HELP!! Google redirect Virus

[cece]

A few weeks ago I got a virus and my computer got fixed. Since then it seems that I have the Google redirect Virus but when I try to do the fix I found online I can't find the file. Furthermore when I downloaded a new software that would find the Google Redirect Virus and get rid of it it kept giving me weird error messages. Now my volume does not work even though I've gone to the control panel and make sure that the volume works fine. I don't pay for cable so this is the only option for watching DVD's or movies from HULU. I am ready to smash this machine. Please help - I can't afford $135 an hour for a tech to fix this...

 

[Petey7]

I remember my helping a friend over the phone with a virus (can't remember what type). We found an entry for it in the start-up items and unchecked it. After restarting the computer the volume no longer worked. unfortunately, I never did figure out exactly what was going on because he then told me he had a warranty through Best Buy, and I know a guy that works at one near us that is a lot better at this kind of stuff then me.

The main thing to remember is that there is no "the" google redirect virus. I have seen many different viruses that did it, sometimes along with other symptoms. What kind of virus did you have before? Do you have an AV installed? AVG and MSE (Microsoft Security Essentials) are both free and work well. MSE is better in my opinion. If you don't have a AV at all, get one of those two.

EDIT: since you have a redirect virus I could provide a link directly to the download for which ever AV you want and anything else you need.

 

[Corrine]

Hi, cece. Welcome to Seven Forums.

Let's hope it isn't the TDL3 Rootkit which is often described at the Google Redirect Virus.

Please download Malwarebytes' Anti-Malware to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, be sure Quick scan is selected, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, EXCEPT items in System Restore as shown in this sample:
  
  
• Click Remove Selected.
• When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here on Windows XP: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt and C:\Users\UserName\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt on Windows Vista and Windows 7.
• Please post contents of that file in your next reply.

 

[Petey7]

The last two or three times I fixed a Google redirect virus on an xp computer, MalwareBytes would either not install or not run, in cases of it already having been installed prior to infection.

 

[Corrine]

If .exe files will not run, it will be necessary to run RKill first. Following are those instructions.

Please download rkill from one of the following links and save to your Desktop:

One, Two,Three or Four

• Double-click rkill to run.
• A command window will open then disappear upon completion, this is normal.
• Please leave rkill on the Desktop until otherwise advised.
• Do NOT restart your computer after running rkill as the malware program(s) will start again.

Notes:

If you you receive security warnings about rkill, please ignore and allow the download to continue.

Note: If MBAM will not install from the normal download site, try the random installer: You can also get the "random" installer from here:
http://mbam.malwarebytes.org/program/random-installer.php

It runs as explorer.exe and the Window name is random.

 

[cece]

Thanks but

Hello and thanks for the help.
I have Av and super anti syware and I do have Malware. I have run scans repeatly with Super amd Malware. Super only detects Adware and Malware does not detect anything. Tonight it was the volume not working and it is not on the taskbar either. It is something new everyday.
Thanks for your help. Please continue : )

 

[cece]

One more thing

I forgot to mention that I had done some research inline and found that there is a connection between the volume not working and Adobe Flash. So I tried to uninstall it and it would not - is this something?
Thank you both Corrine and Petey7 - I really appreciate your help. cece

 

[cece]

I ran the Rkill and this is the note I got:

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as Cee on 07/19/2010 at 21:50:27.

Processes terminated by Rkill or while it was running:

C:\Documents and Settings\Cee\Local Settings\Temporary Internet Files\Content.IE5\WKG4VFQM\rkill[1].exe

Rkill completed on 07/19/2010 at 21:50:35.

 

[merkat106]

Try this: VIPRE Rescue - VIPRE Computer Recovery Solution from Sunbelt Software

However, it sounds like you may have to perform a clean install (after you backup everything) to properly fix your problem(s). I've had to do this several times with both XP and 7 computers.
Clean Install Windows XP
Clean Install Windows XP - How to Perform a Clean Installation of Windows XP - Part 1 of 4

 

[Petey7]

I'm a little confused on one point. Did you say that Superantispyware only capable of detecting adware, or did you say that it had detected adware while scanning? Adware can easily be the cause of redirects with any search engine and browser combo.

 

[cece]

Clean install

HI - Thanks - actually you are the second person that told me that I need to do a clean install. When I purchased the computer I did not get the restore disks. This is windows XP home edition. Where do I locate a restore disk?
Thanks!

 

[cece]

it had detected adware while scanning-actually at the very beginning of the scan.

 

[cece]

it picked up adware while it was scanning

 

[Petey7]

the adware needs to be removed. Also, it is a good idea to turn off system restore at this point *ducks out of the way of thrown objects*. Sometimes a restore point is made after a computer is infected and makes removing of the virus/spyware/adware nearly impossible. If after taking those steps the problem is still occurring, you can still buy XP online for less than what it would cost to have a professional fix the PC. If you live in the US, I can give you link to where they have XP SP3 Home for $100.

EDIT: forgot to mention that there should be a xp product key some where on your computer. If so, see if any friends or neighbors have a copy of XP. As long as you have a product key, it does not matter what disc you install from.

 

[rkasparek]

You may have to load Malwarebytes on a thumb drive and run it from there - another one we recently tried was avast - which actually found some malware that malwarebytes didn't! Like Petey7 said - there is no 'Google redirect virus' There are, however - hacks that will place a bogus .htaccess file on webservers that will redirect traffic from Google searches to specific malware loads that will trick you into downloading malware "...in order to get rid of malware"

 

[malexous]

Try a default scan with Hitman Pro 3 - SurfRight

If you have trouble getting Hitman Pro to run or scan then try Hitman Pro in Force Breach Mode « (only use this if needed: it is better to start Hitman Pro normally for a better chance of detection).

 

[cece]

More work

Hey all

1st: I do have the product code. I live in Vermont - so yes I would love the link to purchase the restore disc

I'll try everything that you have suggested.

I'll keep you posted. Thanks so much!!

 

[Petey7]

It's not a "restore disc," it is a full, brand new copy of Windows with a new product key. I think you might have misunderstood me before so I will try to rephrase. As long as you have a product key, you can use ANY XP Home disc to reinstall Windows, as long as you use that product key. So if a friend or family member happens t have a disc, no need to buy it. I think having the disc would make things easier in the future, so I'll give you the link. Be aware that unlike a restore disc, a fresh copy of windows will not reinstall your drivers. They must be downloaded from the Dell website.

Newegg.com - Microsoft Windows XP Home Edition SP3 English 1 Pack for System Builders DSP OEI CD - Operating Systems

 

[Adrian]

Hard Boot

Cece, welcome to Windows 7 Support forums. In order to remove the virus we suggest the following procedure:

1. Perform a hard boot and use the "SAFE" boot option.
2. Once you are in safe boot your desktop will appear.
3. Using your choice of AV, (I prefer Malaware) perform a full scan.
4. Review the log and perform appropriate counter measure.

Another option would be for you to identify the time or date that you recognised that a virus presented itself and working backwards perform a restore to a prior date.

 

[Corrine]

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as Cee on 07/19/2010 at 21:50:27.

Processes terminated by Rkill or while it was running:

C:\Documents and Settings\Cee\Local Settings\Temporary Internet Files\Content.IE5\WKG4VFQM\rkill[1].exe

Rkill completed on 07/19/2010 at 21:50:35.

Hi, cece.

As I said above, RKill is to be run only if you are unable to run the Malwarebytes .exe file.

The reason I suggested that you scan your computer with MBAM is that it does detect versions of the TDSS Rootkit, which some have referred to as the "Google Redirect Virus" as you did. I am hoping that is not the case but won't know how to further advise you unless you provide the log from MBAM.

Note: Do not clear System Restore at this point, as suggested by someone else. Although infected, you still have a "working computer". This is particularly important since it appears you are following all suggestions being thrown at you. Should something go wrong in the cleanup process, you will be up the proverbial creek. System Restore can and should be cleared after your computer is clean.
​