Solved Need help removing redirect virus

LenovoJon,

WIN | type MSCONFIG | ENTER | STARTUP tab |
Uncheck ALL except for:
PHP: 
    MSC    REG_SZ    "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    SynTPEnh    REG_EXPAND_SZ    %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    Sidebar    REG_SZ    C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    SUPERAntiSpyware    REG_SZ    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe


REBOOT!

You have just told Win 7 to not run unchecked programs at start up time.

You have not disabled the programs. They will be run when needed.

WIN = key with the Microsoft logo on top
 

My Computer

Computer Manufacturer/Model Number
Toshiba Satellite S875D-S7239 laptop
OS
MS Windows 7 Ultimate SP1 64-bit
CPU
AMD A10-4600M
Motherboard
AMD Pumori (Socket FT1)
Memory
6.00 GB Dual-Channel DDR3 @ 798MHz (11-11-12-28)
Graphics Card(s)
AMD Radeon HD 7660G
Sound Card
High Definition Audio Device
Monitor(s) Displays
Generic PnP Monitor (1600x900@60Hz)
Screen Resolution
1600x900@60Hz
Hard Drives
SSD 119GB Corsair CSSD-V128GB2 ATA Device
Keyboard
Standard PS/2 Keyboard
Mouse
HP Wireless Optical Mobile Mouse Model FHA-3410
Internet Speed
What the local pub, local coffee shop offers.
Other Info
Optical Drive:MATSHITA BD-CMB UJ160B ATA Device


Also have an Asus ha1002xp netbook with Win 7 Ultimate installed.
CCLEANER | TOOLS icon | STARTUP tab | SCHEDULED TASKS tab |
Use DISABLE button to disable ALL except for:
PHP: 
the three Google-related taske

Close CCleaner.


REBOOT!

You have not disabled any programs. You have disabled the scheduled running.
Later, after your system is running smoothly, you may reenable desired programs.
 

My Computer

Computer Manufacturer/Model Number
Toshiba Satellite S875D-S7239 laptop
OS
MS Windows 7 Ultimate SP1 64-bit
CPU
AMD A10-4600M
Motherboard
AMD Pumori (Socket FT1)
Memory
6.00 GB Dual-Channel DDR3 @ 798MHz (11-11-12-28)
Graphics Card(s)
AMD Radeon HD 7660G
Sound Card
High Definition Audio Device
Monitor(s) Displays
Generic PnP Monitor (1600x900@60Hz)
Screen Resolution
1600x900@60Hz
Hard Drives
SSD 119GB Corsair CSSD-V128GB2 ATA Device
Keyboard
Standard PS/2 Keyboard
Mouse
HP Wireless Optical Mobile Mouse Model FHA-3410
Internet Speed
What the local pub, local coffee shop offers.
Other Info
Optical Drive:MATSHITA BD-CMB UJ160B ATA Device


Also have an Asus ha1002xp netbook with Win 7 Ultimate installed.
It is a crack for an older version of Adobe software (long story short I'm a student and I have a legal version of Adobe but my school runs an older version so for compatibility this makes it easier) I have had that file on my computer for 6+ months with no problem, do you think it could be the problem now?
 

My Computer

Computer Manufacturer/Model Number
Lenovo w520 - 4270CTO
OS
Windows 7 Professional 64
CPU
Intel Core i7-2960xm CPU @ 2.70GHz
Memory
32 GB PC3-10600DDR3 1333SODMM
Graphics Card(s)
NVIDIA Quadro 2000M Graphics with 2GB DDR3 Memory
Monitor(s) Displays
15.6" FHD (1920 x 1080) LED Backlit Anti-Glare Display
UNINSTALL

PHP: 
Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7            1.00                                      
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 1.00                                      
Lenovo ThinkVantage Toolbox                                                  6.0.5849.23           PC-Doctor, Inc.     
                                                                             6.0.93.2              Conexant Systems    
RapidBoot                                                                    1.12                  Lenovo              
Bonjour                                                                      3.0.0.10              Apple Inc.          
SUPERAntiSpyware                                                             5.5.1012              SUPERAntiSpyware.com


REBOOT

Leave those programs uninstalled while your system is being diagnosed.

After you have a solid system, then you may want to try to reinstall programs, one program at a time.


 

My Computer

Computer Manufacturer/Model Number
Toshiba Satellite S875D-S7239 laptop
OS
MS Windows 7 Ultimate SP1 64-bit
CPU
AMD A10-4600M
Motherboard
AMD Pumori (Socket FT1)
Memory
6.00 GB Dual-Channel DDR3 @ 798MHz (11-11-12-28)
Graphics Card(s)
AMD Radeon HD 7660G
Sound Card
High Definition Audio Device
Monitor(s) Displays
Generic PnP Monitor (1600x900@60Hz)
Screen Resolution
1600x900@60Hz
Hard Drives
SSD 119GB Corsair CSSD-V128GB2 ATA Device
Keyboard
Standard PS/2 Keyboard
Mouse
HP Wireless Optical Mobile Mouse Model FHA-3410
Internet Speed
What the local pub, local coffee shop offers.
Other Info
Optical Drive:MATSHITA BD-CMB UJ160B ATA Device


Also have an Asus ha1002xp netbook with Win 7 Ultimate installed.
Golden,

Good advice because somehow he is reinfecting himself.

karl
 

My Computer

Computer Manufacturer/Model Number
Toshiba Satellite S875D-S7239 laptop
OS
MS Windows 7 Ultimate SP1 64-bit
CPU
AMD A10-4600M
Motherboard
AMD Pumori (Socket FT1)
Memory
6.00 GB Dual-Channel DDR3 @ 798MHz (11-11-12-28)
Graphics Card(s)
AMD Radeon HD 7660G
Sound Card
High Definition Audio Device
Monitor(s) Displays
Generic PnP Monitor (1600x900@60Hz)
Screen Resolution
1600x900@60Hz
Hard Drives
SSD 119GB Corsair CSSD-V128GB2 ATA Device
Keyboard
Standard PS/2 Keyboard
Mouse
HP Wireless Optical Mobile Mouse Model FHA-3410
Internet Speed
What the local pub, local coffee shop offers.
Other Info
Optical Drive:MATSHITA BD-CMB UJ160B ATA Device


Also have an Asus ha1002xp netbook with Win 7 Ultimate installed.
lenovojon said:
It is a crack for an older version of Adobe software (long story short I'm a student and I have a legal version of Adobe but my school runs an older version so for compatibility this makes it easier) I have had that file on my computer for 6+ months with no problem, do you think it could be the problem now?
Click to expand...

YES! Remove that crack and any other cracked software you have.

We do not assist people in using cracked, illegal, non-purchased, non-licensed software.
 

My Computer

Computer Manufacturer/Model Number
Toshiba Satellite S875D-S7239 laptop
OS
MS Windows 7 Ultimate SP1 64-bit
CPU
AMD A10-4600M
Motherboard
AMD Pumori (Socket FT1)
Memory
6.00 GB Dual-Channel DDR3 @ 798MHz (11-11-12-28)
Graphics Card(s)
AMD Radeon HD 7660G
Sound Card
High Definition Audio Device
Monitor(s) Displays
Generic PnP Monitor (1600x900@60Hz)
Screen Resolution
1600x900@60Hz
Hard Drives
SSD 119GB Corsair CSSD-V128GB2 ATA Device
Keyboard
Standard PS/2 Keyboard
Mouse
HP Wireless Optical Mobile Mouse Model FHA-3410
Internet Speed
What the local pub, local coffee shop offers.
Other Info
Optical Drive:MATSHITA BD-CMB UJ160B ATA Device


Also have an Asus ha1002xp netbook with Win 7 Ultimate installed.
Karlsnooks,

I followed all the steps you listed then followed Golden's advise and flushed the DNS cache and restored host file. I then ran ESET and everything came back clean! It seems to be running better now, is there anything else I need to do to complete the diagnostic?

Thanks guys so much for your help!!
 

My Computer

Computer Manufacturer/Model Number
Lenovo w520 - 4270CTO
OS
Windows 7 Professional 64
CPU
Intel Core i7-2960xm CPU @ 2.70GHz
Memory
32 GB PC3-10600DDR3 1333SODMM
Graphics Card(s)
NVIDIA Quadro 2000M Graphics with 2GB DDR3 Memory
Monitor(s) Displays
15.6" FHD (1920 x 1080) LED Backlit Anti-Glare Display
If all is running well, then our work is done!
 

My Computer

Computer Manufacturer/Model Number
Toshiba Satellite S875D-S7239 laptop
OS
MS Windows 7 Ultimate SP1 64-bit
CPU
AMD A10-4600M
Motherboard
AMD Pumori (Socket FT1)
Memory
6.00 GB Dual-Channel DDR3 @ 798MHz (11-11-12-28)
Graphics Card(s)
AMD Radeon HD 7660G
Sound Card
High Definition Audio Device
Monitor(s) Displays
Generic PnP Monitor (1600x900@60Hz)
Screen Resolution
1600x900@60Hz
Hard Drives
SSD 119GB Corsair CSSD-V128GB2 ATA Device
Keyboard
Standard PS/2 Keyboard
Mouse
HP Wireless Optical Mobile Mouse Model FHA-3410
Internet Speed
What the local pub, local coffee shop offers.
Other Info
Optical Drive:MATSHITA BD-CMB UJ160B ATA Device


Also have an Asus ha1002xp netbook with Win 7 Ultimate installed.

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Golden Mk. I.4
OS
Windows 10 Pro x64 ; Xubuntu x64
CPU
Intel i7 860 @ 2.80 GHz O/C'ed to 4.0GHz
Motherboard
Gigabyte P55A-UD3R Rev.1. Award BIOS F13
Memory
16GB Corsair Vengance DDR3 @ 661 MHz Dual Channel (9-9-9-24)
Graphics Card(s)
EVGA NVidia GTX 560 1024MB
Sound Card
Realtek Integrated
Monitor(s) Displays
Dual Samsung SyncMaster 2494HS
Screen Resolution
1920*1080 and 1920*1080
Hard Drives
1*Samsung 840 EVO 120GB SSD;
1*OCZ Vertex 2 60GB SSD;
2*Samsung F3 SpinPoint 1TB in RAID0;
1*Samsung F1 SpinPoint 1TB;
2*Western Digital 1TB External USB 3.0
1*Western Digital 500GB External USB 3.0
1*Seagate 500GB External USB 2.0
PSU
Thermaltake ToughPower QFan 750W
Case
Thermaltake Element S VK60001W2Z
Cooling
Corsair H60 Water Cooling, 2*230mm and 2*80mm case fans
Keyboard
Logitech G110
Mouse
Logitech MX518
Awesome, thanks again guys!!
 

My Computer

Computer Manufacturer/Model Number
Lenovo w520 - 4270CTO
OS
Windows 7 Professional 64
CPU
Intel Core i7-2960xm CPU @ 2.70GHz
Memory
32 GB PC3-10600DDR3 1333SODMM
Graphics Card(s)
NVIDIA Quadro 2000M Graphics with 2GB DDR3 Memory
Monitor(s) Displays
15.6" FHD (1920 x 1080) LED Backlit Anti-Glare Display
Same issue is happening on my home XP Pro machine, and my dad's Win7 laptop. Both of ours started exhibiting this redirect behavior after we both had that "Security Shield" fake AV software pop up. We both removed it with MBAM run in safe mode, but this redirect behavior on Google searches still exists. Have scanned with MBAM, Spybot S&D, Symantec AV Corporate, all in safe mode, and none of them find any problems.

May have to just break down and reformat the darn thing. It's probably about time to do it again anyway.
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Custom-built PC workstation
OS
Windows 7 Professional x64
CPU
Core i7-4790K Devil's Canyon Quad Core 4.0 GHz
Motherboard
ASUS Z97-E/USB3.1 ATX
Memory
G.SKILL Ripjaws X Series 32 GB DDR3-1866 (4x 8GB)
Graphics Card(s)
EVGA (nVIDIA) GTX 960 4 GB GDDR5
Sound Card
on-board
Monitor(s) Displays
2x Dell Ultrasharp 24" U2415
Screen Resolution
2x 1920x1200
Hard Drives
Crucial MX200 500GB 2.5" SSD SATA III 6 GB/sec
PSU
Rosewill Glacier 700M 700-watt
Case
Fractal Design Define R4 Silent PC mid-tower
Cooling
OEM PSU cooler, 3x 140mm case fans (2 intake, 1 exhaust)
Keyboard
Logitech
Mouse
Logitech
Internet Speed
100+ Mbps
Antivirus
BitDefender
Browser
Firefox/Chrome
Well that was short lived, I ran another Malwarebytes scan today to make sure I was clear and Rootkit.Necurs popped up, will malwarebytes remove it sufficiently or will other steps need to be taken?
 

Attachments

My Computer

Computer Manufacturer/Model Number
Lenovo w520 - 4270CTO
OS
Windows 7 Professional 64
CPU
Intel Core i7-2960xm CPU @ 2.70GHz
Memory
32 GB PC3-10600DDR3 1333SODMM
Graphics Card(s)
NVIDIA Quadro 2000M Graphics with 2GB DDR3 Memory
Monitor(s) Displays
15.6" FHD (1920 x 1080) LED Backlit Anti-Glare Display
if you can get in too windows normally open malwarebytes again update it restart boot in to safe mode and rerun the scan make sure you do the full scan and not the quick i would also recomend trying spybot search and destroy
 

My Computer

OS
windows 7 ultimate x64
CPU
AMD QUAD CORE FX-4170 4200MHz Bulldozer
Motherboard
ASUS M5A78L-M/USB3
Memory
8GB DDR3 memory (2 x 4GB 1333MHz)
Graphics Card(s)
Geforce Gt610 2gb
PSU
680W G7 Power Extreme ATX PSU
Case
icute Super Cool Turbine Gamer Case

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Golden Mk. I.4
OS
Windows 10 Pro x64 ; Xubuntu x64
CPU
Intel i7 860 @ 2.80 GHz O/C'ed to 4.0GHz
Motherboard
Gigabyte P55A-UD3R Rev.1. Award BIOS F13
Memory
16GB Corsair Vengance DDR3 @ 661 MHz Dual Channel (9-9-9-24)
Graphics Card(s)
EVGA NVidia GTX 560 1024MB
Sound Card
Realtek Integrated
Monitor(s) Displays
Dual Samsung SyncMaster 2494HS
Screen Resolution
1920*1080 and 1920*1080
Hard Drives
1*Samsung 840 EVO 120GB SSD;
1*OCZ Vertex 2 60GB SSD;
2*Samsung F3 SpinPoint 1TB in RAID0;
1*Samsung F1 SpinPoint 1TB;
2*Western Digital 1TB External USB 3.0
1*Western Digital 500GB External USB 3.0
1*Seagate 500GB External USB 2.0
PSU
Thermaltake ToughPower QFan 750W
Case
Thermaltake Element S VK60001W2Z
Cooling
Corsair H60 Water Cooling, 2*230mm and 2*80mm case fans
Keyboard
Logitech G110
Mouse
Logitech MX518
What about running TDSSKiller? Supposedly it can clean out root kits.
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Custom-built PC workstation
OS
Windows 7 Professional x64
CPU
Core i7-4790K Devil's Canyon Quad Core 4.0 GHz
Motherboard
ASUS Z97-E/USB3.1 ATX
Memory
G.SKILL Ripjaws X Series 32 GB DDR3-1866 (4x 8GB)
Graphics Card(s)
EVGA (nVIDIA) GTX 960 4 GB GDDR5
Sound Card
on-board
Monitor(s) Displays
2x Dell Ultrasharp 24" U2415
Screen Resolution
2x 1920x1200
Hard Drives
Crucial MX200 500GB 2.5" SSD SATA III 6 GB/sec
PSU
Rosewill Glacier 700M 700-watt
Case
Fractal Design Define R4 Silent PC mid-tower
Cooling
OEM PSU cooler, 3x 140mm case fans (2 intake, 1 exhaust)
Keyboard
Logitech
Mouse
Logitech
Internet Speed
100+ Mbps
Antivirus
BitDefender
Browser
Firefox/Chrome
I was affraid of that, ok thanks.
 

My Computer

Computer Manufacturer/Model Number
Lenovo w520 - 4270CTO
OS
Windows 7 Professional 64
CPU
Intel Core i7-2960xm CPU @ 2.70GHz
Memory
32 GB PC3-10600DDR3 1333SODMM
Graphics Card(s)
NVIDIA Quadro 2000M Graphics with 2GB DDR3 Memory
Monitor(s) Displays
15.6" FHD (1920 x 1080) LED Backlit Anti-Glare Display
When doing the clean install should I be worried about any of my backup files reinfecting my system?
 

My Computer

Computer Manufacturer/Model Number
Lenovo w520 - 4270CTO
OS
Windows 7 Professional 64
CPU
Intel Core i7-2960xm CPU @ 2.70GHz
Memory
32 GB PC3-10600DDR3 1333SODMM
Graphics Card(s)
NVIDIA Quadro 2000M Graphics with 2GB DDR3 Memory
Monitor(s) Displays
15.6" FHD (1920 x 1080) LED Backlit Anti-Glare Display
Hi,

No, I don't think so - best to check though by backing up your files to an external device, and then scanning that.

Regards,
Golden
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Golden Mk. I.4
OS
Windows 10 Pro x64 ; Xubuntu x64
CPU
Intel i7 860 @ 2.80 GHz O/C'ed to 4.0GHz
Motherboard
Gigabyte P55A-UD3R Rev.1. Award BIOS F13
Memory
16GB Corsair Vengance DDR3 @ 661 MHz Dual Channel (9-9-9-24)
Graphics Card(s)
EVGA NVidia GTX 560 1024MB
Sound Card
Realtek Integrated
Monitor(s) Displays
Dual Samsung SyncMaster 2494HS
Screen Resolution
1920*1080 and 1920*1080
Hard Drives
1*Samsung 840 EVO 120GB SSD;
1*OCZ Vertex 2 60GB SSD;
2*Samsung F3 SpinPoint 1TB in RAID0;
1*Samsung F1 SpinPoint 1TB;
2*Western Digital 1TB External USB 3.0
1*Western Digital 500GB External USB 3.0
1*Seagate 500GB External USB 2.0
PSU
Thermaltake ToughPower QFan 750W
Case
Thermaltake Element S VK60001W2Z
Cooling
Corsair H60 Water Cooling, 2*230mm and 2*80mm case fans
Keyboard
Logitech G110
Mouse
Logitech MX518
You must log in or register to reply here.
Back
Top