Author Topic: Google redirect malware/virus? (Read 1605 times)

Duke McDukiedook · « **on:** July 13, 2011, 01:03:28 PM »

Hey guys,

Looks like I recently picked up some malware/virus that does redirects on google search on my home computer- I think I am running 3.6 of Firefox, I'll have to check when I get home.

I haven't tried yet to remove it but any of you IT guys deal with this and have any cheap (free) options to squash this nefarious code?

Gordon · « **Reply #1 on:** July 13, 2011, 01:18:51 PM »

Had some malware a while back that started out by doing the same thing you describe, and then got worse to the point the computer was useless. Safe mode wouldn't even work correctly. I ran combofix, as Mark Linder suggested, and I think ATF Cleaner, and it cleared it all out.

http://forums.sohc4.net/index.php?topic=64523.0

tango911 · « **Reply #2 on:** July 13, 2011, 01:19:23 PM »

download "Malwarebytes" there should be a free version at download.com, you can also google it.

Update it and run a full scan, delete the entries that it finds. Its a quick cheap try.
I also use spybot search & destroy every now and then.

my 2 cents

CycleRanger · « **Reply #3 on:** July 13, 2011, 01:25:11 PM »

There are several nasty viruses making the rounds that will do what you describe.

The trick is to identify which one you have.

Try running Hitman Pro. It might remove it or at least identify it.
http://download.cnet.com/Hitman-Pro-3-32-bit/3000-2239_4-10895604.html

I also like Adaware and Spybot
http://www.lavasoft.com/products/ad_aware_free.php
http://www.safer-networking.org/en/download/

It's best to reboot in safe mode before running these. Of course you may need to download them from another computer.

Duke McDukiedook · « **Reply #4 on:** July 13, 2011, 02:15:54 PM »

I'll try safe mode and run malwarebytes and then AVG.
People on the Google forum complained that these programs didn't work for this malware but Hitman did.
I'll give the first two and lava a go and see what happens.

Duanob · « **Reply #5 on:** July 13, 2011, 03:16:08 PM »

My last malware infection actually disabled Malware-bytes. Safemode worked but I would like better protection up front (free of course) Currently using windows essentials which works pretty good. Except you have to update it every once in a while and when your better half gets on and starts shopping at who-knows-what-site, well.....I have a couple of friends that work at the big MS and they always give me tips on what works and what doesn't.

Really? · « **Reply #6 on:** July 13, 2011, 03:21:10 PM »

Quote from: Gordon on July 13, 2011, 01:18:51 PM

Had some malware a while back that started out by doing the same thing you describe, and then got worse to the point the computer was useless. Safe mode wouldn't even work correctly. I ran combofix, as Mark Linder suggested, and I think ATF Cleaner, and it cleared it all out.

http://forums.sohc4.net/index.php?topic=64523.0

combofix is great for rootkits. It will download and install the recovery console if it needs to dig something out. Just make sure you have a legitimate copy, lots of phoney ones out there. And, disable your AV when you download and run combofix, some AV's are deleting them.

malwarebytes and superantispyware are good to have in addition to combofix.

CycleRanger · « **Reply #7 on:** July 13, 2011, 03:36:28 PM »

Quote from: Industrial-sized Dukiedook on July 13, 2011, 02:15:54 PM

I'll try safe mode and run malwarebytes and then AVG.
People on the Google forum complained that these programs didn't work for this malware but Hitman did.
I'll give the first two and lava a go and see what happens.

Yeah Hitman worked for me.
A friend at work brought me his wife's laptop.
It had two different redirect viruses and a rootkit virus!
I use a Mac so I don't have these problems.

Really? · « **Reply #8 on:** July 13, 2011, 03:42:16 PM »

One day the wave we ride will change with our Macs. I just hope it is not soon.

I am not saying they are invincable, just not as beat down with them.

Gordon · « **Reply #9 on:** July 13, 2011, 05:27:58 PM »

None of the regular stuff, malwarebytes, adaware, spybot, worked on my problem. It took combofix to finally root it out.

Duke McDukiedook · « **Reply #10 on:** July 14, 2011, 01:21:04 AM »

Combofix for the win.

Combo fix caught XUL cache and malware caught fsharproj at the root.

CycleRanger · « **Reply #11 on:** July 14, 2011, 06:43:30 AM »

I never tried Combofix. I'll remember that next time.
Actually, in my case, I used Hitman to ID the infection then I was able to download a tool from Symantec that was able to remove it.
Once you ID the infection Symantec usually has a specific tool for it.

Duke McDukiedook · « **Reply #12 on:** July 20, 2011, 12:32:08 PM »

http://googleblog.blogspot.com/2011/07/using-data-to-protect-people-from.html

faux fiddy · « **Reply #13 on:** July 27, 2011, 02:56:04 AM »

Quote from: Gordon on July 13, 2011, 05:27:58 PM

None of the regular stuff, malwarebytes, adaware, spybot, worked on my problem. It took combofix to finally root it out.

maybe I'm fixing something that ain't broke here, but I googled 'combofix' and got 'advance system protection.' I am running their scan, but after refusing bing as homepage it installed it. Changed it to forms.sohc for the mean time. The scan will prolly take forever, I think heat is themain problem, but what the heck, scan and uninstall and retern to MS essentials? Can it hurt?

Really? · « **Reply #14 on:** July 27, 2011, 07:36:16 AM »

You have to make sure you have a legitimate copy of combofix before you run it. There are a lot of phoney ones out there.

If your machine is running hot, use compressed air to blow it out. Make sure the can is upright or you will shoot a bunch of water in there - not good. A hot running machine will run slow as chit.

Duke McDukiedook · « **Reply #15 on:** July 27, 2011, 08:10:03 AM »

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

This is the only address you should be downloading ComboFix from, delete that other copy you downloaded.

http://bleepingcomputer.com Go to the tutorials on the site if you have any problems beyond installing and running ComboFix from that website.

faux fiddy · « **Reply #16 on:** July 27, 2011, 09:14:07 PM »

Quote from: TipperT on July 27, 2011, 07:36:16 AM

You have to make sure you have a legitimate copy of combofix before you run it. There are a lot of phoney ones out there.

If your machine is running hot, use compressed air to blow it out. Make sure the can is upright or you will shoot a bunch of water in there - not good. A hot running machine will run slow as chit.

Yeah, blasted it good a week or so ago at the shop. It's still hot though, a toshiba thing from reviews I read about this model.

Quote from: Industrial-sized Dukiedook on July 27, 2011, 08:10:03 AM

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

This is the only address you should be downloading ComboFix from, delete that other copy you downloaded.

http://bleepingcomputer.com Go to the tutorials on the site if you have any problems beyond installing and running ComboFix from that website.

I will try that. I have been avoiding the prompt from this other thing that wants restart before a "fix."

I will uninstall it. Thanks.

Really? · « **Reply #17 on:** July 28, 2011, 05:34:56 AM »

You would be surprised how many different models get the same review, no matter what brand. One of the biggest problems is dust collecting in the heatsink fins. Compressed air does not get it all sometimes. I have heard of soaking them in IPA to help clear the passage. It is possible the heat sink needs to be reseated with that stuf inbetween again. Lately, I have seen a lot of laptops where two out of the four screws that hold down the part of the heatsink to the processor to be loose and these are new machines.

If it is under warranty, it is a free warranty repair to have a tech come out and replace the fan and the heatsink. They would much rather replace the fan and heatsink than the motherboard because the onboard video card has been cooked due to the heat.

Retro Rocket · « **Reply #18 on:** July 28, 2011, 05:14:04 PM »

I use Kaspersky anti virus and it identifies the malware , Trojans and viruses before you open them by issuing an alert warning that the URL, site or even email, are contaminated, i also scan my system with CCleaner every day, haven't had anything bad on my system for over 5 years and i go everywhere.....

.....Use your imagination guys...

Also using Mozilla version 5

Really? · « **Reply #19 on:** July 28, 2011, 05:38:47 PM »

McAfee's Site Advisor is a great browser plug-in to have. It's free too.

When doing a search like on Google, it will let you know whether it's a good idea or not to go there. It will also tell you why it rated the site bad as well.

faux fiddy · « **Reply #20 on:** July 29, 2011, 01:12:49 PM »

Quote from: Industrial-sized Dukiedook on July 27, 2011, 08:10:03 AM

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

This is the only address you should be downloading ComboFix from, delete that other copy you downloaded.

http://bleepingcomputer.com Go to the tutorials on the site if you have any problems beyond installing and running ComboFix from that website.

I ran combofix and couldn't open a window. sys restore and about every other prog. said scheduled for deletion /something.dll ,etc. Scary.

After restarting, things did a reconfigure seem back to normal. It made a list of adwarecrap, other than that can't tell lots of difference.

I shut off ms essentials to do it. It seems to be working fine, turned itself back on.

Duke McDukiedook · « **Reply #21 on:** July 30, 2011, 10:24:40 AM »

It helps to read the tutorials because like that said in there combofix can do damage but it can be a good tool too.

News:

Author Topic: Google redirect malware/virus? (Read 1605 times)