Google Re-direct Virus

According to your logs you have both IE and Firefox, are they both giving you problems or is it just IE ?

I kind of stay away from Internet Explorer myself, haven't used it in years, Firefox is so much more secure, you may want to think about adding these to Firefox

AdBlock and NoScript

https://addons.mozilla.org/en-US/firefox/addon/adblock-plus/


I am leaning towards your router being the problem, are there other computers that access it and are they having problems ?

Remove the power cord from the back of the router and let it sit for about 5 min to flush everything out, then plug it back in and see if it helped
 
I do have both IE and Firefox installed but I use Firefox exclusively.

I reset the router which did not fix the problem.

I tested another computer on the network using Firefox as well and did not experience any re-directs.

I tested IE on the infected computer and in 40 clicks I experienced no redirects. I went back to firefox and the 3rd click resulted in a re-direct.

I think we've narrowed it down to only occurring on Firefox on this computer.
 
Having re-read your most recent post, I have realized I only did a quick reset of the router and did not let it sit for a full five minutes as you prescribe. I'll do that now and report back.
 
Try this

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).
 
GooredFix by jpshortstuff (03.07.10.1)
Log created at 10:19 on 29/11/2012 (Justin Cox)
Firefox version 16.0.2 (en-US)

========== GooredScan ==========

(none)

========== GooredLog ==========

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [02:40 27/10/2012]

C:\Users\Justin Cox\Application Data\Mozilla\Firefox\Profiles\q0akvr6x.default\extensions\
(none)

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{1E73965B-8B48-48be-9C8D-68B920ABC1C4}"="C:\Program Files (x86)\AVG\AVG2012\Firefox4\" [22:05 10/03/2012]
"{F53C93F1-07D5-430c-86D4-C9531B27DFAF}"="C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\" [02:50 07/06/2012]

-=E.O.F=-
 
This is a strange one as most of the logs are coming up ok, lets do this, go to Programs and Features in the Control Panel and completely uninstall Firefox, then go to C:\Program Files and delete the Firefox and or the Mozzila folder.

Reboot and download and install a clean new copy

http://www.mozilla.org/en-US/firefox/new/
 
Feeling pretty silly for not having though of this myself.
Click to expand...

Not really, almost 95% of the time redirects are caused by a rootkit type of infection but your logs where not that bad.

Let do this, run this free online virus scanner and post the log, then I will keep this thread open for you for a few days in case it returns.


ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.


  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the
    esetOnline.png
    button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on
      esetSmartInstall.png
      to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the
      esetSmartInstallDesktopIcon.png
      icon on your desktop.
  4. Check
    esetAcceptTerms.png
  5. Click the
    esetStart.png
    button.
  6. Accept any security warnings from your browser.
  7. Check
    esetScanArchives.png
  8. Make sure that the option "Remove found threats" is Unchecked
  9. Push the Start button.
  10. ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  11. When the scan completes, push
    esetListThreats.png
  12. Push
    esetExport.png
    , and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  13. Push the
    esetBack.png
    button.
  14. Push
    esetFinish.png
Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Scanner.
 
C:\Qoobox\Quarantine\C\Users\Justin Cox\AppData\Local\Apps\Adobe\hvqaw.dll.vir a variant of Win32/Kryptik.APHW trojan
C:\Users\Thomas\Downloads\windows live messenger setup.exe a variant of Win32/Soft32Downloader.B application
 
Good Morning

This may be a false positive but it cant hurt to delete it
C:\Users\Thomas\Downloads\windows live messenger setup.exe

The file in Qoobox are just back ups of what Combofix removed, when we run cleanup they will be removed


We need to update your Java to keep you more secure
  1. Go to your Control Panel and click on the Java Icon ( looks like a little coffee cup ) click on About and you should have Version 7 Update 7, if not proceed with the instructions.
  2. Go to the update Tab and update it
  3. Then go to your Add Remove Programs (WIN XP) or Programs and Features (Vista / Win 7) in the Control Panel and uninstall all previous versions.

You can verify the installation Here






  • Click START then RUN
  • Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.


    CF-Uninstall.png




Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups, any programs that where not removed you can just drag to the trash.


Malwarebytes is the free version and yours to keep and will not be removed




Safe Surfn
Ken
 
I've completed all these steps. My Java system is now 7, Update 9, but I assume that's fine.

It's been 24 hrs since I reinstalled firefox and I haven't seen any re-directs.

Thanks so much for your help. I'm grateful that you volunteered your time and expertise to assist me.

:thanks:
 
Java, they post updates faster than I can change my socks :lip: Thats fine, thanks for the heads up. Keeping Java updated is just another tool in your arsenal for keeping your system secure.

Glad all is well,

Take Care,

Ken :)
 
You must log in or register to reply here.
Back
Top