Solved

Google Redirector

Posted on 2010-09-21
15
603 Views
Last Modified: 2012-05-10
One of the machines has the Google redirector virus and I can't find any links for the steps to remove it.
 I did notice an entry in msconfig under startup tab called "oxkot" with a path of documents and settings\username\application data\uhytde\oxkot.exe. Does anyone know what this exe file is?

Also in the registry under "hkey_local_machine\software\microsoft\windows\current version\run there is a key called ybizowucafojuf run32dll.exe C:\Winnt\ogurohuge.dll,startup.  Does anyone know what this reg key is and can I delete it?  I'm thinking both these entries do not belong.
Thanks
CJA
0
Comment
Question by:cja-tech-guy
  • 5
  • 4
  • 3
  • +2
15 Comments
 
LVL 5

Accepted Solution

by:
jhill777 earned 125 total points
ID: 33729554
Download and install Spybot, Search and destroy, update, immunize and scan.
Download and install Malwarebytes, update, scan
Download Combofix and let it do its thing
What AV are you using?
0
 
LVL 5

Expert Comment

by:jhill777
ID: 33729576
*Important*  Don't do Combofix if it's a Windows 7 computer or Vista
0
 

Author Comment

by:cja-tech-guy
ID: 33729601
Symantec Endpoint
0
 
LVL 5

Expert Comment

by:jhill777
ID: 33729649
It's probably the Network Threat Protection that's blocking it.  Try to disable that for now.  I don't even use that portion of the software because, obviously, it doesn't work!  lol
0
 
LVL 5

Expert Comment

by:jhill777
ID: 33729660
In fact, the only thing it has ever done is create problems with my administration of the computers and not allow me to do anything.
0
 
LVL 23

Assisted Solution

by:edbedb
edbedb earned 125 total points
ID: 33730040
Yes, you can delete both of those entries.
0
 
LVL 29

Assisted Solution

by:Sudeep Sharma
Sudeep Sharma earned 125 total points
ID: 33730532
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 66

Assisted Solution

by:johnb6767
johnb6767 earned 125 total points
ID: 33731316
"documents and settings\username\application data\uhytde\oxkot.exe"
Delete, its viral.....

"hkey_local_machine\software\microsoft\windows\current version\run there is a key called ybizowucafojuf run32dll.exe C:\Winnt\ogurohuge.dll,startup
Also delete, viral....

Delete C:\Winnt\ogurohuge.dll as well....

This can easily be done in Safe Mode, 9 times out of 10....
0
 

Author Comment

by:cja-tech-guy
ID: 33734823
I deleted the suspect files on the c drive and in the registry.  This caused the machine to go into a boot loop.  It would boot to Windows and right before the login screen it would reboot.  I did a repair and everything is working fine.  
0
 
LVL 5

Expert Comment

by:jhill777
ID: 33735410
Objection-Spybot and Malwarebytes would have removed the files and, more importantly, the registry entries that were calling the files.  Manual deletion caused the reboot loop which the repair fixed but that wasn't the initial problem.  Given C:\Winnt, I would assume that this is Windows 2000 so Combofix would have fixed as well and I would suspect that the repair on W2K will now create more problems/more work where you now have to reinstall a ton of Windows Updates and any Office installation is pretty hoarked and will need to be reinstalled.
0
 

Author Comment

by:cja-tech-guy
ID: 33735983
I agree that they told me to delete the files but that made the situation worse; it caused the machine to go into a boot loop.  It was the second issue, the boot loop, that caused me to run the reinstall.  If anyone else follows thier advice to delete those files and they can't do a Windows repair that will cause them more problems.  I will be happy to divide the points among all who responded but lets make sure anyone else who reads this knows they should not delete those files.
0
 
LVL 66

Expert Comment

by:johnb6767
ID: 33738287
"Objection-Spybot and Malwarebytes would have removed the files and, more importantly, the registry entries that were calling the files"

Thats not 100%accurate, without knowing exactly what the infected files were detected as. No way to know they would be found, and more importantly removed. Sure, teh repair might have been a bit overkill, but he had to recover from advice given here.

I would leave the OP's request of a close/refund in tact myself.....
0
 

Author Comment

by:cja-tech-guy
ID: 33738441
Malewarebytes did not find anything.
0
 
LVL 66

Expert Comment

by:johnb6767
ID: 33739794
"Malewarebytes did not find anything."

Again, I would allow the original disposition that the OP had requested....
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

PREFACE The purpose of this guide is to provide information to successfully install the MS SQL client tools for the Symantec Endpoint Protection Manager (SEPM) to function properly when installed on Windows 2008. AUDIENCE Information Technology…
For those of you actively in the Malware fightling business, we now have available an amazing new tool in the malware wars (first recommended to me by rpggamergirl (http://www.experts-exchange.com/M_3598771.html), the Zone Advisor for the Virus and …
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now