Google redirect came back - ken545

Looks ok,

Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
    • Only if Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)
 
Well, we have run a lot of scanners checking for rootkits and viruses and none are found, I could be wrong but safeboot may be causing you problems, but if it was infected Combofix would have found it and tried to replace it, I am not clear exactly what you did with this file if you removed it and redownloaded it. I am going to have someone else take a peak and see if they see something I have missed, do you have your windows CD or the Recovery Disk that came with your computer ?

In the mean time run this free online virus scanner and lets see if it finds anything

I'd like us to scan your machine with ESET OnlineScan

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.


  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the
    esetOnline.png
    button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on
      esetSmartInstall.png
      to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the
      esetSmartInstallDesktopIcon.png
      icon on your desktop.
  4. Check
    esetAcceptTerms.png
  5. Click the
    esetStart.png
    button.
  6. Accept any security warnings from your browser.
  7. Check
    esetScanArchives.png
  8. Make sure that the option "Remove found threats" is Unchecked
  9. Push the Start button.
  10. ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  11. When the scan completes, push
    esetListThreats.png
  12. Push
    esetExport.png
    , and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  13. Push the
    esetBack.png
    button.
  14. Push
    esetFinish.png
Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Scanner.
 
Hi -
I ran it, but found no threats and it did not have a button that said 'list of threats' (maybe because it didn't find anything). It did not offer an option then to save a log or a text file.

Regarding your comments, I personally doubt it's 'safeboot' because as you recall I pulled a copy from a backup done the day before, and uploaded the file to that scan site that you suggested (virustotal). It did upload and said the file was clean.

That same site said the the 2 DOS2USB files were suspicious (https://www.virustotal.com/file/347...f6024e2b71f4d0502e146b0df753f55edd1/analysis/) - I wonder if I should contact DOS2USB and ask them to explain why their program file is showing as a virus.

More than likely though, from what I've read, I have a bad rootkit that has successfully buried itself in a system file. I read that when they do that, virus scanners can't see them.

But I do have one (obviously) -
- Google on firefox redirects my searches from the links.
- Once I am redirected, I cannot go 'back' ... all I can do is close the window.
- I cannot install a IE9 upgrade, nor ONE particular windows security update.
- IE8 is disabled, and almost useless.

This is more than just 'damaged' files ... otherwise firefox would not be redirecting.

Don't get me wrong, I appreciate your help. I'm just in awe of the expertise of these a-holes that write these things.

Albert
 
Good Morning Albert,

Just hang on a bit and let me get another set of eyes on this one. Be back as soon as I can
 
Give this a shot and lets see what it finds, I am also looking at a questionable entry for FF

Download RogueKiller to your desktop




Option 1 (SCAN)

In this mode, the program will only kill the infectious process and inform the user of the infected registry keys, but no changes shall be made. In this way you can safely generated report and post it
 
Great. All this did is add a bunch of weird icons (download free music, games) and 'un-unzip' program to my computer .. no scanner. I deleted what I could ... probably added a bunch of spywear.

....
 
The tools we use remove malware, they dont add it

Try this link
http://majorgeeks.com/RogueKiller_d6983.html

http://support.mozilla.org/en-US/kb/disable-or-remove-add-ons
Open Firefox and disable this add on
Performance Cache 1.0 addon



Open OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    Code: 
    :processes
killallprocesses

:OTL
[2009/07/13 19:11:12 | 000,004,804 | ---- | M] () (No name found) -- C:\Users\P Albert Comulada\AppData\Roaming\Mozilla\Firefox\Profiles\q1flcmy0.default\extensions\emdtjnkrru@emdtjnkrru.org.xpi


:Services

:Reg

:Files
ipconfig /flushdns /c


:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]
  • Then click the Run Fix button at the top. <--Not run Scan
  • Let the program run unhindered, reboot when it is done
  • Then post the results of the log it produces
  • Then rescan with OTL and post a new log please
 
Last edited:
You must log in or register to reply here.
Back
Top