Computer Hope

Software => Computer viruses and spyware => Virus and spyware removal => Topic started by: Mulreay on April 01, 2010, 05:30:10 AM

Title: Google re-direction
Post by: Mulreay on April 01, 2010, 05:30:10 AM

Ok I'm asking for searches on google and in my browser it starts re-directing to other search

I think it's this Trojan:JS/Dursg.B

It cleared it once on microsoft security essentials but now it does not recognise it.

Any help much appreciated

Title: Re: Google re-direction
Post by: Dr Jay on April 01, 2010, 08:58:45 AM

Hello! We need to do some diagnostics to get started.

1. Please download Profiles (http://noahdfear.net/downloads/profiles.exe) by noahdfear.

• Save it to your desktop.
• Double-click profiles.exe and post its log when you reply

2. Download Win32kDiag (http://ad13.geekstogo.com/Win32kDiag.exe) by ad13 and save it to your Desktop.

• Double-click Win32kDiag.exe to run Win32kDiag and let it finish.
  
• When it states "Finished! Press any key to exit...", press any key on your keyboard to close the program.
  
• Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as a reply to this topic.

3. Please download Cheetah-Anti-Rogue (http://www.helpmyos.com/Cheetah-php-h15.htm?cheetah.zip) by me, and save to your Desktop.

• Double-click on Cheetah-Anti-Rogue.zip, and extract the file to your Desktop.
• Double-click on Cheetah-Anti-Rogue.cmd to start.
• It will finish quickly and launch a log.
• Post the contents of it in your next reply.

4. In your next reply, please post the following logs for my review:

• Profiles log (1)
• Win32kDiag log (2)
• Cheetah log (3)

Thanks! :)

Title: Re: Google re-direction
Post by: Mulreay on April 01, 2010, 09:21:11 AM

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18
    ProfileImagePath    REG_EXPAND_SZ    %systemroot%\system32\config\systemprofile

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19
    ProfileImagePath    REG_EXPAND_SZ    %SystemRoot%\ServiceProfiles\LocalService

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20
    ProfileImagePath    REG_EXPAND_SZ    %SystemRoot%\ServiceProfiles\NetworkService

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2589518989-727022852-2468593643-1000
    ProfileImagePath    REG_EXPAND_SZ    C:\Users\Graham

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2589518989-727022852-2468593643-1001.bak
    ProfileImagePath    REG_EXPAND_SZ    C:\Users\Greg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2589518989-727022852-2468593643-501
    ProfileImagePath    REG_EXPAND_SZ    C:\Users\Guest

    ProfileImagePath    REG_EXPAND_SZ    %SystemRoot%\ServiceProfiles\LocalService
    ProfileImagePath    REG_EXPAND_SZ    %SystemRoot%\ServiceProfiles\NetworkService
    SystemRoot    REG_SZ    C:\Windows




Starting up...
Running from: C:\Users\Graham\Desktop\System defence\Win32kDiag.exe
Log file at : C:\Users\Graham\Desktop\Win32kDiag.txt
WARNING: Could not get backup privileges!
Searching 'C:\Windows'...

Cannot access: C:\Windows\bthservsdp.dat


Please let me know what else you need...

Title: Re: Google re-direction
Post by: Dr Jay on April 02, 2010, 11:08:34 AM

Cheetah-Anti-Rogue is needed, also. I included the instructions for my first reply to you.

Title: Re: Google re-direction
Post by: Mulreay on April 02, 2010, 11:59:43 AM

I new I forgot to mention something. That link to Cheetah does not work.

Title: Re: Google re-direction
Post by: Dr Jay on April 02, 2010, 12:02:46 PM

Ok. I will see what is wrong with my link there.

Edit: try it again. I fixed it.

Title: Re: Google re-direction
Post by: Mulreay on April 02, 2010, 12:38:17 PM

OK thanks for that. See attached.

Cheetah-Anti-Rogue v1.3.35
by DragonMaster Jay

Microsoft Windows [Version 6.0.6002]
Date: 02/04/2010 - Time: 19:13:23 - Arch.: x86
 
 
-- Malware removal tools check --
User has Sandboxie installed! :D
Sandboxie
CCleaner
Trend Micro HijackThis 2.0.2
Malwarebytes' Anti-Malware
SUPERAntiSpyware
 
 
-- Known infection --
 
 
 
Extra message: Detection only.
 
 
EOF


[recovering disk space - old attachment deleted by admin]

Title: Re: Google re-direction
Post by: Dr Jay on April 02, 2010, 09:01:53 PM

Please download Stealth MBR Rootkit Detector by GMER from GMER.net (http://www2.gmer.net/mbr/mbr.exe), and save to your Desktop.

• Right-click on mbr.exe and click Run as Administrator to start the program.
  
• When done scanning, it will save a log on the Desktop called mbr.log.
  
• Please post the contents of that log in your next reply.

Title: Re: Google re-direction
Post by: Mulreay on April 03, 2010, 05:08:33 AM

Here's the log.

[recovering disk space - old attachment deleted by admin]

Title: Re: Google re-direction
Post by: Dr Jay on April 03, 2010, 07:22:14 AM

Please download RootRepeal from GooglePages.com (http://rootrepeal.googlepages.com/RootRepeal.zip).

• Extract the program file to your Desktop.
• Run the program RootRepeal.exe.
  
• Click Settings > Options. Drag the slider to High Level. Then, click the Red X.
  
• Go to the Report tab and click on the Scan button.
  (http://i39.tinypic.com/nclahc.gif)
  
  
• Select ALL of the checkboxes and then click OK and it will start scanning your system.
  (http://i39.tinypic.com/2j5lb6.gif)
  
• If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
• When done, click on Save Report
  
• Save it to the Desktop.
• Please copy/paste the contents of the report in your next reply.

Please remove any e-mail address in the RootRepeal report (if present).