Solved

Is this Google virus or what???

Posted on 2004-04-06
4
3,888 Views
Last Modified: 2010-04-11
Hi all,
I use XP Home. For some days now, Google have been giving me alot of headache. Most times it doesn't allow me visit other websites. I did not place Google as my home page in my explorer but where does this problem come from?

If I type another website's address in the address bar and click "GO", Google will just appear from nowhere.

If I follow a link to a website that has nothing to do with Google, Google will just appear. And whenever it appears, refreshing will hardly remove it.

Mostly what appears is annoying Google error page. What will I do to stop this crap!! I have used Adware and Norton to check my system for craps and still it persists.

Please can someone give me a helping hand here before I go crazy over this issue. I will appriciate any opinion. Thanks.


0
Comment
Question by:Agamlizard
  • 2
4 Comments
 
LVL 6

Accepted Solution

by:
akboss earned 30 total points
ID: 10769791
have you changed your start page at all in the Tools>internet options area?

if you didnt do it then try downloading this.
CWShredder direct download:
http://209.133.47.200/~merijn/files/CWShredder.exe

also downloading and posting the log file here from Hijackthis is helpful.
HijackThis  
http://209.133.47.200/~merijn/files/HijackThis.exe
http://www.spywareinfo.com/~merijn/downloads.html
0
 

Author Comment

by:Agamlizard
ID: 10770634
akboss,

Thank you so much, I did exactly as you all instructed and I removed few craps with Hijack-This and my system is recovering, little by little.

I will watch its improvement in few days to know if the disease is finally eradicated. My instinct tells me that its over. I will report to you in few days time if my system is still sick.

Below is just the final log after removing the craps, if there is anything you see bad there you let me. Again, I'm so grateful to you. Thanks!!!

 Logfile of HijackThis v1.97.7
Scan saved at 12:53:36 AM, on 4/7/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\TBridge\Flatbed.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\ctfmon.exe
G:\j2 Messenger\HotTray.exe
G:\j2 Messenger\Dllcmd32.exe
C:\WINDOWS\System32\wpabaln.exe
D:\Clean KMD\clean.kmd
C:\Program Files\A4Proxy\A4Proxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
G:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=127.0.0.1:8080;http=127.0.0.1:8080;https=127.0.0.1:8080
F1 - win.ini: load=C:\TBridge\Flatbed.exe
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - D:\FreshDevices\FreshDownload\fdcatch.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickFinder Scheduler] "G:\WordPerfect Office 11\Programs\QFSCHD110.EXE"
O4 - HKLM\..\Run: [WordPerfect Office 1115] C:\Program Files\Common Files\Corel\Registration\EN\Registration.exe /title="WordPerfect Office 11" /date=041004 serial=WS11WTD-9999998-BHS
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: j2 Tray Menu.lnk = G:\j2 Messenger\HotTray.exe
O4 - Global Startup: Live Menu.lnk = G:\j2 Messenger\Dllcmd32.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {3EB4F9EA-51A6-48DA-846A-0D69DCBA39EF} (DownloadManager Control) - http://download.akamaitools.com.edgesuite.net/dlmanager/live/code/DownloadManager.ocx
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38082.356724537


0
 
LVL 6

Expert Comment

by:akboss
ID: 10778346
get rid of kazza...it will just cause you more trouble in the long run.

D:\Clean KMD\clean.kmd

"This will update anything that is old in K-Lite 2.4.3. Just run the install program and there you go, you are up to date. "

0
 
LVL 1

Expert Comment

by:mal4mac
ID: 11573881
For an overview of Google viruses and Google worms try:

http://www.321books.co.uk/mega-search-engines/google-virus.htm
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Suggested Solutions

Cybersecurity has become the buzzword of recent years and years to come. The inventions of cloud infrastructure and the Internet of Things has made us question our online safety. Let us explore how cloud- enabled cybersecurity can help us with our b…
Article by: btan
Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
This video discusses moving either the default database or any database to a new volume.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now