Solved

Is this Google virus or what???

Posted on 2004-04-06
4
3,889 Views
Last Modified: 2010-04-11
Hi all,
I use XP Home. For some days now, Google have been giving me alot of headache. Most times it doesn't allow me visit other websites. I did not place Google as my home page in my explorer but where does this problem come from?

If I type another website's address in the address bar and click "GO", Google will just appear from nowhere.

If I follow a link to a website that has nothing to do with Google, Google will just appear. And whenever it appears, refreshing will hardly remove it.

Mostly what appears is annoying Google error page. What will I do to stop this crap!! I have used Adware and Norton to check my system for craps and still it persists.

Please can someone give me a helping hand here before I go crazy over this issue. I will appriciate any opinion. Thanks.


0
Comment
Question by:Agamlizard
  • 2
4 Comments
 
LVL 6

Accepted Solution

by:
akboss earned 30 total points
ID: 10769791
have you changed your start page at all in the Tools>internet options area?

if you didnt do it then try downloading this.
CWShredder direct download:
http://209.133.47.200/~merijn/files/CWShredder.exe

also downloading and posting the log file here from Hijackthis is helpful.
HijackThis  
http://209.133.47.200/~merijn/files/HijackThis.exe
http://www.spywareinfo.com/~merijn/downloads.html
0
 

Author Comment

by:Agamlizard
ID: 10770634
akboss,

Thank you so much, I did exactly as you all instructed and I removed few craps with Hijack-This and my system is recovering, little by little.

I will watch its improvement in few days to know if the disease is finally eradicated. My instinct tells me that its over. I will report to you in few days time if my system is still sick.

Below is just the final log after removing the craps, if there is anything you see bad there you let me. Again, I'm so grateful to you. Thanks!!!

 Logfile of HijackThis v1.97.7
Scan saved at 12:53:36 AM, on 4/7/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\TBridge\Flatbed.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\ctfmon.exe
G:\j2 Messenger\HotTray.exe
G:\j2 Messenger\Dllcmd32.exe
C:\WINDOWS\System32\wpabaln.exe
D:\Clean KMD\clean.kmd
C:\Program Files\A4Proxy\A4Proxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
G:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=127.0.0.1:8080;http=127.0.0.1:8080;https=127.0.0.1:8080
F1 - win.ini: load=C:\TBridge\Flatbed.exe
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - D:\FreshDevices\FreshDownload\fdcatch.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickFinder Scheduler] "G:\WordPerfect Office 11\Programs\QFSCHD110.EXE"
O4 - HKLM\..\Run: [WordPerfect Office 1115] C:\Program Files\Common Files\Corel\Registration\EN\Registration.exe /title="WordPerfect Office 11" /date=041004 serial=WS11WTD-9999998-BHS
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: j2 Tray Menu.lnk = G:\j2 Messenger\HotTray.exe
O4 - Global Startup: Live Menu.lnk = G:\j2 Messenger\Dllcmd32.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {3EB4F9EA-51A6-48DA-846A-0D69DCBA39EF} (DownloadManager Control) - http://download.akamaitools.com.edgesuite.net/dlmanager/live/code/DownloadManager.ocx
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38082.356724537


0
 
LVL 6

Expert Comment

by:akboss
ID: 10778346
get rid of kazza...it will just cause you more trouble in the long run.

D:\Clean KMD\clean.kmd

"This will update anything that is old in K-Lite 2.4.3. Just run the install program and there you go, you are up to date. "

0
 
LVL 1

Expert Comment

by:mal4mac
ID: 11573881
For an overview of Google viruses and Google worms try:

http://www.321books.co.uk/mega-search-engines/google-virus.htm
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You cannot be 100% sure that you can protect your organization against crypto ransomware but you can lower down the risk and impact of the infection.
Read about achieving the basic levels of HRIS security in the workplace.
Along with being a a promotional video for my three-day Annielytics Dashboard Seminor, this Micro Tutorial is an intro to Google Analytics API data.
With the power of JIRA, there's an unlimited number of ways you can customize it, use it and benefit from it. With that in mind, there's bound to be things that I wasn't able to cover in this course. With this summary we'll look at some places to go…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now