Google redirect help

Good Morning,

Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
    • Only if Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)
 
Run this program first, then try both aswMBR and TDSSkiller

  • Please download rkill (Courtesy of Bleepingcomputer.com).
  • There are 5 different versions of this tool. If one of them will not run, please try the next one in the list.
  • Note: Vista and Windows 7 Users must right click and select "Run as Administrator" to run the tool.
  • Note: You only need to get one of the tools to run, not all of them.



  • Note: You will likely see a message from this rogue telling you the file is infected. Ignore the message. Leave the message OPEN, do not close the message.

    Run rkill repeatedly until it's able to do it's job. This may take a few tries.

    You'll be able to tell rkill has done it's job when your desktop (explorer.exe) cycles off and then on again.
 
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 09/06/2011 at 12:40:17.
Operating System: Microsoft Windows XP


Processes terminated by Rkill or while it was running:

C:\Documents and Settings\Greg\Desktop\rkill.scr
C:\Documents and Settings\Greg\Desktop\uSeRiNiT.exe
C:\WINDOWS\system32\grpconv.exe


Rkill completed on 09/06/2011 at 12:42:20.
 
Run this program first and try them again, but boot to safemode with networking and try it from there


To Enter Safemode
  • Go to Start> Shut off your Computer> Restart
  • As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly,
    this will bring up a menu.
  • Use the Up and Down Arrow Keys to scroll up to Safemode with Networking
  • Then press the Enter Key on your Keyboard
Tutorial if you need it How to boot into Safemode





Please download exeHelper to your desktop.

Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).
 
exeHelper by Raktor
Build 20100414
Run at 21:15:27 on 09/09/11
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

Thanks, Greg
 
exeHelper by Raktor
Build 20100414
Run at 21:15:27 on 09/09/11
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

exeHelper by Raktor
Build 20100414
Run at 21:21:35 on 09/09/11
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--
 
Ken, That is the only log I get, I get a "press any key to continue" prompt which I do, then nothing. However when I do this my computer seems to sound as if its running very loud, could be safe mode though. Should I discontinue use of Firefox as my browser?

Thanks, Greg
 
Firefox is a lot more secure than IE.

Try this

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).
 
Gooredfix log

GooredFix by jpshortstuff (03.07.10.1)
Log created at 14:50 on 12/09/2011 (Greg)
Firefox version 6.0.2 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [23:52 02/04/2008]

C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\8zvej24t.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b} [15:40 28/01/2011]
{4DC70064-89E2-4a55-8FC6-E8CDEAE3612C} [22:49 16/02/2010]
{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [19:18 20/08/2011]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{3f963a5b-e555-4543-90e2-c3908898db71}"="C:\Program Files\AVG\AVG9\Firefox" [01:25 24/10/2009]
"avg@igeared"="C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared" [16:41 13/08/2011]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [00:52 10/12/2010]

-=E.O.F=-

Thank you.
 
Hi Ken,

It seems as if the problem has been solved, computer on longer redirects. Should I dispose of all tools and texts that we downloaded during this process. I really appreciate you time and patients.

Greg
 
Hello Greg,

Thats great, we will remove all the tools we used when where done, just woulld like you to run a free online virus scanner in case we missed something.


ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the
    esetOnline.png
    button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on
      esetSmartInstall.png
      to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the
      esetSmartInstallDesktopIcon.png
      icon on your desktop.
  4. Check
    esetAcceptTerms.png
  5. Click the
    esetStart.png
    button.
  6. Accept any security warnings from your browser.
  7. Check
    esetScanArchives.png
  8. Make sure that the option "Remove found threats" is Unchecked
  9. Push the Start button.
  10. ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  11. When the scan completes, push
    esetListThreats.png
  12. Push
    esetExport.png
    , and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  13. Push the
    esetBack.png
    button.
  14. Push
    esetFinish.png
Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Scanner.
 
Ken'

I ran the scan which found 2 infected files, however I didnt save the text and lost it. If need be i'll run again, I'm certainly not making your job any easier.

Greg
 
Thats ok, not to worry but if you had it set not to remove them then we need to know what they where , so lets run it again
 
Back
Top