Google ReDirect Rootkit Infected Computer. MSE Bypassed. How Fix?

T

TomBrooklyn

New member
Member
Local time
1:25 AM
Messages
75
How remove google ReDirect Virus (Rootkit) when MSE has been disabled by it?

My computer is infected with something. I think it's the Google ReDirect Virus, because when I try to go to websites like Trend Micro to get an online virus scanner, I can no longer get there.

Additionally, I am getting pop-up windows from something offering to run a security scan. Sometimes the scan starts by itself. It looks something like Microsoft Security Essentials (which I have); but it is not.

I am getting other pop-ups in bold red windows saying I have a virus; but it's not MSE; and MSE is the virus scanner I am running.

These pop-ups are malicious and I am being forced to click on them to close them, which have I don't know what other effects.

At one point I got a malicious phony full screen ad to buy some virus removal software, and clicking on the X close the page in the upper right corner had no effect to close it. I had to shut down the computer to get rid of it.

MSE seems to have completely missed this virus or rootkit and the rootkit has taken over my computer. I am typing this from a different computer.

I did an internet search for how to remove Google ReDirect, and most of the websites advise to download and run certain applications like MalWareBytes, etc. They seem to completely miss the point that many websites are now inaccessible.
 

My Computer My Computer

Computer Manufacturer/Model Number
Home Built
OS
Win 7 Pro
CPU
Intel i7 2600K
Motherboard
Asus P8Z68-V LX
Memory
16 GB 1333 Crucial Hyper-X Blu I think
Graphics Card(s)
Integrated
Sound Card
Integrated
Monitor(s) Displays
Dual LCD IPS panels
Screen Resolution
1980x1200, 1980x1080
Hard Drives
3 SATA: 250, 160, 2000 GB, External USB 3TB
PSU
OCZ modular 500W
Case
Antec 300
Cooling
Case: 2 Stock fans, CPU: CoolerMaster Evo 212; PSU: fan
Keyboard
Dell Logitech wireless
Mouse
Logitech Wireless 510
Internet Speed
1.0 Mbps down, 448 Kbps up
Other Info
Case is too small.
First, disconnect the infected computer from the internet. On the computer you are currently using to write to us, download the installer for MalwareBytes. Also, follow this link to download an updater for Malwarebytes so that you can update it without an internet connection. Copy those files to a USB flash drive (or comparable removable storage device). Copy the files onto the infected computer and install them. You may have to do this in safe mode. If so, you can run Malwarebytes in safe mode, but it is best to try to run it in normal mode. Do a full scan with MalwareBytes. It should remove any malware, after which you should restart you computer. MSE should be running at that point, and if it is, run a full scan to make sure that MalwareBytes did not miss anything. If not, I, or one of our other experts, will post futher instructions. Please write back to let us know the results.
 

My Computer My Computer

Computer type
Laptop
Computer Manufacturer/Model Number
Toshiba P775-S7100
OS
Windows 7 Professional SP1 64-bit
CPU
Intel Core i5-2450M @2.5 GHz
Memory
6 GB DDR3 1333MHz
Graphics Card(s)
Intel HD 3000
Monitor(s) Displays
Built-in 17.3" LED; 22" Insignia NS-L22Q-10A
Screen Resolution
1600x900; 1360x768
Hard Drives
750 GB Hitachi
1TB Seagate FreeAgent External
Internet Speed
Verizon DSL Speed(Down/Up): 3360 Kbps / 800 Kbps
Antivirus
MSE and MBAM Pro
Browser
IE10
Hi, I did not get back to this computer for a couple of days. When I turned it on, there was no sign of the virus like before.

I ran Malwarebytes, and then MSE, which was now available and working normally, and both indicated no virus.

I don't know how to explain it. I've never seen a computer get so messed up and then restore itself to normal like that before.
 

My Computer My Computer

Computer Manufacturer/Model Number
Home Built
OS
Win 7 Pro
CPU
Intel i7 2600K
Motherboard
Asus P8Z68-V LX
Memory
16 GB 1333 Crucial Hyper-X Blu I think
Graphics Card(s)
Integrated
Sound Card
Integrated
Monitor(s) Displays
Dual LCD IPS panels
Screen Resolution
1980x1200, 1980x1080
Hard Drives
3 SATA: 250, 160, 2000 GB, External USB 3TB
PSU
OCZ modular 500W
Case
Antec 300
Cooling
Case: 2 Stock fans, CPU: CoolerMaster Evo 212; PSU: fan
Keyboard
Dell Logitech wireless
Mouse
Logitech Wireless 510
Internet Speed
1.0 Mbps down, 448 Kbps up
Other Info
Case is too small.

My Computer My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Golden Mk. I.4
OS
Windows 10 Pro x64 ; Xubuntu x64
CPU
Intel i7 860 @ 2.80 GHz O/C'ed to 4.0GHz
Motherboard
Gigabyte P55A-UD3R Rev.1. Award BIOS F13
Memory
16GB Corsair Vengance DDR3 @ 661 MHz Dual Channel (9-9-9-24)
Graphics Card(s)
EVGA NVidia GTX 560 1024MB
Sound Card
Realtek Integrated
Monitor(s) Displays
Dual Samsung SyncMaster 2494HS
Screen Resolution
1920*1080 and 1920*1080
Hard Drives
1*Samsung 840 EVO 120GB SSD;
1*OCZ Vertex 2 60GB SSD;
2*Samsung F3 SpinPoint 1TB in RAID0;
1*Samsung F1 SpinPoint 1TB;
2*Western Digital 1TB External USB 3.0
1*Western Digital 500GB External USB 3.0
1*Seagate 500GB External USB 2.0
PSU
Thermaltake ToughPower QFan 750W
Case
Thermaltake Element S VK60001W2Z
Cooling
Corsair H60 Water Cooling, 2*230mm and 2*80mm case fans
Keyboard
Logitech G110
Mouse
Logitech MX518
Hi Golden,

I ran TDSS. It found four items it labled as Medium threats, and recommended Skipping them, but I quarantined them anyway.

They were:

C:\Windows\system32\epmntdrv.sys
C:\Windows\system32\EuGdiDrv.sys
a SiSoftware\Sandra Lite file (thats a PC benchmarking application which I downloaded but have never used)
and Adobe\Switchboard\Switchboard.exe (I use Lightroom and Photoshop, and Flash, but I don't know what this Adobe thing is.)

I got the mssstool64 thing working. I'm loading it onto a USB drive on the same computer that is/was potentially infected. It seems to be working but slowly.

I did also run before something called Microsoft Emergency Response tool or Microsoft Safety Scanner. I forgot to mention that above.
 

My Computer My Computer

Computer Manufacturer/Model Number
Home Built
OS
Win 7 Pro
CPU
Intel i7 2600K
Motherboard
Asus P8Z68-V LX
Memory
16 GB 1333 Crucial Hyper-X Blu I think
Graphics Card(s)
Integrated
Sound Card
Integrated
Monitor(s) Displays
Dual LCD IPS panels
Screen Resolution
1980x1200, 1980x1080
Hard Drives
3 SATA: 250, 160, 2000 GB, External USB 3TB
PSU
OCZ modular 500W
Case
Antec 300
Cooling
Case: 2 Stock fans, CPU: CoolerMaster Evo 212; PSU: fan
Keyboard
Dell Logitech wireless
Mouse
Logitech Wireless 510
Internet Speed
1.0 Mbps down, 448 Kbps up
Other Info
Case is too small.
I also have got several "You Have A Virus" warnings after clicking on an entry from Google search.

I never click anything within the warning to close these messages.

Right clicking on the task bar, then running Task Manager, then Applications, Highlight browser or website, then End Task works in the great majority of cases.

I have, however, had to power down as you did, to get rid of the message in a couple of hard core cases.

I immediately ran a virus check, and so far, have come up clean after all incidents.
 
Last edited:

My Computer My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Home Built
OS
Windows 7 Home Pro SP1 64bit
CPU
Intel Xeon E-3 1240v2
Motherboard
HP
Memory
8GB
Graphics Card(s)
NVIDIA 300
Sound Card
Onboard
Monitor(s) Displays
Hanns G 25"
Screen Resolution
1920x1080
Hard Drives
Hitachi 2GB
PSU
Seasonic 430W
Case
Antec
Cooling
Stock
Keyboard
Logitech
Mouse
Logitech
Internet Speed
5MB
You must log in or register to reply here.
Back
Top