Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Redirect Virus for Opera and Firefox

05 Mar 2011   #1
thehay

Windows 7 Professional 32bit
 
 
Redirect Virus for Opera and Firefox

I'm getting redirected for hits from google/bing/yahoo about half the time to spam sites when i use opera and firefox. Opera is my main browser and i first noticed it happening when i had a win 7 antispyware 2011 virus which i think i have removed using malwarebytes.

I have Mcafee Security Center but i find it pretty useless.
my HitMan Pro 3.5 tells me i have a "possible variant of the TDL3 (alias Alureon) rootkit detected" and also a "Master Boot Record (sector 0) Rootkit" but i cant remove it because my hitman pro has passed its trial period and refuses to.

i'll post my latest malwarebytes log, for the sake of it.
i also have an opened thread in crashes and debugging forum because before i had this issue i had a lot of bsod crashes. http://www.sevenforums.com/crashes-d...d-crashes.html

ive been following the Redirect Virus thread and the first few instructions on that. so ive flushed my DNS Cache, and ran a GooredFix scan.

help would be great! i really need to use my computer for uni work soon.




Attached Files
File Type: txt mbam-log-2011-03-05 (21-12-15).txt (1.1 KB, 25 views)
File Type: txt GooredFix.txt (2.1 KB, 38 views)
My System SpecsSystem Spec
.
05 Mar 2011   #2
ionbasa

Windows 7 Ultimate SP1 x64
 
 

The first thing to do is to install Microsoft Security Essentials:
http://www.microsoft.com/security_essentials/
Run a full system scan and if it still does not pick anything up try Spybot Search and Destroy:
The home of Spybot-S&D!
I would suggest downloading both, also S&D can imunize you browsers from these redirects be modifiying the hosts file in Windows 7.

If you need any help just let me know.

mbam-log-2011-03-05 (21-12-15).txt
Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5962
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
5/03/2011 9:12:15 PM
mbam-log-2011-03-05 (21-12-15).txt
Scan type: Full scan (C:\|D:\|)
Objects scanned: 414213
Time elapsed: 1 hour(s), 56 minute(s), 56 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Windows\temp\0.5094980352235309.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Windows\temp\0.259625413950334.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
GooredFix.txt
Code:
GooredFix by jpshortstuff (03.07.10.1)
Log created at 13:58 on 06/03/2011 (Chungy)
Firefox version 3.5.11 (en-US)
========== GooredScan ==========

========== GooredLog ==========
C:\Program Files\Mozilla Firefox\extensions\
{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} [12:34 26/08/2009]
{972ce4c6-7e08-4474-a285-3208198ce6fd} [06:02 26/08/2009]
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [11:15 26/08/2009]
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [02:32 06/03/2011]
C:\Users\Chungy\Application Data\Mozilla\Firefox\Profiles\o5amkx0o.default\extensions\
firefox@tvunetworks.com [08:04 19/06/2010]
{ea0969b3-6e12-4ac0-b6c9-148e81247954} [08:28 12/05/2010]
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\Program Files\Real\RealPlayer\browserrecord\firefox\ext" [12:27 26/08/2009]
"{B7082FAA-CB62-4872-9106-E42DD88EDE45}"="C:\Program Files\McAfee\SiteAdvisor" [08:00 15/09/2010]
---------- Old Logs ----------
GooredFix[02.04.16_06-03-2011].txt
GooredFix[02.04.37_06-03-2011].txt
-=E.O.F=-
My System SpecsSystem Spec
05 Mar 2011   #3
thehay

Windows 7 Professional 32bit
 
 

i ran MSE last night. it picked up a few files but the redirecting still occurs. i can't seem to find the log file for it else i would have posted it.
i'll try the S&D now
My System SpecsSystem Spec
.

05 Mar 2011   #4
ionbasa

Windows 7 Ultimate SP1 x64
 
 

okay, let me know if you need help with S&D, it can be a little confusing at first.
My System SpecsSystem Spec
05 Mar 2011   #5
ionbasa

Windows 7 Ultimate SP1 x64
 
 

First you will have to update:
Name:  1.1.jpg
Views: 18
Size:  100.1 KB
Name:  2.PNG
Views: 15
Size:  49.9 KB
Download the latest updates:
Name:  3.PNG
Views: 11
Size:  52.3 KB
Once done you can exit:
Name:  4.PNG
Views: 14
Size:  44.7 KB

Then click on Immunize:
Name:  1.2.png
Views: 18
Size:  66.4 KB
Close all browsers and again click on Immunize:
-5.png

Afterwards click on "search and Destroy":
Name:  1.3.png
Views: 12
Size:  66.4 KB
And click "Check for Problems"
-6.png

Afterward you will have a list of things that have been found, could you please post a snippet once done scanning.


My System SpecsSystem Spec
05 Mar 2011   #6
thehay

Windows 7 Professional 32bit
 
 

thanks for the instructions. working on that now.
My System SpecsSystem Spec
06 Mar 2011   #7
thehay

Windows 7 Professional 32bit
 
 

Is the immunize part meant to take very long? It's been stuck at about 97% for a while now. Though it says there are 0 unprotected files left. Should I just leave it and start the scan?
My System SpecsSystem Spec
06 Mar 2011   #8
ionbasa

Windows 7 Ultimate SP1 x64
 
 

Quote   Quote: Originally Posted by thehay View Post
Is the immunize part meant to take very long? It's been stuck at about 97% for a while now. Though it says there are 0 unprotected files left. Should I just leave it and start the scan?
First of all did you have all your browsers closed when Immunizing?
If no then you need to close all your browsers, and re-immunize, if it hangs at 97% again go ahead and start the scan.
My System SpecsSystem Spec
06 Mar 2011   #9
thehay

Windows 7 Professional 32bit
 
 

so i ran the scan and didnt realize i wasnt meant to click on "fix problems" which i did.
i did a screen shot of it beforehand though.
and damn. the redirecting is still occurring. thought it seems to be occurring less.


Attached Thumbnails
-spybot.png  
My System SpecsSystem Spec
06 Mar 2011   #10
ionbasa

Windows 7 Ultimate SP1 x64
 
 

were you able to fully immunize? or did it still hang at 97%
Try starting Windows 7 in safe mode, then apply immunization again, and rescan and fix.
My System SpecsSystem Spec
Reply

 Redirect Virus for Opera and Firefox




Thread Tools




Similar help and support threads
Thread Forum
Believe I have a redirect virus. Need help/advice
Two days ago I noticed while going to to some websites like Stubhub that it would open the website, however, it would also open up another firefox window with a similar website that was not Stubhub, and the actual stubhub website would not work properly. I did some research and it seems to most...
System Security
Redirect Virus Removal
I (from instructions on Yahoo! Answers) found my 'specs' and have a Windows 7 Ultimate 64-bit (6.1, Build 7600) Toshiba Satellite L305 Intel(R) Pentium(R) Dual CPU T2390 @ 1.86GHz (2CPUs), ~1.9GHz 3072MB RAM 1403MB used, 4718MB available DirectX11
System Security
Redirect Virus
I didnt know where else to post this, can anyone help me out with a redirect virus I just got, ever since ive been getting bsods that are more or less consistent with how heavy im using firefox, could it be making my system unstable, any help would be appreciated thanks!
System Security
Redirect virus?
Hello :) A while ago I got a "antimalwaredoctor" virus, and I got Malwarebytes, and it fixed it. But now often times when I click on links it redirects me to different pages. Like fake search engines and things like that. It mostly happens in google, but it happens on other links too. Malwarebytes...
System Security
HELP!! Google redirect Virus
A few weeks ago I got a virus and my computer got fixed. Since then it seems that I have the Google redirect Virus but when I try to do the fix I found online I can't find the file. Furthermore when I downloaded a new software that would find the Google Redirect Virus and get rid of it it kept...
System Security
Redirect virus
Hi there, I keep getting redirected from google results to numerous shopping pages and things. AVG and Malwarebytes' Anti-Malware aren't bringing up anything. Here is my HijackThis log: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 16:13:10, on 16/06/2010 Platform: Windows 7 ...
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 22:48.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App