239 replies to this topic

[SweetTech]

Hi Marcelo!

Please take a look at this thread here: http://www.geekstogo...cleaning-guide/ and then create a new thread with the OTL logs in the Virus, Spyware, Malware Removal.

One of our Malware helpers will take a look at your OTL logs, and advise you on what the next step to take should be.

Kindest Regards,
SweetTech

[cgileslie]

I fought with this issue for almost a week and thought I was going to lose my mind! I even took my laptop to my MIS department at work. They ran Malwarebyte's Antimalware and found some infected files, deleted them, and we thought I was good to go. However, when I got home, the redirect came back. I stumbled across you guys' website while I was desparately searching for some sort of fix before I had a nervous breakdown. I followed the simple instructions and I have been redirect-free since late Friday night. You guys rock!! Thank you!!!

[loganfield]

Followed your guide...been working so far. Thanks so much for the help guys! Vicious little virus/malware.... you guys rock! Spank those hackers down!!!!

[llustig]

I am having trouble getting any of these programs you say to use to get rid of teh virus. I went on the chat and someone named lurch helped me. He told me to post here and get some help.

Please help me! I'm desperate!

[Dakeyras]

I am having trouble getting any of these programs you say to use to get rid of teh virus. I went on the chat and someone named lurch helped me. He told me to post here and get some help.

Please help me! I'm desperate!

Please take a look at this topic: Malware and Spyware Cleaning Guide and then create a new thread with the OTL logs in the Virus, Spyware, Malware Removal.

One of our Malware helpers will take a look at your OTL logs, and advise you on what the next step to take should be.

[ShannonL73]

Okay, I've done all the steps and nothing was found. Now, instead of redirecting, google just keeps reloading the search page after I've clicked a link. I usually have to click the link three or four times before it will load the page. If I right click and open in another tab, it just loads the same google search page again. Frustrating!!

[Dakeyras]

Please go to the malware forum and follow the instructions at the top....Especially the CLICK HERE.

That will give you several steps that will help you clean up 70 percent of all problems by yourself. If at the end of the process you are still having difficulty--and you may not be-- then post an OTListIt log in THAT forum.

[cbm2279]

This fix isn't working for me. I have to download the programs on my laptop to my flash drive and then install them on my desktop. I have done everything and it's still not detecting. When I try to rerun tdsskiller I receive an error stating I do not have permission to access the program. HELP!!! I'm about to crash my system instead

[Dakeyras]

Please go to the malware forum and follow the instructions at the top....Especially the CLICK HERE.

That will give you several steps that will help you clean up 70 percent of all problems by yourself. If at the end of the process you are still having difficulty--and you may not be-- then post an OTListIt log in THAT forum.

[skarkalark]

I followed your steps and it didn't work for me :/ Still being redirected from any search engine on any browser I use. Please help! Here are my logs if they help any:


OTM:


All processes killed
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Rachel\Desktop\cmd.bat deleted successfully.
C:\Users\Rachel\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56468 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Rachel
->Temp folder emptied: 6268845322 bytes
->Temporary Internet Files folder emptied: 319002026 bytes
->Java cache emptied: 71962801 bytes
->FireFox cache emptied: 162581213 bytes
->Google Chrome cache emptied: 93337107 bytes
->Apple Safari cache emptied: 6645760 bytes
->Flash cache emptied: 71438 bytes

User: TEMP

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 170034155 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 92270858 bytes
RecycleBin emptied: 21276344879 bytes

Total Files Cleaned = 27,143.00 mb

Restore point Set: OTM Restore Point

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: Rachel
->Flash cache emptied: 0 bytes

User: TEMP

Total Flash Files Cleaned = 0.00 mb


OTM by OldTimer - Version 3.1.19.0 log created on 11272011_153021

Files moved on Reboot...
C:\Users\Rachel\AppData\Local\Temp\Low\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb moved successfully.
C:\Users\Rachel\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Rachel\AppData\Local\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb moved successfully.
C:\Users\Rachel\AppData\Local\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D12}.tlb moved successfully.
C:\Users\Rachel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QS5ZZO1S\267407-how-to-fix-google-redirects[1].htm moved successfully.
C:\Users\Rachel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OGOESJMI\fastbutton[1].htm moved successfully.
C:\Users\Rachel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
File move failed. C:\Windows\temp\Pharos\UpdaterLog.txt scheduled to be moved on reboot.
C:\Windows\temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Windows\temp\FXSTIFFDebugLogFile.txt moved successfully.
C:\Windows\temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb moved successfully.
C:\Windows\temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D12}.tlb moved successfully.

Registry entries deleted on Reboot...



GOORED:



GooredFix by jpshortstuff (03.07.10.1)
Log created at 17:47 on 27/11/2011 (Rachel)
Firefox version 8.0.1 (en-US)

========== GooredScan ==========

(none)
Removing Orphan:
"{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\" -> Success!

========== GooredLog ==========

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [04:44 23/04/2011]

C:\Users\Rachel\Application Data\Mozilla\Firefox\Profiles\61dalged.default\extensions\
(none)

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
(none)

-=E.O.F=-






Once I got to the next step, no threats were detected, but my search engines are still being redirected.

Any help would be MUCH appreciated! I believe in youuuuu!!!


Many thanks

-Rachel

Edited by skarkalark, 29 November 2011 - 01:59 AM.

[godawgs]

Hi Rachel and

Sorry for your problems. If you had the Goored infection it should have shown up in the GooredFix log and I didn't see it. The next step was to download and run "TDSSKiller" to look for rootkits.
If you don't feel comfortable doing this please follow Rorschach 112's direction under the TDSS step. It was:

"The infection should hopefully be removed after these steps. If this is not the case, please go to the Virus Removal forum here and follow the steps in this thread here" (Click on the words in red)

One of the staff members in the Virus Removal forum will be happy to help you. In your post in the Virus Removal forum, please include a link back to your post here so the staff member can see what you have already done. (S)He will also combine the two threads so there won't be a duplication of efforts.

You didn't mention it in your post, but if you didn't download and install ERUNT, please do so before you post in the Virus Removal forum and tell them that it has been installed.

Good luck.

Edited by godawgs, 29 November 2011 - 09:37 AM.

[adoreclaire]

So I have tried all these instructions, but after I download TDSSKiller, it will not open. I have Windows Vista, and it asks me am I sure I want to open, I say yes, and nothing happens. What should I do at this point?

[Dakeyras]

Please go to the malware forum and follow the instructions at the top....Especially the CLICK HERE.

That will give you several steps that will help you clean up 70 percent of all problems by yourself. If at the end of the process you are still having difficulty--and you may not be-- then post an OTListIt log in THAT forum.

[Eee PC 58]

I tried this on two computers and it fixed neither of them one of them does not work at all now, not sure just what happened but I am thinking I will need a new unit now. Not saying its anyone's fault but it does not always work. there is one step when using OTM that I am not totally sure what it was wanting. (copy everything in the results window to the clipboard and past it in your next reply) well this is my next reply so here it is.
All processes killed
Error: Unable to interpret <Files> in the current context!
Error: Unable to interpret <ipconfig /flushdns /c> in the current context!
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 208896 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: All Users

User: David
->Temp folder emptied: 449623257 bytes
->Temporary Internet Files folder emptied: 48711487 bytes
->Java cache emptied: 16080 bytes
->FireFox cache emptied: 80923863 bytes
->Google Chrome cache emptied: 8061728 bytes
->Flash cache emptied: 8128091 bytes

User: david B
->Temp folder emptied: 2861325 bytes
->Temporary Internet Files folder emptied: 180356 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 2890079 bytes

User: Default User
->Temp folder emptied: 208896 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 251885 bytes

User: NetworkService
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19672 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2514034984 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 140477306 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 11600194 bytes

Total Files Cleaned = 3,117.00 mb

Restore point Set: OTM Restore Point (0)

[EMPTYFLASH]

User: Administrator

User: All Users

User: David
->Flash cache emptied: 0 bytes

User: david B

User: Default User

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


OTM by OldTimer - Version 3.1.19.0 log created on 12222011_014247

Files moved on Reboot...
File C:\Documents and Settings\David\Local Settings\Temp\jar_cache2871997249440452713.tmp not found!
File C:\Documents and Settings\David\Local Settings\Temp\jar_cache9200880368091531059.tmp not found!
C:\WINDOWS\temp\Perflib_Perfdata_850.dat moved successfully.

Registry entries deleted on Reboot...

[sari]

Please go to the malware forum and follow the instructions at the top....Especially the CLICK HERE.

That will give you several steps that will help you clean up 70 percent of all problems by yourself. If at the end of the process you are still having difficulty--and you may not be-- then post an OTListIt log in THAT forum.