  
  
  

Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups, any programs that where not removed you can just drag to the trash.


Malwarebytes is the free version and yours to keep and will not be removed

• How did I get infected in the first place ?
  Read these links and find out how to prevent getting infected again.
• Tutorial for System Restore <-- Do this first to prevent yourself from being reinfected.
• WhattheTech
• Grinler BleepingComputer
• GeeksTo Go
• Dslreports

Safe Surfn
Ken

[highspeedraptor]

I've completed all these steps. My Java system is now 7, Update 9, but I assume that's fine.

It's been 24 hrs since I reinstalled firefox and I haven't seen any re-directs.

Thanks so much for your help. I'm grateful that you volunteered your time and expertise to assist me.

[ken545]

Java, they post updates faster than I can change my socks Thats fine, thanks for the heads up. Keeping Java updated is just another tool in your arsenal for keeping your system secure.

Glad all is well,

Take Care,

Ken