I think I have a google redirect virus

[flodefence]

Avast was detecting some malware on my computer and I removed it with Malwarebytes, but when I restarted, I still had a google redirect virus. I'm not sure on what I should do now. How do I get rid of it? Does it have a major effect on your computer (e.g. steal information, delete or infect files)? Any help would be very appreciated. Thanks.

[magna86]

Hi...

Download DDS and save it to your Desktop from here:
http://download.bleepingcomputer.com/sUBs/dds.scr

Double click dds.scr to run the tool.

    * When done, DDS will open two (2) logs:
         1. DDS.txt
         2. Attach.txt

Save both reports to your desktop. Attach DDS.txt & Attach.txt back to topic.

[flodefence]

Okay, here you go.

[magna86]

Ok,before we continue removal run this tool.

Download aswMBR to your desktop.

• Double click the aswMBR icon to run it.
• Vista and Windows 7 users right click the icon and choose "Run as administrator".
• Click the Scan button to start scan.
  
• When it finishes, press the Save log button, save the logfile to your desktop and post its contents in your next reply.

[flodefence]

Here.

[magna86]

Ok,let's go


> Download ComboFix from here and save it to your Desktop.
If you are unsure how ComboFix works please read this guide carefully.
note: ComboFix must be downloaded to your Desktop.

> Temporarily disable your AntiVirus program.
If you are unsure how to do this please read this Instruction.


Start >> Run

Code: [Select]

"%userprofile%\desktop\combofix.exe" /killall
Enter


> This will Run ComboFix.
ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
ComboFix will display DISCLAIMER OF WARRANTY ON SOFTWARE.
Click Yes to allow ComboFix to continue.
If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.

> When the tool is finished, it will produce a log report for you. (typical location: C:\ComboFix.txt )
  Attach log reports ( ComboFix.txt) back to topic.

[flodefence]

Okay, here it is.

[yongsua]

http://www.geekstogo.com/forum/topic/267407-how-to-fix-google-redirects/ Just suggestion.

[magna86]

@flodefence

Re-run Combofix. When the tool is finished attach here fresh log.

Tell me do you have a problem now?

[flodefence]

Yeah, I tried running TDSSKiller, but it didn't pick anything up. :S

[magna86]

If you run TDSSKiller then paste here log to see it. 

You may locate log on root C:
C:\TDSSKiller_version_DD.MM.GG_HH.MM.SS.txt

Please,re run ComboFix tool. I have something to check in CF log...

[flodefence]

Okay, here's the combo-fix and TDSSKiller logs.

[magna86]

• In notepad click on File and then on Save as
  
• In the Save as window select any convenient folder to save in
  
• At the bottom of the Save as window make sure code ANSI is selected
  
• At the very bottom of the Save as window click on Save
  

Then attach log here ... >>  or just paste TDSSKiller log here 

.......................

Open notepad and copy/paste the text present inside the code box below:

Code: [Select]

DeQuarantine::
C:\Qoobox\Quarantine\C\program files\Hotspot Shield\HssIE\HsSIe.dll.vir
Quit::

Save this as CFScript.txt.



Close all browser windows and refering to the picture above.

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will will re-run. When finished, it will produce a log for you.
Attach the contents of the log in your next reply. (typical location: C:\ComboFix.txt )




And tell me do you have a problem now?

[flodefence]

Okay, here they are.

I don't seem to have a problem anymore, but I couldn't access the internet for a while. It happened twice right after doing the Combofix scan. The first time, I fixed up the proxy settings and it worked, the second time, I needed to restart my computer to fix it.

[magna86]

Ok,it is necessary to you uninstall Combofix.

Start >> Run

Combofix /Uninstall

Enter. Then do the following

Open Notepad and Copy/Paste everything from the Code box into Notepad:

Code: [Select]

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="\"C:\\Program Files\\Alwil Software\\Avast5\\avastUI.exe\" /nogui"


    * Go to File > Save As
    * Save File name as nogui.reg
    * Change Save as Type to All Files and save the file to your Desktop
    * double-click nogui.reg on your Desktop
    * When it asks if you want to merge the info to the registry, hit YES/OK
      Reboot computer