Google (& other) re-direct malware
- Thread starter jchirch
- Start date
I think we may be there!
Re-booted & ran Windows Update. It finally connected & downloaded 12 of 14 updates, showed the same "Windows encountered and unkown error" message. Second try produced "Downloaded 1 of 2; Windows encountered an unknown error". When I rebooted & tried a third time, Windows Update found no important updates available.
Kind of odd behavior, but I got my updates, and I don't have any problems with re-directs.
If you're satisfied, I am. Any advice re: anti-malware software?
Jack Chirch
Re-booted & ran Windows Update. It finally connected & downloaded 12 of 14 updates, showed the same "Windows encountered and unkown error" message. Second try produced "Downloaded 1 of 2; Windows encountered an unknown error". When I rebooted & tried a third time, Windows Update found no important updates available.
Kind of odd behavior, but I got my updates, and I don't have any problems with re-directs.
If you're satisfied, I am. Any advice re: anti-malware software?
Jack Chirch
Hi,
Since it was now able to download updates from Windows Update that issue should be under control (if there was still a problem with the WU itself then none of the updates couldn't have been downloaded).
Let's see the final steps next
THESE STEPS ARE VERY IMPORTANT
Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.
A To disable the System Restore feature:
1. Click on the Start button.
2. Hover over the Computer option, right click on it and then click Properties.
3. On the left hand side, click Advanced Settings.
4. If asked to permit the action, click on Allow.
5. Click on the System Protection tab.
6. Select c: drive and click Configure...
7. Select Turn off protection
8. Press OK.
Repeat steps 6-8 for each hard drive.
B. Reboot.
C Turn ON System Restore.
Follow the steps like you did when disabling system restore but on step 7. select Restore system settings and previous versions of files -option.
Now lets uninstall ComboFix:
UPDATING WINDOWS AND INTERNET EXPLORER
IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site to get the critical updates.
Download and run Secunia Personal Software Inspector (PSI) and fix its findings. Leave the program installed so you'll stay alarmed about vulnerable components in future too.
Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Once again, please post and tell me how things are going with your system... problems etc.
Have a great day,
Blade
Since it was now able to download updates from Windows Update that issue should be under control (if there was still a problem with the WU itself then none of the updates couldn't have been downloaded).
Together with Spybot you might want to give Malwarebytes' Anti-Malware a try.
Let's see the final steps next
THESE STEPS ARE VERY IMPORTANT
Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.
A To disable the System Restore feature:
1. Click on the Start button.
2. Hover over the Computer option, right click on it and then click Properties.
3. On the left hand side, click Advanced Settings.
4. If asked to permit the action, click on Allow.
5. Click on the System Protection tab.
6. Select c: drive and click Configure...
7. Select Turn off protection
8. Press OK.
Repeat steps 6-8 for each hard drive.
B. Reboot.
C Turn ON System Restore.
Follow the steps like you did when disabling system restore but on step 7. select Restore system settings and previous versions of files -option.
Now lets uninstall ComboFix:
- Click START then RUN
- Now copy-paste Combofix /uninstall in the runbox and click OK
UPDATING WINDOWS AND INTERNET EXPLORER
IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site to get the critical updates.
Download and run Secunia Personal Software Inspector (PSI) and fix its findings. Leave the program installed so you'll stay alarmed about vulnerable components in future too.
Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Once again, please post and tell me how things are going with your system... problems etc.
Have a great day,
Blade
Thanks very much for your help
*I have turned off System Restore, re-booted & re-enabled it to reset.
*I've un-installed ComboFix (which is a little scary--the installer/uninstaller displays the 'install' screens until the uninstall finishes) . . . but you probably knew that.
*I've installed Malware Bytes (it found one item)
*I've installed Secunia PSI (found none)
I'm set up for automatic Windows Update.
Thank you, Blade, for devoting the time and effort to cleaning up this machine. Here's to ya!
Jack
*I have turned off System Restore, re-booted & re-enabled it to reset.
*I've un-installed ComboFix (which is a little scary--the installer/uninstaller displays the 'install' screens until the uninstall finishes) . . . but you probably knew that.
*I've installed Malware Bytes (it found one item)
*I've installed Secunia PSI (found none)
I'm set up for automatic Windows Update.
Thank you, Blade, for devoting the time and effort to cleaning up this machine. Here's to ya!
Jack
You're welcome
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.
Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread.
If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.
Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread.
If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.