13 ответов в этой теме

[treyster18]

I am having alot of trouble with this google redirect virus and I'm unsure what to do next. I have ran Spybot search and destroy, Malwarebyte's Anti-Malware, SUPERAntispyware and Dr Web along with a cpl other smaller ones, all of which turned up something but nothing has fully resolved this issue. it gets fixed momentarily but reverts right back to redirecting me to some random adware or spyware site etc.... Not a single anti virus prog I have ran has fixed the issue, Brighthub.com says running Win32/Olmarik removal tool by ESET should resolve the issue, but that does not work on windows vista 64 bit... Any help in fixing this matter would be greatly appreciated as its an extremely annoying virus lol

[drumut]

Hello,

Welcome to dr.web's forums.

I would like to help you about malware removal.

First i need the log files of MBAM (Malwarebytes) and HJT log and also with Dr.Web scanner log. Please attach them to your next post. After sending log files please don't do anything for cleaning malwares because removing any files can effect our malware removal process badly.

Сообщение было изменено drumut: 02 Декабрь 2010 - 09:00

[treyster18]

Hey, thank you so much for your offered help, it is greatly appreciated. Sorry for the delay in my replying, I did not think anyone was going to reply to this lol. I cannot figure out how to get a Dr Web log file but I do have log files from HJB and Malwarebyte. Dr web takes an EXTREMELY long time to run and really has not appeared to fix anything at all on either computer I've ran it on so I'm really confused with this program, it finds more virus' etc than any other program I've ran including spybot etc but it does not appear to fix or remove them?

Either way, Hopefully you can help me resolve this redirect virus as it's extremely annoying, every single time I try to search something in any search engine im redirected to an attack page or some random spyware site etc.

PS. the citrix app etc on the log files are supposed to be there, its a remote server I have to connect to etc

Прикрепленные файлы:

•  hijackthis___log.txt   6,84К   48 Скачано раз
•  mbam_log.txt   1,84К   51 Скачано раз

[drumut]

Download the HostsXpert

• Unzip HostsXpert
• Double click on HostsXpert.exe file and run the program as administrator
• Click on "File Handling".
• Click on "Restore MS Hosts File".
• Click OK on the Confirmation window.
• Click on "Make Read Only?" on HostsXpert main screen.
• Exit the program and reboot your computer.

Do another system scan with malwarebytes AM and HJT again and attach them to your next post. And tell about how your computer runs, any redirection?

[treyster18]

Still getting redirected, everything is appearing to be clean, no virus' or anything... no malware, adware, spyware progs are picking anything up, host files look fine now.. there was alot of different web sites and IP address's on there but not any more... I have attached the 2 log files you asked, in the HJT log file there are some files towards the bottom that do not appear legit, 3rd and 4th files from the bottom up, "Shadow Volume Copy" or something of that nature and the one under it? Any help is greatly appreciated, thank you very much =)

Прикрепленные файлы:

•  hijackthis22.txt   6,88К   41 Скачано раз
•  mbam_log2.txt   905байт   44 Скачано раз

[drumut]

Seems you have a cloaked malware which can be a TDSS variant. Dr.Web Cureit or LiveCD has ability to cure last variants of TDSS. Please run Cureit in paranoid mode or LiveCD from an USB or optical drive and send their logs in your next post.

[treyster18]

I ran Dr Web again, although, I cannot fully understand how to use this program or what all the other programs do, I think I am using it right and using it in the EPM I believe it's called but it has yet to turn up anything wrong. SUPER Anti spyware program turned up about 210 adware items last night and spybot search and destroy turned up 28, The host file still looks fine but I am still be redirected? The File logs etc say everything is ok, not a single thing wrong. Unsure what else to do?

[mrbelyash]

create log

http://people.drweb.com/people/yudin/dwsysinfo.exe

[treyster18]

Sorry forgot to include that.... thank you for the help =)

Прикрепленные файлы:

•  OWNER_PC_Owner_081210_012449.zip   4,77Мб   36 Скачано раз

[treyster18]

Anyone have any more suggestions or ideas on this subject? I am still being redirected and it's extremely annoying lol =(

[drumut]

Would you like to try hitmanpro? It also uses dr.web engine and database with other security softwares and 30 day fully functional trial available.

[Aleksandra]

Check your system with TDSS Remover: http://www.esagelab.com/files/tdss_remover_latest.rar

[treyster18]

Neither of those programs have resolved this issue =( .... I have no clue what else to do, I mean, this IS the correct virus isn't it? Whenever I go to google or bing (only) and search for something, when I open the page it says "Redirect" briefly then takes me to some ad page or something. It does not do this on Yahoo or other browsers though.

[Aleksandra]

Read these articles:

http://secure-computer-solutions.com/blog/...p_your_mbr.html

http://helpdeskgeek.com/how-to/fix-mbr-xp-vista/