Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 621
  • Last Modified:

Google Redirector

One of the machines has the Google redirector virus and I can't find any links for the steps to remove it.
 I did notice an entry in msconfig under startup tab called "oxkot" with a path of documents and settings\username\application data\uhytde\oxkot.exe. Does anyone know what this exe file is?

Also in the registry under "hkey_local_machine\software\microsoft\windows\current version\run there is a key called ybizowucafojuf run32dll.exe C:\Winnt\ogurohuge.dll,startup.  Does anyone know what this reg key is and can I delete it?  I'm thinking both these entries do not belong.
Thanks
CJA
0
cja-tech-guy
Asked:
cja-tech-guy
  • 5
  • 4
  • 3
  • +2
4 Solutions
 
jhill777Commented:
Download and install Spybot, Search and destroy, update, immunize and scan.
Download and install Malwarebytes, update, scan
Download Combofix and let it do its thing
What AV are you using?
0
 
jhill777Commented:
*Important*  Don't do Combofix if it's a Windows 7 computer or Vista
0
 
cja-tech-guyAuthor Commented:
Symantec Endpoint
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
jhill777Commented:
It's probably the Network Threat Protection that's blocking it.  Try to disable that for now.  I don't even use that portion of the software because, obviously, it doesn't work!  lol
0
 
jhill777Commented:
In fact, the only thing it has ever done is create problems with my administration of the computers and not allow me to do anything.
0
 
edbedbCommented:
Yes, you can delete both of those entries.
0
 
Sudeep SharmaTechnical DesignerCommented:
0
 
johnb6767Commented:
"documents and settings\username\application data\uhytde\oxkot.exe"
Delete, its viral.....

"hkey_local_machine\software\microsoft\windows\current version\run there is a key called ybizowucafojuf run32dll.exe C:\Winnt\ogurohuge.dll,startup
Also delete, viral....

Delete C:\Winnt\ogurohuge.dll as well....

This can easily be done in Safe Mode, 9 times out of 10....
0
 
cja-tech-guyAuthor Commented:
I deleted the suspect files on the c drive and in the registry.  This caused the machine to go into a boot loop.  It would boot to Windows and right before the login screen it would reboot.  I did a repair and everything is working fine.  
0
 
jhill777Commented:
Objection-Spybot and Malwarebytes would have removed the files and, more importantly, the registry entries that were calling the files.  Manual deletion caused the reboot loop which the repair fixed but that wasn't the initial problem.  Given C:\Winnt, I would assume that this is Windows 2000 so Combofix would have fixed as well and I would suspect that the repair on W2K will now create more problems/more work where you now have to reinstall a ton of Windows Updates and any Office installation is pretty hoarked and will need to be reinstalled.
0
 
cja-tech-guyAuthor Commented:
I agree that they told me to delete the files but that made the situation worse; it caused the machine to go into a boot loop.  It was the second issue, the boot loop, that caused me to run the reinstall.  If anyone else follows thier advice to delete those files and they can't do a Windows repair that will cause them more problems.  I will be happy to divide the points among all who responded but lets make sure anyone else who reads this knows they should not delete those files.
0
 
johnb6767Commented:
"Objection-Spybot and Malwarebytes would have removed the files and, more importantly, the registry entries that were calling the files"

Thats not 100%accurate, without knowing exactly what the infected files were detected as. No way to know they would be found, and more importantly removed. Sure, teh repair might have been a bit overkill, but he had to recover from advice given here.

I would leave the OP's request of a close/refund in tact myself.....
0
 
cja-tech-guyAuthor Commented:
Malewarebytes did not find anything.
0
 
johnb6767Commented:
"Malewarebytes did not find anything."

Again, I would allow the original disposition that the OP had requested....
0

Featured Post

Lessons on Wi-Fi & Recommendations on KRACK

Simplicity and security can be a difficult  balance for any business to tackle. Join us on December 6th for a look at your company's biggest security gap. We will also address the most recent attack, "KRACK" and provide recommendations on how to secure your Wi-Fi network today!

  • 5
  • 4
  • 3
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now