I am the victim of a google redirect virus.

The virus redirects to other pages when hitting search results. These pages vary, but they often contain themselves viruses. tht virus often redirects to www.google.com (http://www.google.com) although my homepage is www.google.ca (http://www.google.ca)

I run AVG anti-virus and am under Windows XP. The virus is active in Firefox. I haven't tested with IE.

I have run a full scan of AVG. It did not find the virus. I have run a full scan of SpyBot S&D and it did not find it.

I have downloaded both the Kapersky virus removal tool as well as tdsskiller.

tdsskiller found a "threat" in sptd.sys. I put it under quarantine but the virus is still active

I would be grateful for your help.

gostram

Добавлено через 8 минут

Unfortunately, the forum won't let me upload the zip file with the system info. Is there any way to pm it?

Unfortunately, the forum won't let me upload the zip file with the system info. Is there any way to pm it?What error shows?

The error doesn't show. The browser simply close down completely when I click on "upload". I just tried again, and the window simply closes as well as all other instances of Firefox.

I posted the log online: http://www.mediafire.com/?nung1rglf28elma

thank you for your help.

Are you using IE now?

Execute following script in avptool:


begin
ClearQuarantine;
QuarantineFile('C:\WINDOWS\System32\winlogon.exe', '');
QuarantineFile('C:\WINDOWS\system32\appconf32.exe' ,'');
CreateQurantineArchive('C:\quarantine.zip');
end.


upload C:\quarantine.zip here (http://virusinfo.info/upload_virus_eng.php?tid=88869)

Thank you for the prompt answer.

I tried to upload but Firefoc crashed when trying to upload

I uploaded the quarantine file on mediafire:

http://www.mediafire.com/?ng0c7xpnkclehtu

I also tried to use IE and tested google. It automatically tried (and apparently managed) to install a trojan which AVG detected

Scan your PC with Kaspersky Live CD (http://support.kaspersky.com/viruses/rescuedisk?level=2)

Thank you again for your rapid answer. I managed to burn the CD but can not seem to be able to launch the application. Is there a file in the folders I can click on to launch it. Autoplay won't open it, and I browsed the folders but couldn't find anything that seemed to be able to launch it.

Edit from 17:06 CET: I did not see the pdf for the manual, I will follow the instructions and report


Thanks

+ Execute following script in avptool:


begin
ClearQuarantine;
SearchRootkit(true, true);
SetAVZGuardStatus(true);
DeleteFile('C:\WINDOWS\system32\appconf32.exe');
BC_ImportALL;
ExecuteSysClean;
ExecuteWizard('TSW',2,2,true);
BC_Activate;
RebootWindows(true);
end.


Make a new log file of avptool

Thanks a lot for answering. I was still fighting with creating the USB bootable disk.
I am not done doing it.

I did run the script you sent. I did put the log file online to avoid the issue with uploading it to the forum

http://www.mediafire.com/?53bf39wb2b4xo6s

I am not done doing it.Skip this step. Check PC with CureIt (http://www.freedrweb.com/cureit/?lng=en)

Change all your online passwords.

I checked the PC with the Cureit over night.

It found several threats

- Win32.Dat.8 in winlogon.exe in c:\WINDOWS\System32 (DESINFECTED)

- Win32.Dat.8 in explorer.exe in c:\WINDOWS\explorer.exe (DESINFECTED)

- Program.PopcapLoader in Popcaploader.dll in c:\windows\downloaded program files (REMOVED)

I am now on my way to change the online passwords

Добавлено через 5 минут

The new log is posted here:

http://www.mediafire.com/?yyp9e9ii53824jz

Добавлено через 34 минуты

Ok. I changed most of my passwords, focusing on the most sensitive ones

Добавлено через 9 часов 59 минут

Everything seems to work ok now.

I will wait to see if it resurfaces. Is the virus supposed to be gones completely??

Is there any way to show my immense gratitude for your services?

Execute script in avptool:


begin
ClearQuarantine;
QuarantineFile('C:\WINDOWS\System32\winlogon.exe', '');
QuarantineFile('C:\WINDOWS\explorer.exe','');
CreateQurantineArchive('C:\virus.zip');
end.


upload C:\virus.zip here (http://virusinfo.info/upload_virus_eng.php?tid=88869)

I just did upload the file (with IE, firefox crashes)

Reinstall FireFox.
Files ok. Problem solved?

I just reinstalled Firefox. Everything seems to work ok. I am incredibly thankful for your help.
Not sure what it was exactly, but it now works well

Статистика проведенного лечения:

Получено карантинов: 2
Обработано файлов: 4
В ходе лечения обнаружены вредоносные программы:

c:\\windows\\system32\\appconf32.exe - Trojan-Banker.Win32.MultiBanker.zy ( DrWEB: Trojan.PWS.Banker.23813, BitDefender: Trojan.Generic.4920480, AVAST4: Win32:Crypt-HRS [Drp] )
c:\\windows\\system32\\winlogon.exe - Trojan.Win32.Patched.kl ( DrWEB: Win32.Dat.8, BitDefender: Win32.Loader.Q, NOD32: Win32/Bamital.EC trojan, AVAST4: Win32:Bamital-AC )