infedonetwork
asked on
Google Redirect Virus
Hi Guys
I have a PC that got infected with Goolge redirect virus and I try everything I know to clean it but nothing work.
I download tdsskiller but it does not start.
I delete and recreate the host file and it work for a day then it start again.
I flush the DNS, Clean the internet temp files. Not sure what else I can try.
Any ideas?
I have a PC that got infected with Goolge redirect virus and I try everything I know to clean it but nothing work.
I download tdsskiller but it does not start.
I delete and recreate the host file and it work for a day then it start again.
I flush the DNS, Clean the internet temp files. Not sure what else I can try.
Any ideas?
I agree w pc_solutions recommendation, especially malwarebytes.
Also, after everything is all said and done, be sure to scan with a couple of other freeware virus checkers and spyware checkers. AVGfree (http://free.avg.com/us-en/homepage) and SuperAntiSpyware free version (http://www.superantispyware.com/download.html) both come to mind.
So often if you have one infection, you've probably got more... and no one virus checker will find everything.
Also, after everything is all said and done, be sure to scan with a couple of other freeware virus checkers and spyware checkers. AVGfree (http://free.avg.com/us-en/homepage) and SuperAntiSpyware free version (http://www.superantispyware.com/download.html) both come to mind.
So often if you have one infection, you've probably got more... and no one virus checker will find everything.
ASKER
Already done all this except the symantec zero access that I will run shortly.
Malwarebyte did not find anything, neider avg.
Superantispyware found something but did not fix the problem.
Fixtds does not start eider.
Malwarebyte did not find anything, neider avg.
Superantispyware found something but did not fix the problem.
Fixtds does not start eider.
If you are unable to run neither TDSSKiller or FixTDSS after running the ZeroAccess removal tool, pull the drive from your system and slave it to another computer. Then run TDSSKiller from that computer. If it does have a variant of Tidserv or Pihar, it will find it on the MBR of the hard drive and you should be able to remove it.
I recommend Avast! Free Antivirus over AVG by the way, but that's just a recommendation.
I recommend Avast! Free Antivirus over AVG by the way, but that's just a recommendation.
ASKER
Zerro Access did not found any infection.
TDSSKiller or fix tdss does not run.
I also use mbrcheck and it say that is an infected mbr and I chose to replace it but that did not help eider.
TDSSKiller or fix tdss does not run.
I also use mbrcheck and it say that is an infected mbr and I chose to replace it but that did not help eider.
Were you able to slave your hard drive to another computer and scan it with TDSSKiller? I was a little unclear on this sentence, "I also use mbrcheck and it say that is an infected mbr and I chose to replace it but that did not help eider."
Do you have TDSS logs? If so, it will place them in the C:\ directory. Please upload these logs.
Also, please download and run RKill. This will shutdown any processes that may be preventing TDSSKiller from running. You can download it here. I recommend downloading the iExplore.exe file.
http://www.bleepingcomputer.com/download/rkill/
Please upload the results of this also. After running this, DO NOT reboot your computer. Run TDSSKiller and see if you can now fix the issues.
Do you have TDSS logs? If so, it will place them in the C:\ directory. Please upload these logs.
Also, please download and run RKill. This will shutdown any processes that may be preventing TDSSKiller from running. You can download it here. I recommend downloading the iExplore.exe file.
http://www.bleepingcomputer.com/download/rkill/
Please upload the results of this also. After running this, DO NOT reboot your computer. Run TDSSKiller and see if you can now fix the issues.
ASKER
I already try few times the rkill but it did not help
Teh MBR tool can be found here: http://www.majorgeeks.com/MBRCheck_d7076.html
After I run it said that I have an infected MBR and I chose to have it replaced but nothing changed.
I can't slave the drive because the computer infected is to a remote location.
I'm Trying HitmanPro now. I will let you know if it work.
Teh MBR tool can be found here: http://www.majorgeeks.com/MBRCheck_d7076.html
After I run it said that I have an infected MBR and I chose to have it replaced but nothing changed.
I can't slave the drive because the computer infected is to a remote location.
I'm Trying HitmanPro now. I will let you know if it work.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
After I reboot tdsskiller also start working and found 0 infections.
I guess there is no antivirus that could get it all.
That PC was running kaspersky, malwarebyte and search and destroy.
All of those reports no infection.
I guess there is no antivirus that could get it all.
That PC was running kaspersky, malwarebyte and search and destroy.
All of those reports no infection.
Wow, it's amazing what works and what doesn't for different infections. I do use Hitman Pro from time to time, but I'm glad that fixed the issue for you!
ASKER
Hitmanpro was the only software that was able to remove the Malware
Try running Symantec's FixTDSS
http://www.symantec.com/security_response/writeup.jsp?docid=2010-090608-3309-99
Also, run Symantec's ZeroAccess Removal Tool:
http://www.symantec.com/security_response/writeup.jsp?docid=2011-121607-4952-99
This infection commonly comes with it.
Once you have ran both removal tools, try to run TDSSKiller again. Let this run through and remove any leftovers. Be sure to checkmark to check for TDLFS in the options.
Last but not least, run a scan with Malwarebytes to look for anything that these rootkits might have brought in.
http://www.malwarebytes.org/mwb-download/
Post your results when this is done.