Personal computing discussed

Moderators: renee, Flying Fox, Ryu Connor

 
Hawkwing74
His Holy Gerbilness
Topic Author
Posts: 13961
Joined: Wed Aug 20, 2003 5:51 pm
Location: Streamwood, IL

Google redirect virus

Wed Oct 03, 2012 9:28 am

I’m having a lot of trouble with a google search redirect virus. I think it’s a root kit. I used Kaspersky’s free tool “TDSSKiller” which removed it one time but is not now removing it. (It came back after one day). It is redirecting some but not all of my google or yahoo search results in IE or Chrome.

I have tried AVG which was already installed, Trendmicro online scan, Spybot, and none of these found the virus. My Windows Update has always been up to date.

The next thing I am going to try is look for my hosts file and see if that got corrupted. Just wondering if anyone else has any ideas.
 
steelcity_ballin
Gerbilus Supremus
Posts: 12072
Joined: Mon May 26, 2003 5:55 am
Location: Pittsburgh PA

Re: Google redirect virus

Wed Oct 03, 2012 9:40 am

Reboot into safe mode, full scan with malwarebytes and MSSE.
 
firewarrior565
Gerbil In Training
Posts: 6
Joined: Sun Aug 12, 2012 11:31 am

Re: Google redirect virus

Wed Oct 03, 2012 9:52 am

My usual method for this is as follows: Run rkill.exe a nice free software online that clears active infections out. Then use malwarebytes. Works perfect!
 
Arclight
Gerbil Elite
Posts: 768
Joined: Tue Feb 01, 2011 3:50 am

Re: Google redirect virus

Wed Oct 03, 2012 10:16 am

Hawkwing74 wrote:
I’m having a lot of trouble with a google search redirect virus. I think it’s a root kit. I used Kaspersky’s free tool “TDSSKiller” which removed it one time but is not now removing it. (It came back after one day). It is redirecting some but not all of my google or yahoo search results in IE or Chrome.

I have tried AVG which was already installed, Trendmicro online scan, Spybot, and none of these found the virus. My Windows Update has always been up to date.

The next thing I am going to try is look for my hosts file and see if that got corrupted. Just wondering if anyone else has any ideas.


If you found a tool that is specifically made to remove the exact virus signiture that infected your system and it failed to desinfect, imo, the best place to ask questions would be on the developer's forum or online support. Personally i have tryed removing a simillar virus that redirected and prevented the user of the machine to connect to specific websites like www.microsoft.com. In that instance i thought i sucessfully removed it but after 4-5 hours the system became unresponsive and it locked the system. Even after countless reboots i couldn't get into Windows.....i was forced to reinstall the OS. Luckily it wasn't my machine.
nVidia video drivers FAIL, click for more info
Disclaimer: All answers and suggestions are provided by an enthusiastic amateur and are therefore without warranty either explicit or implicit. Basically you use my suggestions at your own risk.
 
Hawkwing74
His Holy Gerbilness
Topic Author
Posts: 13961
Joined: Wed Aug 20, 2003 5:51 pm
Location: Streamwood, IL

Re: Google redirect virus

Wed Oct 03, 2012 10:25 am

It is not meant to remove this exact virus. It looks for around 500 root kit viruses. I will try malwarebytes when I get home.
 
Techgoudy
Gerbil First Class
Posts: 142
Joined: Tue Oct 02, 2012 5:01 pm

Re: Google redirect virus

Wed Oct 03, 2012 11:41 am

I would enter safe mode and run Malware Bytes and MSE. After running those I would set your browsers to default settings, clear all cache and I might also add using the sfc /scannow command to make sure the essential Windows files aren't corrupted or replaced with malicious ones, if that command finds anything corrupted or changed and it shouldn't then it will replace the bad files with good ones.
 
elmopuddy
Graphmaster Gerbil
Posts: 1041
Joined: Thu Dec 27, 2001 7:00 pm
Location: Montreal, Canada
Contact:

Re: Google redirect virus

Wed Oct 03, 2012 12:21 pm

I would check the hosts file as well, I've seen some malware add bogus entries there as well.
Gamer - i7-7700K, 16GB, GTX1060, 950 PRO, 840EVO
 
Bauxite
Gerbil Elite
Posts: 788
Joined: Sat Jan 28, 2006 12:10 pm
Location: electrolytic redox smelting plant

Re: Google redirect virus

Wed Oct 03, 2012 1:02 pm

Unless you are absolutely sure a tool will completely remove the exact version of whatever malware (which you have conclusively identified) there is only one sane option with a lot of today's nastier stuff:

Plug the drive in another computer, grab your critical files* then nuke from orbit.

(only things you have no backups or easy replacements for, otherwise not worth the risk they've been trojanized)
TR RIP 7/7/2019
 
cass
Minister of Gerbil Affairs
Posts: 2269
Joined: Mon Feb 10, 2003 9:12 am
Contact:

Re: Google redirect virus

Wed Oct 03, 2012 1:05 pm

1. combofix
2. search windows registry for nameserver redirects and any other dns bogus entries.
3. run your favorite anitvirus
4. Try some google searches.

This one is a pain, but I have managed to remove it from a few computers. I don't really remember the exact stuff I used, but the above is my normal approach. I usually start combofix from safe mode administrator and let it reboot and take over from there.
 
TechieRuss
Gerbil In Training
Posts: 1
Joined: Wed Oct 03, 2012 1:33 pm

Re: Google redirect virus

Wed Oct 03, 2012 1:44 pm

Check the hard drive for a hidden tdlfs file system. Plug the HDD in to another machine or use Hiren's boot CD.
It will be a very small (a few MBs) partition at the end of the drive. If it's there, format it and then delete it. After you do this you will need to replace the MBR with a default one and set the OS partition 'Active.'

After all this you should be able to boot windows and run TDSSKiller and MBAM to check for further infections.
 
zaedion
Gerbil
Posts: 43
Joined: Thu Mar 27, 2003 5:50 pm

Re: Google redirect virus

Wed Oct 03, 2012 2:12 pm

Recently I had a huge bout with this problem, pretty nasty stuff.

If all the above mentioned methods did not completely remove it, it's most likely from the wireless router. I tried all the methods above and to my surprise it kept coming back, and it suddenly started showing up on a second laptop as well. So I decided to hard reset the wireless router, installed its latest firmware and flashed it to dd-wrt and I haven't had the problem since.

Good luck!
 
JohnC
Gerbil Jedi
Posts: 1924
Joined: Fri Jan 28, 2011 2:08 pm
Location: NY/NJ/FL

Re: Google redirect virus

Wed Oct 03, 2012 4:39 pm

As others have said, try MBAM, if it's some simple link redirecting Adware - MBAM will probably find it and remove it. If it won't help - you might try running ComboFix, it's available here:
http://www.bleepingcomputer.com/download/combofix/

You should probably try out other tools as well - for example Avira makes a free bootable CD with antivirus scanner on it, which is updated daily, you might try it out: http://www.avira.com/en/download/produc ... cue-system
Kaspersky also has a similar rescue CD, though it's not being updated frequently, however you may still try it:
http://support.kaspersky.com/viruses/rescuedisk
Gifter of Nvidia Titans and countless Twitch donation extraordinaire, nothing makes me more happy in life than randomly helping random people
 
just brew it!
Administrator
Posts: 54500
Joined: Tue Aug 20, 2002 10:51 pm
Location: Somewhere, having a beer

Re: Google redirect virus

Wed Oct 03, 2012 8:43 pm

Are you sure you don't have some other infected machine on your network that is re-infecting the one you're trying to fix?
Nostalgia isn't what it used to be.
 
JohnC
Gerbil Jedi
Posts: 1924
Joined: Fri Jan 28, 2011 2:08 pm
Location: NY/NJ/FL

Re: Google redirect virus

Wed Oct 03, 2012 9:03 pm

...here are a couple of links which may (or may not) be helpful for you:
http://deletemalware.blogspot.com/2010/ ... virus.html

http://www.techspot.com/community/topic ... us.179907/ (look at post #16 and #17).

...also, after you hopefully will be done with this malware (whatever it is), you might want to invest some $$$ into good paid antivirus program which has better protection for system files/settings against changes/modifications by currently unknown malware (not gonna give any particular recommendation, it's up to YOU to test and see which one works best for your particular setup).
Last edited by JohnC on Wed Oct 03, 2012 9:14 pm, edited 1 time in total.
Gifter of Nvidia Titans and countless Twitch donation extraordinaire, nothing makes me more happy in life than randomly helping random people
 
Captain Ned
Global Moderator
Posts: 28704
Joined: Wed Jan 16, 2002 7:00 pm
Location: Vermont, USA

Re: Google redirect virus

Wed Oct 03, 2012 9:05 pm

Listen to Hicks & Ripley. It's the only way to be sure.

(I wish there was a Susan Ivanova quote on point)
What we have today is way too much pluribus and not enough unum.
 
JohnC
Gerbil Jedi
Posts: 1924
Joined: Fri Jan 28, 2011 2:08 pm
Location: NY/NJ/FL

Re: Google redirect virus

Wed Oct 03, 2012 9:16 pm

Captain Ned wrote:
Listen to Hicks & Ripley. It's the only way to be sure.


...an internet is quite large "place", you can't nuke all of it :wink:
Gifter of Nvidia Titans and countless Twitch donation extraordinaire, nothing makes me more happy in life than randomly helping random people
 
Captain Ned
Global Moderator
Posts: 28704
Joined: Wed Jan 16, 2002 7:00 pm
Location: Vermont, USA

Re: Google redirect virus

Wed Oct 03, 2012 9:33 pm

JohnC wrote:
Captain Ned wrote:
Listen to Hicks & Ripley. It's the only way to be sure.
..an internet is quite large "place", you can't nuke all of it :wink:

No, just the local infections.

Wordplay aside, I simply don't try to fix stubborn infections. I know I'm eventually going to get them no matter what prevention tools I employ (The day job always makes me tell people it's not if, it's when) so I regularly image the OS and keep weekly data backups. A lather, rinse, & repeat is down to a couple of hours of mild inconvenience and that's only because the storage drives are WD Greens.
What we have today is way too much pluribus and not enough unum.
 
JohnC
Gerbil Jedi
Posts: 1924
Joined: Fri Jan 28, 2011 2:08 pm
Location: NY/NJ/FL

Re: Google redirect virus

Wed Oct 03, 2012 11:27 pm

Well, fixing stubborn, "unknown" infections can be a fun experience, and such knowledge will always be useful in the future as long as you won't completely transfer to non-Microsoft OS :wink: But yea, sometimes it's more productive to just wipe everything and start anew (or restore a backup image). Of course, that doesn't guarantee that you won't be re-infected again by same exact thing (or something equally annoying) if your computer is still connected to internets :wink:
Gifter of Nvidia Titans and countless Twitch donation extraordinaire, nothing makes me more happy in life than randomly helping random people
 
Hawkwing74
His Holy Gerbilness
Topic Author
Posts: 13961
Joined: Wed Aug 20, 2003 5:51 pm
Location: Streamwood, IL

Re: Google redirect virus

Thu Oct 04, 2012 10:31 am

I will refer to this thread again if it comes back. AVG must have been updated during the day, because as soon as I got to my PC AVG found it and quarantined. I haven't seen the redirect effect since.

Thanks for all the advice.
 
steelcity_ballin
Gerbilus Supremus
Posts: 12072
Joined: Mon May 26, 2003 5:55 am
Location: Pittsburgh PA

Re: Google redirect virus

Thu Oct 04, 2012 10:36 am

Hawkwing74 wrote:
I will refer to this thread again if it comes back. AVG must have been updated during the day, because as soon as I got to my PC AVG found it and quarantined. I haven't seen the redirect effect since.

Thanks for all the advice.

It may not be worth much, but I ditched AVG a while ago since they 'sold out' - the software became slower and more bloated, and I just got tired of it. Glad to hear you may have it resolved though.
 
aea414
Gerbil In Training
Posts: 5
Joined: Thu Mar 26, 2009 11:28 am

Re: Google redirect virus

Thu Oct 04, 2012 10:47 am

I just wanted to add, that I had a similar issue. I got rid of the infection using combofix and similar steps listed here but it was affecting my searches when using Google Chrome, not FireFox or IE. Turns out this installs an extension in Chrome called "default extension" (See Microsoft Security Encyclopedia article) Even when all my tools said there was no infection this extension remained and occasionally redirected searches. I had to dive in and delete the directory that contain the extension and haven't seen it come back.

I have continued to run frequent scans to check for re-infection and haven't seen it. Hope that helps.
 
Hawkwing74
His Holy Gerbilness
Topic Author
Posts: 13961
Joined: Wed Aug 20, 2003 5:51 pm
Location: Streamwood, IL

Re: Google redirect virus

Thu Oct 04, 2012 10:52 am

steelcity_ballin wrote:
It may not be worth much, but I ditched AVG a while ago since they 'sold out' - the software became slower and more bloated, and I just got tired of it. Glad to hear you may have it resolved though.

2 babies, I can't afford paying for virus software right now. What do you use?
 
steelcity_ballin
Gerbilus Supremus
Posts: 12072
Joined: Mon May 26, 2003 5:55 am
Location: Pittsburgh PA

Re: Google redirect virus

Thu Oct 04, 2012 12:23 pm

Just MSSE - I could probably stand more protection but the sole user and I'm pretty careful about what I do with my gam.... MY VERY IMPORTANT WORK COMPUTER USED FOR WORK THINGS LIKE SCIENCE AND STUFF.
 
just brew it!
Administrator
Posts: 54500
Joined: Tue Aug 20, 2002 10:51 pm
Location: Somewhere, having a beer

Re: Google redirect virus

Thu Oct 04, 2012 2:45 pm

Hawkwing74 wrote:
steelcity_ballin wrote:
It may not be worth much, but I ditched AVG a while ago since they 'sold out' - the software became slower and more bloated, and I just got tired of it. Glad to hear you may have it resolved though.

2 babies, I can't afford paying for virus software right now. What do you use?

For Windows machines I use MSE + Malwarebytes.

For Linux I typically use nothing, or ClamAV if I am feeling particularly paranoid.
Nostalgia isn't what it used to be.
 
JohnC
Gerbil Jedi
Posts: 1924
Joined: Fri Jan 28, 2011 2:08 pm
Location: NY/NJ/FL

Re: Google redirect virus

Thu Oct 04, 2012 5:23 pm

Hawkwing74 wrote:
steelcity_ballin wrote:
It may not be worth much, but I ditched AVG a while ago since they 'sold out' - the software became slower and more bloated, and I just got tired of it. Glad to hear you may have it resolved though.

2 babies, I can't afford paying for virus software right now. What do you use?


Well, I doubt that paying something like $40/year will have a serious dent on family budget... But, it's up to you.
I've been recently trying out the new version (2013) of Kaspersky Antivirus... It seems to be pretty good so far - much better in terms of performance compared to previous versions (which were notorious for causing system "slow-downs" for some people), with more simple interface but still with plenty of configurable options (I especially like that I can set it to run auto-updates and other scheduled tasks only during "idle" and don't run them at all and don't bother me with any notifications if, for example, I currently have a game running in full-screen mode). Not sure about its detection rates (according to http://www.av-test.org it's very good) since I usually don't try to visit suspicious sites, but it did pop the warning once right after I have updated the "Planetside 2" client, about ps2.exe having a " potentially suspicious keylogger-like behavior" (which is somewhat valid, since it needs to submit your login information to PS2 login servers), I just marked it as "Exclusion" so it would never warn me about it again.

P.S: If you'll ever decide to pay for antivirus program (whatever it may be) - don't buy it directly from "official" site, there are plenty of stores (like Amazon and others) which sell the valid retail licenses/copies of same exact thing for much cheaper price. For example, Norton Antivirus costs $50 for a 1-year license at Symantec's own store, but it costs only $20 at Amazon (sold directly by Amazon) for same exact thing!
Gifter of Nvidia Titans and countless Twitch donation extraordinaire, nothing makes me more happy in life than randomly helping random people
 
xgsound
Gerbil First Class
Posts: 113
Joined: Wed Jul 20, 2005 10:48 pm
Location: Pittsburgh, PA

Re: Google redirect virus

Thu Oct 04, 2012 6:54 pm

The popular free a/vs are AVG, Avira, Avast, and MSE. I've used all at one time or another and settled on MSE for now. The bleeping computer website http://www.bleepingcomputer.com/ is a good place to check for specific removal advice. They often have programs to restore things malware ruins such as lost desktop, programs won't run and so on. I think they are associated with Malwarebytes and rkill too.

Jim

Who is online

Users browsing this forum: No registered users and 1 guest
GZIP: On