This post is more than 5 years old
3 Posts
0
7269
Hijack This/Google Redirect Question
I think that I have the Google Redirect virus. Or trojan. Or whatever it's called. I downloaded Hijack This, and I wound up with a list of processes that might be wrong. However, it said that it would be better to have somebody recommend which processes to correct, as opposed to correcting all of them and causing irreversible damage. I saved the listed processes on Notepad . . . to whom should I show it? Or do I post it here and hope somebody can pick out the bad stuff?
Bugbatter
3 Apprentice
3 Apprentice
•
20.5K Posts
1
February 24th, 2012 05:00
It looks as if that one was in a temporary folder. Considering that you are still having problems, there may be more components hiding in the system. You may have a TDL4 rootkit, but I can't tell without seeing some specific test results. Dell Community does not support one-on-one malware removal any longer. It would be good to have someone run some diagnostic logs to see exactly what is causing those redirects. I suggest that you post in the Malware Removal Forum at SpywareHammer and have the staff trained in malware removal walk you through the diagnostic scans and a cleanup. Help is free, but you will need to register there. They no longer accept Hijackthis logs unless requested by staff, so be sure that you read the posting instructions for running a more up-to-date tool. Please include a link to this topic at Dell, so your helper does not needlessly repeat the same things we have already discussed here. I will see that your registration is approved in a timely manner and I'll alert a helper to pick up your topic as soon as possible.
In addition, there are other options listed at the top of the this forum. Some are free; some require a fee. Please use only one resource. It can be counter-productive to have too many people trying to help. Good luck! :emotion-1:
Bugbatter
3 Apprentice
3 Apprentice
•
20.5K Posts
0
February 21st, 2012 17:00
Hi lantern75,
Welcome to Dell Community. We no longer handle malware removal here, but I can help you with some preliminaries and refer you to additional help if needed.
Try running Malwarebytes' Anti-Malware.
Please download to your desktop Free Version Malwarebytes' Anti-Malware from here: http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html
Double Click mbam-setup.exe to install the application.
manually download them from here
and just double-click on mbam-rules.exe to install.
Alternatively, you can update through MBAM's interface from a clean computer,
copy the definitions (rules.ref) located in
C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes'
Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
Click Remove Selected.
Extra Notes:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer, please do so immediately.
* If you are unable to download or install MBAM on your computer, see if you can use a friend's or family member's computer to download MBAM. Use this update link here to manually download the update. Once downloaded, rename the program installer "mbam-setup.exe" file to something else like "catchjunk.exe". Copy the installer file and the update file to your CD or flash drive. Transfer the file to the infected computer. Install the "catchjunk.exe" file, then run the update so that you will have the current definitions. After that, run a full system scan and select to have the program REMOVE whatever it finds.
-- MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes (like Spybot's Teatimer), they may interfere with the fix or alert you after scanning with MBAM. Please disable such programs until disinfection is complete or permit them to allow the changes.
**If you need to re-install MBAM but encounter issue in re-installing, try using the MBAM Cleanup Utility by downloading it from http://www.malwarebytes.org/mbam-clean.exe
lantern75
3 Posts
0
February 23rd, 2012 18:00
Well, I downloaded Malwarebytes Anti-Malware and only one problem popped up. However, I forgot about copying the logfile. Google worked for a while, but then it got wonky last night. I did a Quick Scan today . . . here's the logfile:
Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org
Database version: v2012.02.23.01
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: PRO [administrator]
Protection: Enabled
2/23/2012 6:24:45 PM
mbam-log-2012-02-23 (18-24-45).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 181790
Time elapsed: 1 hour(s), 28 minute(s), 48 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
So . . . did I miss anything?
Bugbatter
3 Apprentice
3 Apprentice
•
20.5K Posts
0
February 23rd, 2012 19:00
lantern75
3 Posts
0
February 23rd, 2012 23:00
Here it is. Like I said, only one thing came up.
Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org
Database version: v2012.02.21.06
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: PRO [administrator]
Protection: Enabled
2/22/2012 12:01:02 AM
mbam-log-2012-02-22 (00-01-02).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 190384
Time elapsed: 2 hour(s), 24 minute(s), 17 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Documents and Settings\Owner\Local Settings\Temp\41.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
(end)
Bugbatter
3 Apprentice
3 Apprentice
•
20.5K Posts
0
February 24th, 2012 16:00
As long as your question regarding where to post your issue has been answered, I am going to close this topic, so that you can continue on the support site of your choice.
Other members who need assistance please start your own topic in a new thread describing your issue and someone will be along to assist you. Thanks!