Need help removing redirect virus

Page 2 of 4 FirstFirst 1234 LastLast

  1. Posts : 10,200
    MS Windows 7 Ultimate SP1 64-bit
       #11

    LenovoJon,

    USB or DVD will produce the same result.

    Did you run a FULL scan as indicated in the procedure I gave?

    Please elucidate regarding not being able to get to run from USB.

    Most USB failures are due to a bad usb stick.

    Upload the ZIP file which this procedure will put on your desktop.

    this file show me the results of wdo runs.

    # **********************INSTRUCTIONS**************************
    # STEP 1 ** RUN POWERSHELL AS ADMINISTRATOR ******************
    # ************************************************************
    #
    # WIN key | type POWERSHELL | do NOT hit ENTER |
    # in the PROGRAMS list, right-click on WINDOWS POWERSHELL |
    # choose "Run as administrator" |
    # Click on the YES button (if such appears)
    #
    # WIN key = key with Microsoft log on top
    #
    # for the guru:
    # WIN | type POWERSHELL | CTRL+SHIFT+ENTER key combo | ALT+Y keycombo
    # ************************************************************
    # STEP 2 ** COPY AND PASTE ***********************************
    # ************************************************************
    #
    # COPY the script using CTRL+C,
    # COPY every line of script down thru both EXIT statements
    #
    # PASTE into Powershell
    #----Right-Click at the PowerShell Prompt
    #----(Ctrl+V does not work)
    #
    # Start copying with first script line without a # at start of the line
    # Note: Actually, you can paste the entire file if you rather
    #-------Lines starting with a # are ignored by PowerShell
    # ************************************************************
    # STEP 3 ** SCRIPT OUTPUT & SCRIPT PURPOSE *******************
    # ************************************************************
    # --The script output and purpose is given at the very front of the script
    #
    # --The script output and purpose is given at the very front of the script
    #
    # ************************************************************
    # ***************** NOTE - POWERSHELL VERSION*****************
    # if you receive this error msg:
    #--The system can not find the path specified
    # you may need to update your PowerShell
    # you must be using Powershell 2.0 or later.
    #
    # To determine your Powershell version:
    #---Run PowerShell
    #---enter $host.version
    #---you should see at least:
    # Major Minor Build Revision
    # ----- ----- ----- --------
    # 2......0......-1.....-1
    #
    # If you do not see the above, update your Vista/Win 7.
    # ************************************************************
    # *************** NOTE - EXECUTION POLICY*********************
    # If you haven't set the execution policy, you may need to:
    #---Run PowerShell
    #---enter SET-EXECUTIONPOLICY -EXECUTIONPOLICY REMOTESIGNED
    # ************************************************************

    Script:
    # ************************************************************
    # Zips up your log files from Windows Defender Offline
    #  and extended info about the log files
    # Places WDOlogs.ZIP on your Desktop
    #
    # ************************************************************

    function New-Zip {
        
    param([Parameter(Mandatory=$truePosition=0ValueFromPipeline=$true)]
        [
    String$Path, [Switch] $PassThru, [Switch] $Force )
        
    Process { if (Test-Path $path) {if (-not $Force) { return } }
        
    Set-Content $path ("PK" + [char]+ [char]+ ("$([char]0)" 18))
        
    $item Get-Item $path$item.IsReadOnly $false;if ($passThru) { $item } } }
    function 
    Copy-ToZip {param(
      [
    Parameter(Mandatory=$true,Position=0,ValueFromPipelineByPropertyName=$true)] [Alias('FullName')] 
      [
    String]$File, [Parameter(Mandatory=$true,Position=1)] [String]$ZipFile,[Switch]$HideProgress,[Switch]$Force )
      
    Begin {$ShellApplication = New-Object -ComObject Shell.Application
      
    if (-not (Test-Path $ZipFile)) {New-Zip $ZipFile};$Path Resolve-Path $ZipFile
      $ZipPackage 
    =$ShellApplication.Namespace("$Path")}
      
    Process {$RealFile Get-Item $File; if (-not $RealFile) { return }        
      if (-
    not $hideProgress) {$perc +=5; if ($perc -gt 100) { $perc 
        
    Write-Progress "Copying to $ZipFile$RealFile.FullName -PercentComplete $perc}
      
    $Flags 0; if ($force) {$flags 16 -bor 1024 -bor 64 -bor 512};Write-Verbose $realFile.Fullname
       $ZipPackage
    .CopyHere($realFile.Fullname$flags);Start-Sleep -Milliseconds 500}}

    $fileinfo join-path $env:TEMP \wdofileinfo.txt
    IF (test-path $fileinfo) {del $fileinfo -ea:silentlycontinue -force:$true}
    $dir $env:windir '\Microsoft Antimalware\Support'
    $a dir $dir  -rec -force -ea:silentlycontinue sort-object -property lastwritetime 
    $b 
    $a where {$_.extension -eq '.log'} |Select  modefullnamenamecreationtimelastwritetime,  lastaccesstimelengthextension
    $b 
    out-file -append $fileinfo
    $b 
    | foreach ($_.fullname) {get-content -path $_.fullname} | out-file -append $fileinfo 
    $ziploc 
    $env:userprofile '\desktop\WDOlogs.ZIP'
    new-zip $ziploc -verbose:$false -ea:silentlycontinue -force:$true
    copy
    -tozip  $fileinfo $ziploc -verbose:$false -hideprogress:$true
    del $fileinfo

    EXIT
    EXIT

    # ************************************************************ 
      My Computer


  2. Posts : 10,200
    MS Windows 7 Ultimate SP1 64-bit
       #12

    Follow the advice from LaybackBear and via Cpntrol Panel | Programs and Features | uninstall all Java.
      My Computer


  3. Posts : 17
    Windows 7 Professional 64
    Thread Starter
       #13

    Ok I will get rid of all Java and run the WDO scan again, then upload the zip file. The powershell step is to be run after the scan correct?

    -the problem I was having with the USB method was that when I ran the scan it would boot into WDO fine but I could not run the scan because it said it was not an updated definition. I installed WDO onto the USB like the instructions stated then ran it again to update it yet every time I attempted to run the scan it would say it was not updated. However the DVD method worked so I will stick with that...

    -and yes I ran a full scan, will do so again
      My Computer


  4. Posts : 10,200
    MS Windows 7 Ultimate SP1 64-bit
       #14

    yes
      My Computer


  5. Posts : 17
    Windows 7 Professional 64
    Thread Starter
       #15

    Here is the WDO log
    Need help removing redirect virus Attached Files
      My Computer


  6. Posts : 10,200
    MS Windows 7 Ultimate SP1 64-bit
       #16

    Would like for you to run another script for me. Here's the refresher:


    # **********************INSTRUCTIONS**************************
    # STEP 1 ** RUN POWERSHELL AS ADMINISTRATOR ******************
    # ************************************************************
    #
    # WIN key | type POWERSHELL | do NOT hit ENTER |
    # in the PROGRAMS list, right-click on WINDOWS POWERSHELL |
    # choose "Run as administrator" |
    # Click on the YES button (if such appears)
    #
    # WIN key = key with Microsoft log on top
    #
    # for the guru:
    # WIN | type POWERSHELL | CTRL+SHIFT+ENTER key combo | ALT+Y keycombo
    # ************************************************************
    # STEP 2 ** COPY AND PASTE ***********************************
    # ************************************************************
    #
    # COPY the script using CTRL+C,
    # COPY every line of script down thru both EXIT statements
    #
    # PASTE into Powershell
    #----Right-Click at the PowerShell Prompt
    #----(Ctrl+V does not work)
    #
    # Start copying with first script line without a # at start of the line
    # Note: Actually, you can paste the entire file if you rather
    #-------Lines starting with a # are ignored by PowerShell
    # ************************************************************
    # STEP 3 ** SCRIPT OUTPUT & SCRIPT PURPOSE *******************
    # ************************************************************
    # --The script output and purpose is given at the very front of the script
    #
    # --The script output and purpose is given at the very front of the script
    #
    # ************************************************************
    # ***************** NOTE - POWERSHELL VERSION*****************
    # if you receive this error msg:
    #--The system can not find the path specified
    # you may need to update your PowerShell
    # you must be using Powershell 2.0 or later.
    #
    # To determine your Powershell version:
    #---Run PowerShell
    #---enter $host.version
    #---you should see at least:
    # Major Minor Build Revision
    # ----- ----- ----- --------
    # 2......0......-1.....-1
    #
    # If you do not see the above, update your Vista/Win 7.
    # ************************************************************
    # *************** NOTE - EXECUTION POLICY*********************
    # If you haven't set the execution policy, you may need to:
    #---Run PowerShell
    #---enter SET-EXECUTIONPOLICY -EXECUTIONPOLICY REMOTESIGNED
    # ************************************************************

    Here's the script:
    Script:
    # ******************************************************************
    # List of Start Up programs, Installed Programs, and Scheduled Tasks
    #
    # Puts StartPgms.TXT on your Desktop
    # ******************************************************************

    $a = @{}
    $b reg QUERY HKLM\Software\Microsoft\Windows\CurrentVersion\Run 
    $c 
    reg QUERY HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    $a
    ["All Users"] = $b
    $a
    ["Current User"] = $c
    $d 
    gp HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\* |
    Select DisplayNameDisplayVersionPublisherInstallDate 
    where {($_.Publisher -ne "Microsoft") -AND ($_.Publisher -ne "Microsoft Corporation")} | ft -auto -wrap
    $a
    ["Installed Pgms"] = $d
    $p 
    schtasks.exe /query //FO CSV
    $q 
    $p ConvertFrom-Csv
    $r 
    $q where {(($_.taskname) | split-path ) -eq "\"} | select taskname, "Scheduled Task State", "Task To Run" |
    sort -descending "
    Scheduled Task State"
    for (
    $i= 0; $i -lt $r.count; $i++) {
    $r[$i]."Task To Run"  = Split-path $r[$i]."Task To Run";
    $w = ($r[$i].taskname).substring(1)
    $r[$i].taskname = $w
    }
    $s = $r | select taskname, "Scheduled Task State" | ft -auto 
    $a["Scheduled Tasks"] = $s
    $t 
    $r select "Task To Run" ft
    $a
    ["TaskPrograms"] = $t
    $a
    .values $env:userprofile\desktop\StartPgms.TXT

    EXIT
    EXIT 
      My Computer


  7. Posts : 17
    Windows 7 Professional 64
    Thread Starter
       #17

    File attached
    Need help removing redirect virus Attached Files
      My Computer


  8. Posts : 10,200
    MS Windows 7 Ultimate SP1 64-bit
       #18

    thanks. Must run a couple of errands. Back in 60-90 min. karl
      My Computer


  9. Posts : 19,383
    Windows 10 Pro x64 ; Xubuntu x64
       #19

    Hi,

    Please try the following. Copy & paste the bold text below into a new instance of NotePad.

    @Echo on
    pushd\windows\system32\drivers\etc

    attrib -h -s -r hosts
    echo 127.0.0.1 localhost>HOSTS
    attrib +r +h +s hosts
    popd
    ipconfig /release
    ipconfig /renew
    ipconfig /flushdns
    netsh winsock reset all
    netsh int ip reset all
    shutdown -r -t 1
    del %0

    Save as flush.bat to your desktop. Right click on the .BAT file, and choose 'Run as as Administrator'. The computer will reboot itself.

    Boot back into the computer, then perform a scan using ESET again.

    Regards,
    Golden
      My Computer


  10. Posts : 10,200
    MS Windows 7 Ultimate SP1 64-bit
       #20

    LenovoJon,
    Why haven't you deleted this file:
    D:\Users\Jon\Documents\Downloaded Programs\CS5\CS5 ULTIMATE ACTIVATOR.EXE
      My Computer


 
Page 2 of 4 FirstFirst 1234 LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 07:21.
Find Us