Author Topic: Google Redirect Virus  (Read 13241 times)

0 Members and 1 Guest are viewing this topic.

Knightspeed

  • Guest
Re: Google Redirect Virus
« Reply #30 on: October 15, 2011, 10:57:14 PM »
"ThAnk U essexboy" ...
I will adhere 2 all of U're recommendations & instructions.
my utmost gratitude 2 U ... Thank U so very much ...
« Last Edit: October 23, 2011, 02:29:27 AM by Knightspeed »

YoKenny

  • Guest
Re: Google Redirect Virus
« Reply #31 on: October 15, 2011, 11:15:11 PM »
Now that you have 20 posts you could go to PROFILE then Modify Profile then update your Signature: with information like my signature as this helps the helpers offer pertinent advice.
« Last Edit: October 15, 2011, 11:16:50 PM by YoKenny »

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37527
  • Not a avast user
Re: Google Redirect Virus
« Reply #32 on: October 15, 2011, 11:40:25 PM »
also your text would be much easier to read if you used standard black...   

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89015
  • No support PMs thanks
Re: Google Redirect Virus
« Reply #33 on: October 15, 2011, 11:43:20 PM »
also your text would be much easier to read if you used standard black...   

Would probably take a lot less time to compile the post too ;D
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.3.6108 (build 24.3.8975.762) UI 1.0.801/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

BankofMonteCarlo

  • Guest
Re: Google Redirect Virus
« Reply #34 on: October 16, 2011, 12:32:38 AM »
Google Redirect Virus ... how can i remove it from my WindowsXP PC ... please help ...

Hi everyone,

I was Googling a picture for a friends birthday to post on their Facebook wall and as I clicked on A pic, "Avast" advised threat detected, Trojan Worm (I'm not computer savvie at all so please respond in basic computer jargon)!

What does this mean and how do I check pics before clicking on them... thankfully Avast picked this threat up and I opted out of images :)

Anyone advise/help please?

Adam in Australia

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89015
  • No support PMs thanks
Re: Google Redirect Virus
« Reply #35 on: October 16, 2011, 12:48:54 AM »
Whilst not entirely related to the original topic and we don't like to stray to wide or the topic gets confused.

It is not unusual to get images that links, etc. have been hacked when doing a google image search. This is a common tactic of malware writers, in the same way they hack sites. You shouldn't have to do anything special, before clicking the image, hover over it and see what link shows up on the browser status bar. Other than that I let avast take care of that sort of issue.

If you feel you need any other information, you can create a new topic and we will try and help.

Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.3.6108 (build 24.3.8975.762) UI 1.0.801/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Knightspeed

  • Guest
Re: Google Redirect Virus
« Reply #36 on: October 19, 2011, 02:14:31 PM »
looks like i still have it ...
i went to : Google/ images/ j lo ...
and all hell broke lose ... i was bombarded with
multiple sites trying to open ...

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89015
  • No support PMs thanks
Re: Google Redirect Virus
« Reply #37 on: October 19, 2011, 04:49:17 PM »
Well this may well be different as google image searches are a bit of a minefield; there are many hacked images, places were they use the legit image to display it but the URL if you happen to click on it is crafted to go to a malicious site.

Generally I don't use the google image search, but when I do, I hover the mouse pointer over the image and check the URL to see where it is going or it is very long with other stuff in there other than the URL.

Going over your previous posts, I don't see if this was using the standard google search and not the google image search ?

If the same then you are going to have to repeat the process of downloading, running the same tools and 'attaching' the same logs.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.3.6108 (build 24.3.8975.762) UI 1.0.801/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Knightspeed

  • Guest
Re: Google Redirect Virus
« Reply #38 on: October 22, 2011, 11:12:40 PM »
new scan

Knightspeed

  • Guest
Re: Google Redirect Virus
« Reply #39 on: October 22, 2011, 11:29:14 PM »
OTL.Txt

Knightspeed

  • Guest
Re: Google Redirect Virus
« Reply #40 on: October 22, 2011, 11:34:31 PM »
 the scan did not create an Extras.Txt log  ???

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Google Redirect Virus
« Reply #41 on: October 23, 2011, 02:15:49 PM »
The logs look clean - mayhap Avast stopped it installing... Always be carefull of the image search on Google as there is lots of malware there

Clear all the temp files using TFC.

Are you experiencing any problems

 Clear Cache/Temp Files
Download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.  Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Knightspeed

  • Guest
Re: Google Redirect Virus
« Reply #42 on: October 23, 2011, 03:37:16 PM »
My personal opinion is that registry cleaners are more trouble than they are worth and I would never recommend using them

Subject to no further problems   :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems 

Now the best part of the day ----- Your log now appears clean  :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset  System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Quote
    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
     [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
Remove ComboFix
  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • In the Run box, type in ComboFix /Uninstall
     (Notice the space between the "x" and "/")
    then click OK



  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled
Run OTL and hit the cleanup button.  It will remove all the programmes we have used plus itself. 

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.
   Your Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

 Upgrading Java:
  • Go to this site  and click Do I have Java
  • It will check your current version and then offer to update to the latest version
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit To learn more about how to protect yourself while on the internet read our little guide  How did I get infected in the first place ?Keep safe  :wave:

then all hell broke loose
my screen when blue
Problem has been detected
IRQL_NOT_LESS_OR_EQUAL
Dump of physical memory
pc rebooted
then ...
Microsoft Windows
The system has recovered from a serious error

Microsoft Windows
Error signature
BCCode : a     BCP1 : 0000FFDF     BCP2 : 00000002     BCP3 : 00000001     
BCP4 : 806E7A8E     OSVer : 5_1_2600     SP : 3_0     Product : 256_1   

Error Report Contents
The following files will be included in this report
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WER7c98.dir00\Mini102311-02.dmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WER7c98.dir00\sysdata.xml
now there are 10 ghosted-out entrys in my Data folder
here is the screen shot

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Google Redirect Virus
« Reply #43 on: October 23, 2011, 03:48:36 PM »
Could you upload this minidump to media fire please and I will check it out C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WER7c98.dir00\Mini102311-02.dmp

At what stage did all hell break loose ?

Knightspeed

  • Guest
Re: Google Redirect Virus
« Reply #44 on: October 23, 2011, 03:53:26 PM »
as soon as i hit 'Run Fix'
Run OTL
•Under the Custom Scans/Fixes box at the bottom, paste in the following

Quote
:Commands
[resethosts]
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
 [Reboot]
•Then click the Run Fix button at the top

•Let the program run unhindered, reboot the PC when it is done