Redirecting virus unable to locate

[mw307]

Hello new to here I hope I am doing this right, I keep getting redirected I have reinstalled windows formatting the CPU 4 times and that will not rid me of this thing, is it possible to have my router infected? I have Avast free edition and it detects nothing, I also have Malwarebytes and it detects nothing, my son-in-law thinks I have what he called the googleanayictal virus but nothing is detected yes I get redirected. I have 3 CPUs that are doing the same thing 2 wireless connections and this one on a cable.

M Will

[mw307]

Here is freefixer log

[essexboy]

Hi lets have a look see - and yes it is possible that the router is infected

GMER Rootkit Scanner - Download - Homepage

• Download GMER
• Extract the contents of the zipped file to desktop.
• Double click GMER.exe.

• If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
  
• In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
  • IAT/EAT
  • Drives/Partition other than Systemdrive (typically C:\)
  • Show All (don't miss this one)
  
  Click the image to enlarge it
  

• Then click the Scan button & wait for it to finish.
• Once done click on the [Save..] button, and in the File name area, type in "ark.txt" 
  
• Save the log where you can easily find it, such as your desktop.

**Caution**Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Please copy and paste the report into your Post.

THEN

Download OTL  to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Select Scan all users
  
• Under the Custom Scan box paste this in

netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Post both logs

[mw307]

to big to include in 1 post

[mw307]

ok got it this time

[essexboy]

Two system files have recently been modified which would suggest TDSS

Download ComboFix from one of these locations:


Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
• Double click on ComboFix.exe & follow the prompts.

When finished, it shall produce a log for you.  Please include the C:\ComboFix.txt in your next reply.

[mw307]

combofix log and as I was getting ready to attach it to this post I had it open a new page to google

[mw307]

Still being redirected I am not sure if it is gone from CPU and is in my router or still hiding in my CPU

[essexboy]

Prior to doing this you will need to confirm with your ISP as to whether there are any special settings that your router needs to connect

You need reset the router to its default configuration. This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).

Let me know if that cures it, but it may mean that one of the other computers has the infection.  In which case run MBAM on all other computers whilst they are disconnected from the router and do not allow them to connect again until the router has been reset

[mw307]

Just wanted to say THANK YOU for all your assistance.

[essexboy]

Fixed ?

[mw307]

What stopped it was resetting both the router and the wireless access point, I finished updating and have not been redirected since, avast has stopped a few threats I am happy, again thank you.