Solved

redirect virus removal help

Posted on 2011-09-23
12
474 Views
Last Modified: 2012-05-12
redirect virus sends my google searches all over the place. does same thing with yahoo. AV anti virus full computer scan does not catch any problem.This means I have almost no internet access. This site says to use TDSSKILLER.exe. I tried to download it but  AV  said IT was a virus and did not permit download. what should I do?
0
Comment
Question by:oliviajones
  • 8
  • 4
12 Comments
 
LVL 29

Expert Comment

by:Sudeep Sharma
ID: 36588896
You would need to disable the Anti-Virus on the computer and then run the TDSSKiller. Since it is the most preferred tool to remove the Google Redirect.

Though most of the AV should not say it as Virus but there could be false positive.

Recommended readings:

Infected router - Google search redirects even on a clean system
http://www.experts-exchange.com/A_5327.html

“Google Hijack” — Google Search Gets Redirected
http://www.experts-exchange.com/A_3299.html

Sudeep

0
 
LVL 29

Expert Comment

by:Sudeep Sharma
ID: 36588918
Further, it could be the infection it self which is not letting you download it. So one way is to get it on USB device from another computer and run it from USB to the infected computer.

You could also try renaming it to file like "iexplore.exe" and then run it.
0
 

Author Comment

by:oliviajones
ID: 36589425
Downloaded TDSSKILLER.exe to usb stick. Would not even unzip properly from stick on infected computer. Opened and copied exe file on clean computer, transferred to desk top of infected computer. GUI looked like it was working. Report: no threats found.
Now what?
0
 

Author Comment

by:oliviajones
ID: 36589465
0
 
LVL 29

Expert Comment

by:Sudeep Sharma
ID: 36589506
have you also check the article below:

Infected router - Google search redirects even on a clean system
http://www.experts-exchange.com/A_5327.html

Sudeep

Also suggest you to run MalwareBytes full system scan:


http://www.malwarebytes.org/mbam-download.php

Once finished let us know if you this the issue is still there.

I hope that would help

Sudeep
0
 

Author Comment

by:oliviajones
ID: 36589705
there are 7 computers using this router. only one behaves badly. does this rule out router infection? If you rule it out i will go change router password. i have been lazy lately.....
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 29

Accepted Solution

by:
Sudeep Sharma earned 500 total points
ID: 36589787
In that case it would not be the router. DId you ran MalwareBytes yet?

In some cases you would need to run Rogue Killer before running MalwareBytes.

Also I believe all the tools mentioned are run in Normal Mode and NOT in safe-mode.

I would also recommend you to go through the articles from Younghv

http://www.experts-exchange.com/A_4922.html (Rogue-Killer-What-a-great-name)
http://www.experts-exchange.com/A_5124.html (Stop-the-Bleeding-First-Aid-for-Malware)
http://www.experts-exchange.com/A_1940.html (Basic Malware Troubleshooting)

I hope that would help.

Sudeep
0
 

Author Comment

by:oliviajones
ID: 36590163
I am running MalwareBytes as we type. Did not do in safe mode, but I did disable all anti virus and a lot of unrelated junk processes from hp, etc, that run in the background. Should I interrupt the scan and start over? It's on a big drive and it takes forever. Do I have to scan ALL drives, including drives w music only, old files, etc, Or can i scan just the drive w Wondows7 OS? BTW this is a dual boot drive. Old vista OS/drive does not SEEM to be infected. do I need to scan it? we could really change how long these scans take if I leave off some of the HDs attached.
0
 

Author Comment

by:oliviajones
ID: 36590752
Malawarebytes found a trojan in my registry. What do I do now?????
malwarebite-trojan-find.JPG
0
 

Author Comment

by:oliviajones
ID: 36590777
If the picture is small, the threat found is Trojan BHO
0
 

Author Comment

by:oliviajones
ID: 36590792
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7783

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

9/23/2011 8:40:36 PM
malwarebytes mbam-log-2011-09-23 (20-39-03).txt

Scan type: Full scan (C:\|D:\|E:\|G:\|K:\|L:\|)
Objects scanned: 542725
Time elapsed: 1 hour(s), 52 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
0
 

Author Closing Comment

by:oliviajones
ID: 36590817
suggestion of using Malwarebytes found virus. so now I have a new question
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article summarizes using a simple matrix to map the different type of phishing attempts and its targeted victims. It also run through many scam scheme scenario with "real" phished emails. There are safeguards highlighted to stay vigilance and h…
Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now