Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Redirect Virus for Opera and Firefox

05 Mar 2011   #1

Windows 7 Professional 32bit
 
 
Redirect Virus for Opera and Firefox

I'm getting redirected for hits from google/bing/yahoo about half the time to spam sites when i use opera and firefox. Opera is my main browser and i first noticed it happening when i had a win 7 antispyware 2011 virus which i think i have removed using malwarebytes.

I have Mcafee Security Center but i find it pretty useless.
my HitMan Pro 3.5 tells me i have a "possible variant of the TDL3 (alias Alureon) rootkit detected" and also a "Master Boot Record (sector 0) Rootkit" but i cant remove it because my hitman pro has passed its trial period and refuses to.

i'll post my latest malwarebytes log, for the sake of it.
i also have an opened thread in crashes and debugging forum because before i had this issue i had a lot of bsod crashes. http://www.sevenforums.com/crashes-d...d-crashes.html

ive been following the Redirect Virus thread and the first few instructions on that. so ive flushed my DNS Cache, and ran a GooredFix scan.

help would be great! i really need to use my computer for uni work soon.



Attached Files
File Type: txt mbam-log-2011-03-05 (21-12-15).txt (1.1 KB, 25 views)
File Type: txt GooredFix.txt (2.1 KB, 38 views)
My System SpecsSystem Spec
.

05 Mar 2011   #2

Windows 7 Ultimate SP1 x64
 
 

The first thing to do is to install Microsoft Security Essentials:
http://www.microsoft.com/security_essentials/
Run a full system scan and if it still does not pick anything up try Spybot Search and Destroy:
The home of Spybot-S&D!
I would suggest downloading both, also S&D can imunize you browsers from these redirects be modifiying the hosts file in Windows 7.

If you need any help just let me know.

mbam-log-2011-03-05 (21-12-15).txt
Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5962
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
5/03/2011 9:12:15 PM
mbam-log-2011-03-05 (21-12-15).txt
Scan type: Full scan (C:\|D:\|)
Objects scanned: 414213
Time elapsed: 1 hour(s), 56 minute(s), 56 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Windows\temp\0.5094980352235309.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Windows\temp\0.259625413950334.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
GooredFix.txt
Code:
GooredFix by jpshortstuff (03.07.10.1)
Log created at 13:58 on 06/03/2011 (Chungy)
Firefox version 3.5.11 (en-US)
========== GooredScan ==========

========== GooredLog ==========
C:\Program Files\Mozilla Firefox\extensions\
{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} [12:34 26/08/2009]
{972ce4c6-7e08-4474-a285-3208198ce6fd} [06:02 26/08/2009]
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [11:15 26/08/2009]
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [02:32 06/03/2011]
C:\Users\Chungy\Application Data\Mozilla\Firefox\Profiles\o5amkx0o.default\extensions\
firefox@tvunetworks.com [08:04 19/06/2010]
{ea0969b3-6e12-4ac0-b6c9-148e81247954} [08:28 12/05/2010]
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\Program Files\Real\RealPlayer\browserrecord\firefox\ext" [12:27 26/08/2009]
"{B7082FAA-CB62-4872-9106-E42DD88EDE45}"="C:\Program Files\McAfee\SiteAdvisor" [08:00 15/09/2010]
---------- Old Logs ----------
GooredFix[02.04.16_06-03-2011].txt
GooredFix[02.04.37_06-03-2011].txt
-=E.O.F=-
My System SpecsSystem Spec
05 Mar 2011   #3

Windows 7 Professional 32bit
 
 

i ran MSE last night. it picked up a few files but the redirecting still occurs. i can't seem to find the log file for it else i would have posted it.
i'll try the S&D now
My System SpecsSystem Spec
.


05 Mar 2011   #4

Windows 7 Ultimate SP1 x64
 
 

okay, let me know if you need help with S&D, it can be a little confusing at first.
My System SpecsSystem Spec
05 Mar 2011   #5

Windows 7 Ultimate SP1 x64
 
 

First you will have to update:
Name:  1.1.jpg
Views: 18
Size:  100.1 KB
Name:  2.PNG
Views: 15
Size:  49.9 KB
Download the latest updates:
Name:  3.PNG
Views: 11
Size:  52.3 KB
Once done you can exit:
Name:  4.PNG
Views: 14
Size:  44.7 KB

Then click on Immunize:
Name:  1.2.png
Views: 18
Size:  66.4 KB
Close all browsers and again click on Immunize:
Redirect Virus for Opera and Firefox-5.png

Afterwards click on "search and Destroy":
Name:  1.3.png
Views: 12
Size:  66.4 KB
And click "Check for Problems"
Redirect Virus for Opera and Firefox-6.png

Afterward you will have a list of things that have been found, could you please post a snippet once done scanning.


My System SpecsSystem Spec
05 Mar 2011   #6

Windows 7 Professional 32bit
 
 

thanks for the instructions. working on that now.
My System SpecsSystem Spec
06 Mar 2011   #7

Windows 7 Professional 32bit
 
 

Is the immunize part meant to take very long? It's been stuck at about 97% for a while now. Though it says there are 0 unprotected files left. Should I just leave it and start the scan?
My System SpecsSystem Spec
06 Mar 2011   #8

Windows 7 Ultimate SP1 x64
 
 

Quote   Quote: Originally Posted by thehay View Post
Is the immunize part meant to take very long? It's been stuck at about 97% for a while now. Though it says there are 0 unprotected files left. Should I just leave it and start the scan?
First of all did you have all your browsers closed when Immunizing?
If no then you need to close all your browsers, and re-immunize, if it hangs at 97% again go ahead and start the scan.
My System SpecsSystem Spec
06 Mar 2011   #9

Windows 7 Professional 32bit
 
 

so i ran the scan and didnt realize i wasnt meant to click on "fix problems" which i did.
i did a screen shot of it beforehand though.
and damn. the redirecting is still occurring. thought it seems to be occurring less.


Attached Thumbnails
Redirect Virus for Opera and Firefox-spybot.png  
My System SpecsSystem Spec
06 Mar 2011   #10

Windows 7 Ultimate SP1 x64
 
 

were you able to fully immunize? or did it still hang at 97%
Try starting Windows 7 in safe mode, then apply immunization again, and rescan and fix.
My System SpecsSystem Spec
Reply

 Redirect Virus for Opera and Firefox




Thread Tools



Similar help and support threads for2: Redirect Virus for Opera and Firefox
Thread Forum
Redirect Virus Removal System Security
Solved Need help removing redirect virus System Security
Redirect Virus System Security
Redirect virus? System Security
HELP!! Google redirect Virus System Security
Redirect virus System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 08:56 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33