Avast WEBforum
Other => Viruses and worms => Topic started by: michaelga67 on July 22, 2011, 03:28:29 PM
-
hi i have this google redirecting me bug as well here is my ots file hope someone can help is there anything else i should post
-
sorry here is my aswmbr log as well which i see some people post
-
Could you save the OTS log as ANSI please and then re-attach
(http://i1224.photobucket.com/albums/ee362/Essexboy3/Untitled.gif)
-
here is file requested
-
This could be an easy one ;D
Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.
[Unregister Dlls]
[Registry - Safe List]
< HOSTS File > ([2011/01/07 23:14:18 | 000,002,023 | RHS- | M] - 81 lines) -> C:\WINDOWS\system32\drivers\etc\hosts
YN -> Reset Hosts ->
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YN -> "{D4027C7F-154A-4066-A1AD-4243D8127440}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{D4027C7F-154A-4066-A1AD-4243D8127440}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]
[Custom Items]
:files
ipconfig /flushdns /c
:end
The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here
I will review the information when it comes back in.
Depending on what the fix contains, this process may take some time and your desktop icons might disappear or other uncommon behavior may occur.
This is no sign of malfunction, do not panic!
-
copied and pasted / did i do this rightran fix and then it asked me too reboot but i got no notepad info
-
just did a web search to see but it is still redirecting me :( :(
-
OK lets up the ante a bit
Download and Install Combofix
Download ComboFix from one of the following locations:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here (http://"http://forums.whatthetech.com/How_Disable_your_Security_Programs_t96260.html&pid=494216#entry494216")
- Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
(http://img.photobucket.com/albums/v706/ried7/RC1.png)
- Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
(http://img.photobucket.com/albums/v706/ried7/RC2-1.png)
- Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
-
ok saved to desktop opened and it says i have microsoft security essentials running but i deleted this ages ago how is this poss and how do i get read of it or turn it off as it says it can cause damage if i do not sorry i am not very good at all this thanks for your patients
-
It could just be registry entry remnants. How did you remove MSE, you said deleted, which should be uninstalled, is that what you meant ?
Have you any entries in the task manager for Microsoft Security Essentials (I haven't a clue what they would be called, never used it).
You can also check the services and see if there is a service running, press the Windows Button + the R key and type services.msc and click the OK button.
If you find anything in either task manager or services.msc for Microsoft Security Essentials then end the task or stop the service.
-
hi thanks for the replay yes i mean i uninstalled it using revo uninstaller and then ran cc cleaner i am going on holidays today so i will have to pick this up again when i com back next week and see if i can fix all this mess
-
Accept the combofix warning and then run, it will cause no harm
-
ok so holiday over back to try and fix this i will run it and report back
-
ok so i ran the fix and the computer flashed up a blue screen with loads of writing on it to fast for me to see what it said and then it rebooted i could not find a log file bug still there if no development soon i think i will format
-
As it has been nine days, and since then I have seen some more varied malware could you run a fresh OTS scan please
-
ok so one last go and i got combofix too run i re downloaded it got it to run and i got a log file this time i attach my results below
-
Could you now check for redirects please
-
ran 25/30 searches last night and so far all ok i noticed firefox alsow appears to open quicker now when i click oh it so hears hoping ill keep u posted in the meantime a big thanks and much respect for all your help :D ;D ;D
-
If you are still happy tomorrow I will remove my tools
-
all seams well again all searches so far coming up clean again thanks till the next time bye 4 now
-
Subject to no further problems :)
I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems
Now the best part of the day ----- Your log now appears clean :thumbsup:
A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:
Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.
[Unregister Dlls]
[Custom Items]
:Files
ipconfig /flushdns /c
:end
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]
Uninstall ComboFix
Remove Combofix now that we're done with it.
- Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
- Now copy/paste this: ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /Uninstall, it needs to be there.
[indent](http://i275.photobucket.com/albums/jj285/Bleeping/Combofix/CFuninstall.gif)[/indent] - Please follow the prompts to uninstall Combofix.
- This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.
- You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.
Run OTS and hit the cleanup button. It will remove all the programmes we have used plus itself.
We will now confirm that your hidden files are set to that, as some of the tools I use will change that
- Click Start.
- Open My Computer.
- Select the Tools menu and click Folder Options.
- Select the View Tab.
- Under the Hidden files and folders heading select Do not show hidden files and folders.
- Click Yes to confirm.
- Click OK.
(http://users.telenet.be/bluepatchy/miekiemoes/images/javaicon.gif) Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application.
Upgrading Java:
- Go to this site (http://java.com/en/) and click Do I have Java
- It will check your current version and then offer to update to the latest version
SPRING CLEAN
Download and run Puran Disc Defragmenter (http://www.puransoftware.com/Puran-Defrag-Download.html)
For the first run I would recommend a boot defrag and disk check
(http://i1224.photobucket.com/albums/ee362/Essexboy3/Puran-1.gif)
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
(http://img233.imageshack.us/img233/7729/mbamicontw5.gif) Malwarebytes (http://www.malwarebytes.org/mbam-download.php). Update and run weekly to keep your system clean
Download and install FileHippo update checker (http://www.filehippo.com/updatechecker/) and run it monthly it will show you which programmes on your system need updating and give a download link
It is critical to have both a firewall and anti virus to protect your system and to keep them updated.
To keep your operating system up to date visit - Microsoft Windows Update (http://windowsupdate.microsoft.com)
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ? (http://www.geekstogo.com/forum/topic/225044-preventing-malware-and-safe-computing/)
Keep safe :wave:
-
thanks 8)