Avast WEBforum

Other => Viruses and worms => Topic started by: Mascot on July 11, 2011, 09:45:17 AM

Title: Gogle redirect 64.111.211.158
Post by: Mascot on July 11, 2011, 09:45:17 AM
Hello
It looks as if I caught the Google redirection virus so after reading lots of topics I have my report from OTS (attached). Please help me  :)
Title: Re: Gogle redirect 64.111.211.158
Post by: Left123 on July 11, 2011, 11:20:16 AM
awMBR usually helps in taht kind of situations.

Download aswMBR from here http://public.avast.com/~gmerek/aswMBR.htm
1)Double click the aswMBR.exe to run it
2)Click the [Scan] button to start scan
3)On completion of the scan click [Save log], save it to your desktop and post in your next reply

4)Post the log

If this doesn't work,i'll let Essexboy do the job since i am not familiarized with OTS.
Title: Re: Gogle redirect 64.111.211.158
Post by: Mascot on July 11, 2011, 11:33:13 AM
Thank you for trying to help me  :)

This is the log

Title: Re: Gogle redirect 64.111.211.158
Post by: Left123 on July 11, 2011, 11:42:31 AM
Your log looks clean.

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

If an infected file is detected, the default action will be Cure, click on Continue.

If a suspicious file is detected, the default action will be Skip, click on Continue.

It may ask you to reboot the computer to complete the process. Click on Reboot Now.


If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

P.S:If you are having problems following these steps,just have a look at Essex's reply#3 here http://forum.avast.com/index.php?topic=81390.0
Title: Re: Gogle redirect 64.111.211.158
Post by: Mascot on July 11, 2011, 11:49:59 AM
The problem is that I can't open the application
Title: Re: Gogle redirect 64.111.211.158
Post by: Left123 on July 11, 2011, 11:54:13 AM
The problem is that I can't open the application
Why?Are you getting any error?Could you explain  more?
Title: Re: Gogle redirect 64.111.211.158
Post by: Mascot on July 11, 2011, 11:55:55 AM
Yes of course, actually I follow the steps, I doubleclick on the application but nothing happens
Title: Re: Gogle redirect 64.111.211.158
Post by: Left123 on July 11, 2011, 11:58:36 AM
Yes of course, actually I follow the steps, I doubleclick on the application but nothing happens
OK.Start windows in safe mode,and follow the same steps.
How to start windows in safe mode? Follow this link to learn how>http://www.pchell.com/support/safemode.shtml
Title: Re: Gogle redirect 64.111.211.158
Post by: Mascot on July 11, 2011, 12:11:57 PM
Nothing happens in safe mode  :(
Title: Re: Gogle redirect 64.111.211.158
Post by: Left123 on July 11, 2011, 12:17:32 PM
Nothing happens in safe mode  :(
Argh.!
I am sorry,but i can't help you anymore as i am not familiarized with OTS.Essexboy will help you to remove this virus,he's notified.
Come back in 4-5 hours or so since he's offline now.
Title: Re: Gogle redirect 64.111.211.158
Post by: Left123 on July 11, 2011, 12:22:16 PM
Did you save TDSSkiller.exe to your dekstop?
Have a look at Boopme's post here,it might be really really useful http://www.bleepingcomputer.com/forums/topic372491.html .
Let me know if it helps.
Title: Re: Gogle redirect 64.111.211.158
Post by: Mascot on July 11, 2011, 12:36:49 PM
Unfortunetly it doesn't work  :(
Title: Re: Gogle redirect 64.111.211.158
Post by: Left123 on July 11, 2011, 01:01:15 PM
Unfortunetly it doesn't work  :(
Wait for essexboy please.
Title: Re: Gogle redirect 64.111.211.158
Post by: Mascot on July 11, 2011, 01:02:42 PM
Oki no problem :)
Title: Re: Gogle redirect 64.111.211.158
Post by: essexboy on July 11, 2011, 08:36:53 PM
Hi there, there is a possibility you have the new variant of TDL, and at the moment we are feeling our way around a cure 

Re-Run aswMBR 
 
Click Scan
 
On completion of the scan
 
Click the  FIXMBR Button
 
(http://public.avast.com/~gmerek/aswMBR4.png)
 
 
Save the log as before and post in your next reply