Yahoo Messenger / Facebook Pic Virus Link

[jpenguinwi]

Log part 3
 deleted

[DavidR]

It is easier to attach the log file to the post if the log is a large one.

- When you click the Reply button, there is an Additional Options link, this expands the options to attach a file, that can be an image file or a text file (.log or .txt). Also see How to post an Image.

[jpenguinwi]

Ok here is the file.  Thanks for telling me to post the file rather than pasting.   Not sure what I was thinking...

[jpenguinwi]

Everytime I use search engine, I am redirected to bogus sites.  I can't pull up any of the links that a search produces.

[iRonzel]

Everytime I use search engine, I am redirected to bogus sites.  I can't pull up any of the links that a search produces.

Is posible that you have an infected BHO (Browser Helper Object) that cause the redirections. Try installing or change a new sarch engine. (Bing, Google, Yahoo, etc.)

[DavidR]

Ok here is the file.  Thanks for telling me to post the file rather than pasting.   Not sure what I was thinking...

Well much of this is low level stuff like mywebsearch, but it should be gotten rid of and a couple of more serious ones.

- Run MBAM again and this time when the scan is complete, all detections should have a check mark in the box to the left of the entry, leave them selected (or select if not selected). At the bottom of the window there is a button, Remove Selected, click that and the items will be removed.

[jpenguinwi]

I ran MBAM , it says there is no viruses.  I remember doing what you directed before, however I still have viruses.  When I use search engine it redirects to bogus website such as juggle.com

[jpenguinwi]

I believe I have finally resolved the being redirected issue.

I found help at this link    http://www.geekstogo.com/forum/topic/93888-google-redirect-virus-resolved/

Seems like I have wasted alot of time trying to use malware programs scans when if I only knew about the system restore turning on / off step listed at the link, I could have resolved this much sooner.  I realize I am old school regarding computers, I was trained on Lotus 123, basic, etc, so I am sure some people would have already known this.  When people mentioned restore before the only thing I thought of was restoring to a point and time.   Anyway, hopefully it is now resolved and if anyone else is being redirected when they are searching here is the fix for windows xp.

________________________________________


(Windows XP)
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

from the link   http://www.geekstogo.com/forum/topic/93888-google-redirect-virus-resolved/

[jpenguinwi]

I still have a problem with the browser redirect virus.

I bought Ad Aware Pro, which said it found things, and then says they are cleared, but the redirect is still happening.

I have attached the log.

[DavidR]

You really should have asked here before paying for adaware as personally I wouldn't give it hard disk space even for free. Looking at the log it looks like a slightly enhanced HiJackThis log and that is free, which really doesn't do much at all and many malware items can hide from that.

The scanners that we have mentioned before are al IMHO better than AdAware Pro and they have free versions.

I honestly don't know why you mentioned the clearing of system restore as those are inert and only a danger if you actually used system restore and restored something which was infected and none of your previous scans reported this ?

It is a general practice to disable system restore before cleaning malware, as its removal may end up being saved as an infected restore point, but it isn't an absolute requirement.

Not to mention the software recommendations are being made in a topic that is four and a half years old, so they really aren't current; 4 years ago adaware and spybot S&D were good but adaware hasn't kept pace, currently MBAM and SAS are the top two.

Going over your topic again I can't see if you ever downloaded and ran SAS as that has a new updated TDSS (a.k.a. Alureon) rootkit removal routine so I would try that as the rootkit could be hiding the redirect routine.

There is also:
GOOGLE.GOORED - Firefox popping up ads and or google search redirects.
Please download GooredFix and save it to your Desktop. - Double-click Goored.exe to run it.

[doc_up72]

If you don't click the link you should be okay. But I would block any further contacts from that name until they fix the problem on their computer. If you do have the virus make sure you turn off System Restore before you scan as this will delete any reboot hacktool that may be lingering in the restore volume. once you have removed all traces of the worm turn sys. rest. back on and create a new restore point immediately.
There are other posts that should be sufficient in telling you how to remove.
Good luck.

[jpenguinwi]

Here is the SAS log file.

It identified errors.  I let it do its thing, but I still have the redirect virus.

[DavidR]

Tracking cookies aren't a major security threat and the detections look fine, so hopefully that will go some way to protecting your privacy.

Have you downloaded and run gooredfix yet ?

[DavidR]

Try checking out this topic as there is a possibility that this is accompanied by a rootkit, TDSS hiding it, http://forum.avast.com/index.php?topic=62290.msg526280#msg526280. Follow the instructions for using TDSSKiller.

[jpenguinwi]

Here is the goored log.