Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Google ReDirect Rootkit Infected Computer. MSE Bypassed. How Fix?


10 Jul 2012   #1

Win 7 Pro
 
 
Google ReDirect Rootkit Infected Computer. MSE Bypassed. How Fix?

How remove google ReDirect Virus (Rootkit) when MSE has been disabled by it?

My computer is infected with something. I think it's the Google ReDirect Virus, because when I try to go to websites like Trend Micro to get an online virus scanner, I can no longer get there.

Additionally, I am getting pop-up windows from something offering to run a security scan. Sometimes the scan starts by itself. It looks something like Microsoft Security Essentials (which I have); but it is not.

I am getting other pop-ups in bold red windows saying I have a virus; but it's not MSE; and MSE is the virus scanner I am running.

These pop-ups are malicious and I am being forced to click on them to close them, which have I don't know what other effects.

At one point I got a malicious phony full screen ad to buy some virus removal software, and clicking on the X close the page in the upper right corner had no effect to close it. I had to shut down the computer to get rid of it.

MSE seems to have completely missed this virus or rootkit and the rootkit has taken over my computer. I am typing this from a different computer.

I did an internet search for how to remove Google ReDirect, and most of the websites advise to download and run certain applications like MalWareBytes, etc. They seem to completely miss the point that many websites are now inaccessible.

My System SpecsSystem Spec
.

10 Jul 2012   #2

Windows 7 Professional SP1 64-bit
 
 

First, disconnect the infected computer from the internet. On the computer you are currently using to write to us, download the installer for MalwareBytes. Also, follow this link to download an updater for Malwarebytes so that you can update it without an internet connection. Copy those files to a USB flash drive (or comparable removable storage device). Copy the files onto the infected computer and install them. You may have to do this in safe mode. If so, you can run Malwarebytes in safe mode, but it is best to try to run it in normal mode. Do a full scan with MalwareBytes. It should remove any malware, after which you should restart you computer. MSE should be running at that point, and if it is, run a full scan to make sure that MalwareBytes did not miss anything. If not, I, or one of our other experts, will post futher instructions. Please write back to let us know the results.
My System SpecsSystem Spec
19 Jul 2012   #3

Win 7 Pro
 
 

Hi, I did not get back to this computer for a couple of days. When I turned it on, there was no sign of the virus like before.

I ran Malwarebytes, and then MSE, which was now available and working normally, and both indicated no virus.

I don't know how to explain it. I've never seen a computer get so messed up and then restore itself to normal like that before.
My System SpecsSystem Spec
.


19 Jul 2012   #4

Microsoft Community Contributor Award Recipient

Windows 7 Ult. x64 Windows 8.1 x64 Ubuntu 12.04 LTS Tri-Boot
 
 

Hi Tom,

I would still treat this with some suspicion. I recommend scanning from outside the Windows boot environment, using a stand-alone scanner. Firstly, you mentioned rootkit, so run this:

Anti-rootkit utility TDSSKiller

and then follow it up with this:

Windows Defender Offline

If it doesn't work for you, let me know and I'll suggest an alternative.

Regards,
Golden
My System SpecsSystem Spec
19 Jul 2012   #5

Win 7 Pro
 
 

Hi Golden,

I ran TDSS. It found four items it labled as Medium threats, and recommended Skipping them, but I quarantined them anyway.

They were:

C:\Windows\system32\epmntdrv.sys
C:\Windows\system32\EuGdiDrv.sys
a SiSoftware\Sandra Lite file (thats a PC benchmarking application which I downloaded but have never used)
and Adobe\Switchboard\Switchboard.exe (I use Lightroom and Photoshop, and Flash, but I don't know what this Adobe thing is.)

I got the mssstool64 thing working. I'm loading it onto a USB drive on the same computer that is/was potentially infected. It seems to be working but slowly.

I did also run before something called Microsoft Emergency Response tool or Microsoft Safety Scanner. I forgot to mention that above.
My System SpecsSystem Spec
19 Jul 2012   #6
bej

Windows 7 Home Premium SP1 64bit
 
 

I also have got several "You Have A Virus" warnings after clicking on an entry from Google search.

I never click anything within the warning to close these messages.

Right clicking on the task bar, then running Task Manager, then Applications, Highlight browser or website, then End Task works in the great majority of cases.

I have, however, had to power down as you did, to get rid of the message in a couple of hard core cases.

I immediately ran a virus check, and so far, have come up clean after all incidents.
My System SpecsSystem Spec
Reply

 Google ReDirect Rootkit Infected Computer. MSE Bypassed. How Fix?




Thread Tools



Similar help and support threads for2: Google ReDirect Rootkit Infected Computer. MSE Bypassed. How Fix?
Thread Forum
Solved removed google redirect, how to be sure System Security
Mac malware that infected Facebook bypassed OS X Gatekeeper protection Security News
google or search redirect virus System Security
Google Redirect Virus Keeps Returning System Security
BlackHat SEO Attacks Redirect to 4DW4R3 Rootkit Security News
HELP!! Google redirect Virus System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 08:39 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33