Google Redirection and Others

[tkrasna]

Hi, and sorry if I previously posted to another thread.  I didn't realize that I wasn't supposed to do that.

I started out with Antivirus Live problems.  Using research on the web, I seemed at first successful at getting rid of it by going into the registry, removing all references to what it seemed to call itself (becusysguard.exe), and then deleting the folder it put in my c:\documents and settings\myname\local settings\application data\random dir\becusysguard.exe.  Also, I took out the proxy settings from IE that it put in on its behalf.

This worked for about two weeks, but I keep getting hit with similar "You have a virus blah blah blah" infection - similar to Antivirus Live, but a different infection.  In these later cases, the infection locks me out of just about everything, and the only way I can resolve is to boot the Windows XP CD into repair mode and then copy a bare bones registry from c:\windows\repair, and then boot into safe mode and then pick a restore point before infection.  These are temporary fixes.  Within a few days, I get hit with something else.

At one point, I downloaded and installed McAfee, and since then I haven't gotten the "Antivirus Live" type of issues, but now I have what seems to be the Google Redirection issue.  The computer also seems to be doing funky things - screen vibrates, scroll bars advance on their own - almost as if someone is remoted in.

So, I went through all the Read Me First posts and did all the scans.  I will attach the logs here.  In Add / Remove Programs, the only thing I don't recognize is WindowsLive OneCare Safety Scanner.  I didn't see this on any list of viruses or malware, and I don't suspect it's a problem, but I mention it here.

So thank you for all of your kind help, and I hope that we can get rid of this thing.  Is it possible that my IP Address is open to someone, so that even though I clean my machine, they can continue to re-enter and infect?  Would they be getting through my firewall if that were the case? 

[Saving space, attachment deleted by admin]

[evilfantasy]

Please go to Jotti's malware scan
(If more than one file needs scanned they must be done separately and logs posted for each one)

* Copy the file path in the below Code box:

Code: [Select]

C:\Documents and Settings\Stu\Start Menu\Programs\Startup\SUN.EXE* At the upload site, click once inside the window next to Browse.
* Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
* Next click Submit file
* Your file will possibly be entered into a queue which normally takes less than a minute to clear.
* This will perform a scan across multiple different virus scanning engines.
* Important: Wait for all of the scanning engines to complete.
* Once the scan is finished, Copy and then Paste the link in the address bar into your next reply.

----------

If you already have ComboFix be sure to delete it and download a new copy.

Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note:  It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
 
Double click combofix.exe & follow the prompts.
Vista users Right-Click on ComboFix.exe and select Run as administrator (you will receive a UAC prompt, please allow it)
When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

If you have problems with ComboFix usage, see How to use ComboFix

[tkrasna]

Combofix froze while running unattended.  I let it be for a few hours.  I went into task  manager to do an orderly shutdown, and that froze too.  After a hard power reset, the machine just rebooted itself during startup even when attempting safe mode.  Going into the recovery console and copying a bare bones registry from c:\windows\repair into c:\windows\system32\config did not resolve this.  Neither did fixboot, chkdsk, or any other utility I could find.  I did a repair install of Windows XP which got me running again, but at this point, I'll say that the machine is unstable enough to validate a clean install from scratch.  So, I'll get started on that, and after many hours of updates, plus driver installs, etc... I'll come back in and say hello.  Oh, and that Sun.EXE is a legit program that sits in the systray.  It just tells you sunrise and sunset times and is more than ten years old.  You can check this out at www.sunrisesunset.com  The Jotti's malware scan didn't pick up anything for this...

http://virusscan.jotti.org/en/scanresult/8962ed2bc3277daa3b0ef278cb96291145f51ac9

[tkrasna]

All OK as per above, but I'm having trouble reinstalling McAfee Security.  After downloading and installing, it says I have remnants of Enterprise.  I don't see how this is possible with a newly formatted HD, but nonetheless, I can't find the McAfee Enterprise Removal Tool to try and get rid of it.  Anyone know where I may get this?

[evilfantasy]

Sorry I somehow missed your prior reply...


Try this for the McAfee errors.

Download the McAfee Consumer Product Removal Tool to your Desktop.

Using McAfee Consumer Product Removal tool:

* Double click the MCPR.exe
* A Command Line window will be displayed, and then close automatically.
* Wait for a second Command Line window to be displayed.

Note: Do not double-click MCPR.exe again, you may have to wait up to 1 minute for the next window to appear.

* After the second window appears, the program will begin the cleanup.
* Observe the installation, which could take several minutes. The following message will be displayed in the Command Line window: The machine must reboot to complete the un-installation. Reboot now? [y.n]
* Press Y on the keyboard.
* Wait for the computer to restart.
* All McAfee products are now removed from your computer.