Highlighted
lantern75
1 Copper

Hijack This/Google Redirect Question

Jump to solution

I think that I have the Google Redirect virus. Or trojan. Or whatever it's called. I downloaded Hijack This, and I wound up with a list of processes that might be wrong. However, it said that it would be better to have somebody recommend which processes to correct, as opposed to correcting all of them and causing irreversible damage. I saved the listed processes on Notepad . . . to whom should I show it? Or do I post it here and hope somebody can pick out the bad stuff?

0 Kudos
1 Solution

Accepted Solutions
8 Krypton

Re: Hijack This/Google Redirect Question

Jump to solution

It looks as if that one was in a temporary folder. Considering that you are still having problems, there may be more components hiding in the system. You may have a TDL4 rootkit, but I can't tell without seeing some specific test results. Dell Community does not support one-on-one malware removal any longer. It would be good to have someone run some diagnostic logs to see exactly what is causing those redirects. I suggest that you post in the Malware Removal Forum at SpywareHammer and have the staff trained in malware removal walk you through the diagnostic scans and a cleanup. Help is free, but you will need to register there. They no longer accept Hijackthis logs unless requested by staff, so be sure that you read the posting instructions for running a more up-to-date tool. Please include a link to this topic at Dell, so your helper does not needlessly repeat the same things we have already discussed here. I will see that your registration is approved in a timely manner and I'll alert a helper to pick up your topic as soon as possible.

In addition, there are other options listed at the top of the this forum. Some are free; some require a fee. Please use only one resource. It can be counter-productive to have too many people trying to help. Good luck! emoticon.Smile.title


Windows Insider MVP 2016 -

Microsoft MVP - Consumer Security 2006-2016

Social Media and Community Professional

6 Replies
8 Krypton

Re: Hijack This/Google Redirect Question

Jump to solution

Hi lantern75,

Welcome to Dell Community. We no longer handle malware removal here, but I can help you with some preliminaries and refer you to additional help if needed.

Try running Malwarebytes' Anti-Malware.
Please download to your desktop Free Version Malwarebytes' Anti-Malware from here: http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html
Double Click mbam-setup.exe to install the application.

    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Press the OK button to close that box and continue.
    • If you encounter any problems while downloading the updates,

manually download them from here
and just double-click on mbam-rules.exe to install.
Alternatively, you can update through MBAM's interface from a clean computer,
copy the definitions (rules.ref) located in
C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes'
Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.

  • Once the program has loaded, select "Perform Quick Scan"; then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checkedPhotobucket
    Click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Highlight the text to copy the log and simply simply Right-Click > Paste it into your reply here.

    Extra Notes:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer, please do so immediately.

    * If you are unable to download or install MBAM on your computer, see if you can use a friend's or family member's computer to download MBAM. Use this update link here to manually download the update. Once downloaded, rename the program installer "mbam-setup.exe" file to something else like "catchjunk.exe". Copy the installer file and the update file to your CD or flash drive. Transfer the file to the infected computer. Install the "catchjunk.exe" file, then run the update so that you will have the current definitions. After that, run a full system scan and select to have the program REMOVE whatever it finds.

    -- MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes (like Spybot's Teatimer), they may interfere with the fix or alert you after scanning with MBAM. Please disable such programs until disinfection is complete or permit them to allow the changes.

    **If you need to re-install MBAM but encounter issue in re-installing, try using the MBAM Cleanup Utility by downloading it from http://www.malwarebytes.org/mbam-clean.exe


Windows Insider MVP 2016 -

Microsoft MVP - Consumer Security 2006-2016

Social Media and Community Professional

0 Kudos
lantern75
1 Copper

Re: Hijack This/Google Redirect Question

Jump to solution

Well, I downloaded Malwarebytes Anti-Malware and only one problem popped up. However, I forgot about copying the logfile. Google worked for a while, but then it got wonky last night. I did a Quick Scan today . . . here's the logfile:

Malwarebytes Anti-Malware (Trial) 1.60.1.1000

www.malwarebytes.org

Database version: v2012.02.23.01

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Owner :: PRO [administrator]

Protection: Enabled

2/23/2012 6:24:45 PM

mbam-log-2012-02-23 (18-24-45).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 181790

Time elapsed: 1 hour(s), 28 minute(s), 48 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

So . . . did I miss anything?

0 Kudos
8 Krypton

Re: Hijack This/Google Redirect Question

Jump to solution

only one problem popped up. However, I forgot about copying the logfile.
I'd rather see the original log. That will be located at the Logs tab when you open Malwarebytes. Click on the Logs tab and open the one with the date of the first scan.Please copy/post that log. Thanks.


Windows Insider MVP 2016 -

Microsoft MVP - Consumer Security 2006-2016

Social Media and Community Professional

0 Kudos
lantern75
1 Copper

Re: Hijack This/Google Redirect Question

Jump to solution

Here it is. Like I said, only one thing came up.

Malwarebytes Anti-Malware (Trial) 1.60.1.1000

www.malwarebytes.org

Database version: v2012.02.21.06

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Owner :: PRO [administrator]

Protection: Enabled

2/22/2012 12:01:02 AM

mbam-log-2012-02-22 (00-01-02).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 190384

Time elapsed: 2 hour(s), 24 minute(s), 17 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 1

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Documents and Settings\Owner\Local Settings\Temp\41.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

0 Kudos
8 Krypton

Re: Hijack This/Google Redirect Question

Jump to solution

It looks as if that one was in a temporary folder. Considering that you are still having problems, there may be more components hiding in the system. You may have a TDL4 rootkit, but I can't tell without seeing some specific test results. Dell Community does not support one-on-one malware removal any longer. It would be good to have someone run some diagnostic logs to see exactly what is causing those redirects. I suggest that you post in the Malware Removal Forum at SpywareHammer and have the staff trained in malware removal walk you through the diagnostic scans and a cleanup. Help is free, but you will need to register there. They no longer accept Hijackthis logs unless requested by staff, so be sure that you read the posting instructions for running a more up-to-date tool. Please include a link to this topic at Dell, so your helper does not needlessly repeat the same things we have already discussed here. I will see that your registration is approved in a timely manner and I'll alert a helper to pick up your topic as soon as possible.

In addition, there are other options listed at the top of the this forum. Some are free; some require a fee. Please use only one resource. It can be counter-productive to have too many people trying to help. Good luck! emoticon.Smile.title


Windows Insider MVP 2016 -

Microsoft MVP - Consumer Security 2006-2016

Social Media and Community Professional

8 Krypton

Re: Hijack This/Google Redirect Question

Jump to solution

As long as your question regarding where to post your issue has been answered, I am going to close this topic, so that you can continue on the support site of your choice.

Other members who need assistance please start your own topic in a new thread describing your issue and someone will be along to assist you. Thanks!


Windows Insider MVP 2016 -

Microsoft MVP - Consumer Security 2006-2016

Social Media and Community Professional

0 Kudos