Показано с 1 по 7 из 7.

Google redirect browser hijack virus

  1. #1
    Junior Member Репутация
    Регистрация
    21.11.2009
    Сообщений
    4
    Вес репутации
    53

    Google redirect browser hijack virus

    I have caught the virus that seems to be going around lately (and it's not the swine flu.

    Google searches in Firefox (3.5.5) are often being redirected to arbitrary sites, including casinos, alternate search engines, and adware sites.

    I have scanned with Kaspersky, MBAM, and SuperAntiSpyware - each one claims to have found and fixed one or two items, but the problem persists.

    I have attached the two AVZ logs, and the HiJackThis log.

    Thanks in advance for your help.

    Mark
    Вложения Вложения

  2. #2
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация
    Регистрация
    03.04.2006
    Сообщений
    21,100
    Вес репутации
    3023
    Hello,

    Close/disable all the applications excluded AVZ and Internet Explorer.

    - Disconnect your PC from network (internet/intranet)
    - Disable antivirus, firewall and other memory resident security tools
    - Disable System Restore

    -Fix with Hijackthis
    Код:
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
    O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
    - Execute following script
    Код:
    begin
    SearchRootkit(true, true);
    SetAVZGuardStatus(True);
    ClearQuarantine;
     QuarantineFile('C:\WINDOWS\C-B.scr','');
     DelBHO('{3041d03e-fd4b-44e0-b742-2d9b88305f98}');
     DelBHO('{201f27d4-3704-41d6-89c1-aa35e39143ed}');
     DeleteFile('C:\Program Files\AskBarDis\bar\bin\askBar.dll');
     DeleteFile('c:\62822259db295d363cc19d\wgasetup.exe');
     DeleteFileMask('c:\62822259db295d363cc19d','*.*',true);
     DeleteDirectory('c:\62822259db295d363cc19d');
    BC_ImportAll;
    ExecuteSysClean;
    BC_Activate;
    SetAVZPMStatus(True);
    RebootWindows(true);
    end.
    If the system after reboot would try to install any unknown hardware, abort the installtion and remove unknown hardware over hardware manager

    After reboot:

    execute following script
    Код:
    begin
    CreateQurantineArchive('C:\quarantine.zip');
    end.
    - Clean Temp-Maps, Cache of Browsers, Recycler. Use Windows service tool cleanmgr or CCleaner or ClearProg
    - Upload the C:\quarantine.zip over the link Upload quarantined files on the top of this page.
    - Make new logs and attach them to the new posting.

  3. #3
    Junior Member Репутация
    Регистрация
    21.11.2009
    Сообщений
    4
    Вес репутации
    53
    Thank you for your advise so far. I have followed the procedures you suggested, but the problem persists.

    I will start from the beginning of "the rules" again, with running Dr. Web Cure It, and then generating the logs and posting them. I expect that I should have the new data within a few hours, depending on the time for the complete scan.

  4. #4
    Junior Member Репутация
    Регистрация
    21.11.2009
    Сообщений
    4
    Вес репутации
    53
    Here is the latest news and log files:

    1. I cannot boot the computer into safe mode - it BSODs every time.
    2. In normal mode I run Symantec AntiVirus - it reports clean.
    3. In normal mode I run Kaspersky - no threats found.
    4. In normal mode I run Dr. Web CureIt - it reports BackDoor.Tdss.565 in memory (eliminated), and it finds BackDoor.Tdss.1133 in C:\Windows\system32\drivers\iaStor.sys . It attempts to cure it, but it loops indefinitely on the cure attempt (the driver is seemingly loaded and cannot be modified while in use).

    Given that the other two anti-virus products don't find the backdoor, and Dr. Web does, it could be a false positive, or Dr. Web is smarter in this case.

    I have uploaded the previous quarantine.zip, and am attaching the latest AVZ and HiJackThis scans.

    I hope you are able to solve this. Thanks in advance.

  5. #5
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация
    Регистрация
    03.04.2006
    Сообщений
    21,100
    Вес репутации
    3023
    The logs seems to be clean. Remove Superantispyware and don't use any other antivirus excepted installed one.
    Replace file C:\Windows\system32\drivers\iaStor.sys using recovery console from original Windows CD
    Make a log of gmer: http://virusinfo.info/showthread.php?t=51878

  6. #6
    Junior Member Репутация
    Регистрация
    21.11.2009
    Сообщений
    4
    Вес репутации
    53
    The problem is fixed with replacing iaStor.sys.
    I have attached the gmer log.

    Thank you very much for your assistance. It is much appreciated.

  7. #7
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация
    Регистрация
    03.04.2006
    Сообщений
    21,100
    Вес репутации
    3023
    Hello,

    your log seems to be clean.

    But you have to upgrade your antivirus solution. If you'd like to stay by Norton - use the version 2010.
    Look the last test of AV-Comparatives

Похожие темы

  1. Google redirect virus in sptd?
    От gostram в разделе Malware Removal Service
    Ответов: 15
    Последнее сообщение: 03.10.2010, 12:54
  2. Google redirect
    От schofield в разделе Malware Removal Service
    Ответов: 0
    Последнее сообщение: 01.07.2010, 01:34
  3. Browser Search Hijack & More
    От frogwash в разделе Malware Removal Service
    Ответов: 14
    Последнее сообщение: 30.06.2010, 08:11
  4. Help with Browser Redirect
    От meandeef в разделе Malware Removal Service
    Ответов: 4
    Последнее сообщение: 21.11.2009, 05:31
  5. Google redirect/IE connection problems Virus/Trojan please help
    От clumsykat в разделе Malware Removal Service
    Ответов: 12
    Последнее сообщение: 20.07.2009, 00:22

Свернуть/Развернуть Ваши права в разделе

  • Вы не можете создавать новые темы
  • Вы не можете отвечать в темах
  • Вы не можете прикреплять вложения
  • Вы не можете редактировать свои сообщения
  •  
Page generated in 0.01192 seconds with 20 queries