Google virus, NOT redirect virus. PLEASE HELP!

[DavidR]

Don't worry about the suspicious files which the .sys.mui ones we feel are due to an overly sensitive heuristics, seeing the double file extension; an old trick used to try and hide what the true file extension/purpose is.

The C:\Windows\System32\drivers\wimmount.sys we suspect is a false positive.

####
I think there is definitely something there but probably not an MBR Rootkit as aswMBR is reporting a Windows 7 default MBR code. But it is showing an Unknown hook. So this may be a TDL rootkit.

However, you may want wait for instructions form essexboy on how to proceed.

I think Essxeboy may well recommend that you run TDSSKiller to see if that can deal with it, but he may not be back on-line until tomorrow evening as it is now 11:57pm in the UK and he has to be up for work tomorrow.

~~~~
I leave the choice up to you if you wish to wait:

Please read carefully and follow these steps. 

• Download TDSSKiller and save it to your Desktop.
  
• Extract its contents to your desktop.
• Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
   
   
  
   
   
  
• If an infected file is detected, the default action will be Cure, click on Continue.
   
  
   
   
  
• If a suspicious file is detected, the default action will be Skip, click on Continue.
   
  
   
   
  
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
   
  
   
   
  
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  

[essexboy]

**Snap** 


Looks like it is an older variant - on completion of this run can you let me know what problems remain

Please read carefully and follow these steps.  

• Download TDSSKiller and save it to your Desktop.
  
• Extract its contents to your desktop.
• Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
   
   
  
   
   
  
• If an infected file is detected, the default action will be Cure, click on Continue.
   
   
  
   
   
  
• If a suspicious file is detected, the default action will be Skip, click on Continue.
   
   
  
   
   
  
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
   
   
  
   
   
  
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  

[WhyIsThisHappeningToMe]

TDSSKiller only found suspicious file, none infected.
so am I safe now?

[essexboy]

Bear with me just rechecking the logs

[WhyIsThisHappeningToMe]

Ok thanks. 

[essexboy]

Could you go to virustotal and within the browse box at the top locate the mbr.dat file on your desktop and upload that please

http://www.virustotal.com/

Could you then post the result

[WhyIsThisHappeningToMe]

http://www.virustotal.com/file-scan/report.html?id=4afd954989067ffc6ffc2f3ba21ada07b2f66f2fb04b76d7678094baf47726fd-1310590951

heres the page

[essexboy]

Do you use a router ?  And do any other computers using it suffer from redirects as well ?

Download MBRCheck.exe to your Desktop. Run the application.
 
If no infection is found, it will produce a report on the desktop. Post that report in your next reply.
 
If an infection is found, you will be presented with the following dialog:
 

Enter 'Y' and hit ENTER for more options, or 'N' to exit: 

 
Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.

[WhyIsThisHappeningToMe]

Do you use a router ?  And do any other computers using it suffer from redirects as well ?

Download MBRCheck.exe to your Desktop. Run the application.
 
If no infection is found, it will produce a report on the desktop. Post that report in your next reply.
 
If an infection is found, you will be presented with the following dialog:
 

Enter 'Y' and hit ENTER for more options, or 'N' to exit: 

 
Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.

I think you misunderstand, my problem is not redirect, its that when ever I search stuff on google, avast says  theres a virus on everything from images.
Yes I do use a router and no none of my computers have a redirect problem.

[essexboy]

Is it still doing that - sorry I have redirects on the brain at the moment

[WhyIsThisHappeningToMe]

Is it still doing that - sorry I have redirects on the brain at the moment

Right now its not, but its really weird, sometimes it will show up and others it will be working fine.

[essexboy]

Well there is no malware on the system - so I would think that some of the images you are trying to view have been poisoned..  Especially as it is erratic

Could you let me know next time it happens and give the link to the page (broken please )

[kubecj]

Have you checked your hosts file?
Usually in c:\windows\system32\drivers\etc\
Are there any google-like records?

How does the mentioned google site resolve to you?
Ie. open cmd, and run command
nslookup XXX
where XXX is the site making you the problems.

[essexboy]

Host file is empty according to OTS

[WhyIsThisHappeningToMe]

this is such irritating, I am 1000% sure this is not a virus, but an error.
I've had viruses before and usually there would be symptoms like my PC acting up but so far there is no sign of a virus

its like one day i'll search something and everything will be fine, and the next I'd search something and avast keeps telling me malicious malware was found.
edit: I've realized this will stop at any time.. because it just did.
edit2: okay, Ive realized that this doesnt just stop, it seems to be that when ever I search something new that I havent searched before the warning shows up, and if I refresh the page, it doesnt show up anymore, and if I scroll down and new images load the warning shows up again

http://www.google.com/search?hl=en&q=hmm&gs_sm=e&gs_upl=9530l9763l0l9932l3l2l0l0l0l0l130l218l1.1l2&bav=on.2,or.r_gc.r_pw.&biw=1920&bih=979&um=1&ie=UTF-8&tbm=isch&source=og&sa=N&tab=wi

heres the search link