Remove google redirect virus combofix

Thanks in advance! Sorry, I can't help you with that ghost file. Obviously if the person who created it won't help, it's either not there or he wants more money! So I went ahead and reformatted. I did a scan with the eset online scanner and didn't find anything - hopefully that's a good enough sign.

Just for future reference though, would it be a good idea to use the eset online scanner to do a full system scan every once in a while? Since I noticed that it seems to pick up a lot of stuff that my antivirus even though updated doesn't And this is just out of curiosity - it seems like a lot of people are affected by the google redirect virus lately looking at the forum, that is Thanks again Bobbye, you're a great help. You're welcome. Glad to help. I'll answer your questions, then I'll leave some information to help with security for the system.

About an occasional online AV scan : this is a personal choice. It won't hurt anything if you do one, but if it does find malware. I'm not a big Norton fan. They talk big but miss a lot, partly because people have been led to believe they can do anything and still be protected!

I don't care for 'suites'. Personally, I prefer stand alone programs for antivirus, firewall and at least 2 antimalware programs. I also have a router with a hardware firewall. This is called 'layered protection' and it what is needed.

But all users need a reminder that they, themselves are the first line of security- no matter what they have or how much they have, if they don't practice 'safe surfing', they will get malware.

This also includes safe handling of email and attachments. About the 'Google redirect virus'. Actually there is no such thing- as far as I know. Believe it or not, malware tries to protect itself- it's part of the code written into it not to allow the user to go somewhere that might assist in it's removal. Disable and Enable System Restore: See System Restore Guide This will help you understand what this is, why you need to clean and set restore points and what information is in them.

Stay current on updates: Visit the Microsoft Download Site frequently. Visit this Adobe Reader site often and make sure you have the most current update. Uninstall any earlier updates as they are vulnerabilities.

Check this site often. Java Updates Stay current as most updates are for security. Make Internet Explorer safer. Use a good, bi-directional firewall one software firewall I recommend either of these software firewalls. It places kill bits to stop bad Active X controls from being installed. Remember to update it regularly. It basically prevents any downloads Cookies etc from the sites listed, although you will still be able to connect to the sites.

Basically, this prevents your computer from connecting to those sites by redirecting them to Google Toolbar Get the free google toolbar to help stop pop up windows.

If I can be of further assistance, please let me know. Alright, this is insane - I got the google redirecting malware again! It's directing me to the same site Haven't browsed any suspicious sites or opened any fishy attachments, so I have no idea how I've got this one. Unless wikipedia can be counted as suspicious??

Anyhow, I've attached the logs. Sorry Bobbye for troubling you again with this! You have a program loading PPStream. This is a Chinese peer-to-peer streaming video network software. From Wiki: PPStream adopts P2P-streaming technology and supports high-volume traffic with tens of thousands of users online at once. Anyways, I took the liberty of going ahead and uninstalling that program from my computer - hopefully that's okay.

So here are the logs. Unfortunately the google redirecting issue is still there. But yeah, I'm all ears for the next step. Thanks again! You have a Rootkit infection. It showed in the first Combofix log but you decided then you were going to reformat. I take it you didn't do that. You need to remove the old Norton entries. For some reason, newer defs didn't remove older ones.

Please manually update NIS, then reboot the computer. It will close all programs itself when run, make sure to let it run uninterrupted. Click the Start button to begin the process. The program should not take long to finish its job Once its finished it should reboot your machine , if not, do this yourself to ensure a complete clean TFC only cleans temp folders.

TFC will completely clear all temp files where other temp file cleaners may fail. TFC requires a reboot immediately after running. Be sure to save any unsaved work before running TFC. Save the file to your desktop Two other links for the download should you need one: Link 2 Link 3 Double click on downloaded. Please, do not select the "Show all" checkbox during the scan. Open the folder where the contents were unzipped and run mbar. Click on the Cleanup button to remove any threats and reboot if prompted to do so.

Wait while the system shuts down and the cleanup process is performed. Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process. When done, please post the two logs produced they will be in the MBAR folder RogueKiller V8.

Parent][FILE] Parent][FILE] cb. Malwarebytes Anti-Rootkit 1. Files Detected: 0 No malicious items detected end. These are the 2 files you requested. I still need system-log. Drive 0 Scanning MBR on drive Performing system, memory and registry scan C] Done!

Scan finished Creating System Restore point Scheduling clean up No system shutdown is required. Create new restore point before proceeding with the next step Close any open browsers. Very Important! Temporarily disable your anti-virus , script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Click on this link to see a list of programs that should be disabled.

The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask. If there is no internet connection after running Combofix, then restart your computer to restore back your connection. If the connection is not there use restore point you created prior to running Combofix. Double click on combofix. If Combofix asks you to install Recovery Console , please allow it. NOTE 2.

If Combofix asks you to update the program, always do so. When finished, it will produce a report for you. As long as your computer clock is running Combofix is still working.

Be patient. Make sure, you re-enable your security programs, when you're done with Combofix. If, for some reason, Combofix refuses to run , try the following Delete Combofix file, download fresh one, but rename combofix. Do NOT run it yet. Download Rkill courtesy of BleepingComputer. There are 2 different versions. If one of them won't run then download and try to run the other one. You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully. If not, delete the file, then download and use the one provided in Link 2. Hi again, here are the logs you needed. The ESETs scan still seems to list alot of malware and a trojan. Not to worry about the entries in the Eset log.

The Qoobox is where Combofix sends it's quarantined entries and System Volume is where the System Testore points are held. We have you drop the old restore points at the end of cleaning. This is why we say don't use the System Restore feature while cleaning because if you choose an infected restore point, you will reinfect the system.

You should be running better att his point as LimeWire and Ask. Please reopen Hijackthis to 'do system scan only. Hi again, wish I had better news but the redirect is still happening.

I did the HJT thing as you said then rebooted. It took a long time for the computer to come back on, it just sat at the windows screen with no icons up for about 3 mins. When it did come up it said Windows has recovered from a serious problem and requested i send the info to mircorsoft. As far as the redirects, what is happening is I do a google search, say for Trains, then the google page with links comes up and I click a link. At that point the redirect happens, it takes a moment or two longer than it should and then redirects to another page.

Usually it seems to go to something called 'upliftyoursearch. On a side note, if i click back to the original search results page and then click on the same link it will then go to the proper page, it does not redirect a second time.

Sorry here is the pop up image from Microsoft. And one more thing, everytime I run combo fix it says there is a 'rootkit' running and then it has to reboot to do what ever it is doing I should have mentioned it before. Hi Bobbye, sorry to bump my post I am still infected.. Paste here Ctrl V [6]. If you have a recurring Error with same ID , same Source and same Description, only one copy is needed. You don't need to include the lines of code in the box below the Description, if any. Please do not copy the entire Event log.

Errors are time coded. I am only wanting to see the one s that correspond to the message. Here are the Events, they all happed within about 5 mins. Description: Hanging application Trjscan. I will do the combo fix and post the results next. I can't boot to safemode. Reboot the computer. Please download and run the tool below named Rkill courtesy of BleepingComputer. There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus. A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully. If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs. Do not reboot until instructed. If the tool does not run from any of the links provided, please let me know. Please download exeHelper by Raktor and save it to your desktop. Double-click on exeHelper.