Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Need help removing redirect virus


01 Aug 2012   #11

MS Windows 7 Ultimate SP1 64-bit
 
 

LenovoJon,

USB or DVD will produce the same result.

Did you run a FULL scan as indicated in the procedure I gave?

Please elucidate regarding not being able to get to run from USB.

Most USB failures are due to a bad usb stick.

Upload the ZIP file which this procedure will put on your desktop.

this file show me the results of wdo runs.

# **********************INSTRUCTIONS**************************
# STEP 1 ** RUN POWERSHELL AS ADMINISTRATOR ******************
# ************************************************************
#
# WIN key | type POWERSHELL | do NOT hit ENTER |
# in the PROGRAMS list, right-click on WINDOWS POWERSHELL |
# choose "Run as administrator" |
# Click on the YES button (if such appears)
#
# WIN key = key with Microsoft log on top
#
# for the guru:
# WIN | type POWERSHELL | CTRL+SHIFT+ENTER key combo | ALT+Y keycombo
# ************************************************************
# STEP 2 ** COPY AND PASTE ***********************************
# ************************************************************
#
# COPY the script using CTRL+C,
# COPY every line of script down thru both EXIT statements
#
# PASTE into Powershell
#----Right-Click at the PowerShell Prompt
#----(Ctrl+V does not work)
#
# Start copying with first script line without a # at start of the line
# Note: Actually, you can paste the entire file if you rather
#-------Lines starting with a # are ignored by PowerShell
# ************************************************************
# STEP 3 ** SCRIPT OUTPUT & SCRIPT PURPOSE *******************
# ************************************************************
# --The script output and purpose is given at the very front of the script
#
# --The script output and purpose is given at the very front of the script
#
# ************************************************************
# ***************** NOTE - POWERSHELL VERSION*****************
# if you receive this error msg:
#--The system can not find the path specified
# you may need to update your PowerShell
# you must be using Powershell 2.0 or later.
#
# To determine your Powershell version:
#---Run PowerShell
#---enter $host.version
#---you should see at least:
# Major Minor Build Revision
# ----- ----- ----- --------
# 2......0......-1.....-1
#
# If you do not see the above, update your Vista/Win 7.
# ************************************************************
# *************** NOTE - EXECUTION POLICY*********************
# If you haven't set the execution policy, you may need to:
#---Run PowerShell
#---enter SET-EXECUTIONPOLICY -EXECUTIONPOLICY REMOTESIGNED
# ************************************************************

Script:
# ************************************************************
# Zips up your log files from Windows Defender Offline
#  and extended info about the log files
# Places WDOlogs.ZIP on your Desktop
#
# ************************************************************

function New-Zip {
    
param([Parameter(Mandatory=$truePosition=0ValueFromPipeline=$true)]
    [
String$Path, [Switch] $PassThru, [Switch] $Force )
    
Process { if (Test-Path $path) {if (-not $Force) { return } }
    
Set-Content $path ("PK" + [char]+ [char]+ ("$([char]0)" 18))
    
$item Get-Item $path$item.IsReadOnly $false;if ($passThru) { $item } } }
function 
Copy-ToZip {param(
  [
Parameter(Mandatory=$true,Position=0,ValueFromPipelineByPropertyName=$true)] [Alias('FullName')] 
  [
String]$File, [Parameter(Mandatory=$true,Position=1)] [String]$ZipFile,[Switch]$HideProgress,[Switch]$Force )
  
Begin {$ShellApplication = New-Object -ComObject Shell.Application
  
if (-not (Test-Path $ZipFile)) {New-Zip $ZipFile};$Path Resolve-Path $ZipFile
  $ZipPackage 
=$ShellApplication.Namespace("$Path")}
  
Process {$RealFile Get-Item $File; if (-not $RealFile) { return }        
  if (-
not $hideProgress) {$perc +=5; if ($perc -gt 100) { $perc 
    
Write-Progress "Copying to $ZipFile$RealFile.FullName -PercentComplete $perc}
  
$Flags 0; if ($force) {$flags 16 -bor 1024 -bor 64 -bor 512};Write-Verbose $realFile.Fullname
   $ZipPackage
.CopyHere($realFile.Fullname$flags);Start-Sleep -Milliseconds 500}}

$fileinfo join-path $env:TEMP \wdofileinfo.txt
IF (test-path $fileinfo) {del $fileinfo -ea:silentlycontinue -force:$true}
$dir $env:windir '\Microsoft Antimalware\Support'
$a dir $dir  -rec -force -ea:silentlycontinue sort-object -property lastwritetime 
$b 
$a where {$_.extension -eq '.log'} |Select  modefullnamenamecreationtimelastwritetime,  lastaccesstimelengthextension
$b 
out-file -append $fileinfo
$b 
| foreach ($_.fullname) {get-content -path $_.fullname} | out-file -append $fileinfo 
$ziploc 
$env:userprofile '\desktop\WDOlogs.ZIP'
new-zip $ziploc -verbose:$false -ea:silentlycontinue -force:$true
copy
-tozip  $fileinfo $ziploc -verbose:$false -hideprogress:$true
del $fileinfo

EXIT
EXIT

# ************************************************************ 



My System SpecsSystem Spec
.

01 Aug 2012   #12

MS Windows 7 Ultimate SP1 64-bit
 
 

Follow the advice from LaybackBear and via Cpntrol Panel | Programs and Features | uninstall all Java.
My System SpecsSystem Spec
01 Aug 2012   #13

Windows 7 Professional 64
 
 

Ok I will get rid of all Java and run the WDO scan again, then upload the zip file. The powershell step is to be run after the scan correct?

-the problem I was having with the USB method was that when I ran the scan it would boot into WDO fine but I could not run the scan because it said it was not an updated definition. I installed WDO onto the USB like the instructions stated then ran it again to update it yet every time I attempted to run the scan it would say it was not updated. However the DVD method worked so I will stick with that...

-and yes I ran a full scan, will do so again
My System SpecsSystem Spec
.


01 Aug 2012   #14

MS Windows 7 Ultimate SP1 64-bit
 
 

yes
My System SpecsSystem Spec
01 Aug 2012   #15

Windows 7 Professional 64
 
 

Here is the WDO log


Attached Files
File Type: zip WDOlogs.ZIP (5.4 KB, 2 views)
My System SpecsSystem Spec
01 Aug 2012   #16

MS Windows 7 Ultimate SP1 64-bit
 
 

Would like for you to run another script for me. Here's the refresher:


# **********************INSTRUCTIONS**************************
# STEP 1 ** RUN POWERSHELL AS ADMINISTRATOR ******************
# ************************************************************
#
# WIN key | type POWERSHELL | do NOT hit ENTER |
# in the PROGRAMS list, right-click on WINDOWS POWERSHELL |
# choose "Run as administrator" |
# Click on the YES button (if such appears)
#
# WIN key = key with Microsoft log on top
#
# for the guru:
# WIN | type POWERSHELL | CTRL+SHIFT+ENTER key combo | ALT+Y keycombo
# ************************************************************
# STEP 2 ** COPY AND PASTE ***********************************
# ************************************************************
#
# COPY the script using CTRL+C,
# COPY every line of script down thru both EXIT statements
#
# PASTE into Powershell
#----Right-Click at the PowerShell Prompt
#----(Ctrl+V does not work)
#
# Start copying with first script line without a # at start of the line
# Note: Actually, you can paste the entire file if you rather
#-------Lines starting with a # are ignored by PowerShell
# ************************************************************
# STEP 3 ** SCRIPT OUTPUT & SCRIPT PURPOSE *******************
# ************************************************************
# --The script output and purpose is given at the very front of the script
#
# --The script output and purpose is given at the very front of the script
#
# ************************************************************
# ***************** NOTE - POWERSHELL VERSION*****************
# if you receive this error msg:
#--The system can not find the path specified
# you may need to update your PowerShell
# you must be using Powershell 2.0 or later.
#
# To determine your Powershell version:
#---Run PowerShell
#---enter $host.version
#---you should see at least:
# Major Minor Build Revision
# ----- ----- ----- --------
# 2......0......-1.....-1
#
# If you do not see the above, update your Vista/Win 7.
# ************************************************************
# *************** NOTE - EXECUTION POLICY*********************
# If you haven't set the execution policy, you may need to:
#---Run PowerShell
#---enter SET-EXECUTIONPOLICY -EXECUTIONPOLICY REMOTESIGNED
# ************************************************************

Here's the script:
Script:
# ******************************************************************
# List of Start Up programs, Installed Programs, and Scheduled Tasks
#
# Puts StartPgms.TXT on your Desktop
# ******************************************************************

$a = @{}
$b reg QUERY HKLM\Software\Microsoft\Windows\CurrentVersion\Run 
$c 
reg QUERY HKCU\Software\Microsoft\Windows\CurrentVersion\Run
$a
["All Users"] = $b
$a
["Current User"] = $c
$d 
gp HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\* |
Select DisplayNameDisplayVersionPublisherInstallDate 
where {($_.Publisher -ne "Microsoft") -AND ($_.Publisher -ne "Microsoft Corporation")} | ft -auto -wrap
$a
["Installed Pgms"] = $d
$p 
schtasks.exe /query //FO CSV
$q 
$p ConvertFrom-Csv
$r 
$q where {(($_.taskname) | split-path ) -eq "\"} | select taskname, "Scheduled Task State", "Task To Run" |
sort -descending "
Scheduled Task State"
for (
$i= 0; $i -lt $r.count; $i++) {
$r[$i]."Task To Run"  = Split-path $r[$i]."Task To Run";
$w = ($r[$i].taskname).substring(1)
$r[$i].taskname = $w
}
$s = $r | select taskname, "Scheduled Task State" | ft -auto 
$a["Scheduled Tasks"] = $s
$t 
$r select "Task To Run" ft
$a
["TaskPrograms"] = $t
$a
.values $env:userprofile\desktop\StartPgms.TXT

EXIT
EXIT 
My System SpecsSystem Spec
01 Aug 2012   #17

Windows 7 Professional 64
 
 

File attached


Attached Files
File Type: txt StartPgms.TXT (26.5 KB, 4 views)
My System SpecsSystem Spec
01 Aug 2012   #18

MS Windows 7 Ultimate SP1 64-bit
 
 

thanks. Must run a couple of errands. Back in 60-90 min. karl
My System SpecsSystem Spec
01 Aug 2012   #19

Microsoft Community Contributor Award Recipient

Windows 7 Ult. x64 Windows 8.1 x64
 
 

Hi,

Please try the following. Copy & paste the bold text below into a new instance of NotePad.

@Echo on
pushd\windows\system32\drivers\etc

attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0

Save as flush.bat to your desktop. Right click on the .BAT file, and choose 'Run as as Administrator'. The computer will reboot itself.

Boot back into the computer, then perform a scan using ESET again.

Regards,
Golden
My System SpecsSystem Spec
01 Aug 2012   #20

MS Windows 7 Ultimate SP1 64-bit
 
 

LenovoJon,
Why haven't you deleted this file:
D:\Users\Jon\Documents\Downloaded Programs\CS5\CS5 ULTIMATE ACTIVATOR.EXE
My System SpecsSystem Spec
Reply

 Need help removing redirect virus




Thread Tools



Similar help and support threads for2: Need help removing redirect virus
Thread Forum
Redirect Virus Removal System Security
Need help removing Happili redirect virus System Security
Redirect Virus System Security
Redirect virus? System Security
HELP!! Google redirect Virus System Security
Redirect virus System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 08:12 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33