post-malware one problem remains: google.com redirect

zapp22 · 04 Aug 2014

anyone have the answer to this? had a desktop infected with search conduit of some vintage.
cleared the infection except for one remaining issue that I cannot find a cure for: irrespective of what browser I use, any attempts to reach a google domain of any sort results in a SSL "Certificate has expired" block. I take this to be legit: that any common google domain entering into the dns lookup gets intercepted and rerouted to a compromised pass-through.

I would think that uninstalling chrome, for instance, and reinstalling would fix it for chrome, but not if there's a dns hijack going on. but its the only set of domains being monkeyed with...
everything else about the PC works fine. no issues. no other web redirects.
no problems with onboard/local programs & such.

any help?

andrew129260 · 04 Aug 2014

Reset your host file using the fix it page here:

How can I reset the Hosts file back to the default?

_____________________________________________________________________________________

1.) Download AdwCleaner by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool

Vista/Windows 7/8 users right-click and select Run As Administrator.
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
Upload the contents of that logfile in your next reply using the paper clip on the reply box.
A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

2.) Using AdwCleaner v3: Scan & Clean:

Double click on AdwCleaner.exe to run the tool again.
Click on the Scan button.
AdwCleaner will begin to scan your computer like it did before.
After the scan has finished...

This time click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
Upload the contents of that logfile in your next reply using the paper clip on the reply box.

Junkware Removal tool:

3.) Please download Junkware Removal Tool to your desktop.

Shutdown your antivirus to avoid any conflicts.
Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Upload the contents of that logfile in your next reply using the paper clip on the reply box.
When completed make sure to re-enable your antivirus

zapp22 · 04 Aug 2014

yep, all good stuff.
xplode and jrt and avast missed the real issues. mbam got 'em.

I figured it out, and I thank you for reminding me about resetting the hosts file - I was racking my memory trying to find that missing piece

all ok now

andrew129260 · 04 Aug 2014

Glad to hear it. :)

What infections were you infected with? If you would like we can use an additional tool to make sure you are clean:

1.) Download herdprotect: (choose the portable version)

Download herdProtect - Free Anti-Malware Platform

2.) Run the scan.

3.) When the scan finishes, save the results per the screenshot below. Then upload the log here.

DO NOT REMOVE ANYTHING YET. I will advise if anything needs removed when I receive the log.

Attached Images