Author Topic: Google re-direction (Read 9746 times)

Mulreay · « **on:** April 01, 2010, 05:30:10 AM »

Ok I'm asking for searches on google and in my browser it starts re-directing to other search

I think it's this Trojan:JS/Dursg.B

It cleared it once on microsoft security essentials but now it does not recognise it.

Any help much appreciated

Dr Jay · « **Reply #1 on:** April 01, 2010, 08:58:45 AM »

Hello! We need to do some diagnostics to get started.

1. Please download Profiles by noahdfear.

Save it to your desktop.
Double-click profiles.exe and post its log when you reply

2. Download Win32kDiag by ad13 and save it to your Desktop.

Double-click Win32kDiag.exe to run Win32kDiag and let it finish.
When it states "Finished! Press any key to exit...", press any key on your keyboard to close the program.
Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as a reply to this topic.

3. Please download Cheetah-Anti-Rogue by me, and save to your Desktop.

Double-click on Cheetah-Anti-Rogue.zip, and extract the file to your Desktop.
Double-click on Cheetah-Anti-Rogue.cmd to start.
It will finish quickly and launch a log.
Post the contents of it in your next reply.

4. In your next reply, please post the following logs for my review:

Profiles log (1)
Win32kDiag log (2)
Cheetah log (3)

Thanks! :)

Mulreay · « **Reply #2 on:** April 01, 2010, 09:21:11 AM »

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18
ProfileImagePath REG_EXPAND_SZ %systemroot%\system32\config\systemprofile

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19
ProfileImagePath REG_EXPAND_SZ %SystemRoot%\ServiceProfiles\LocalService

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20
ProfileImagePath REG_EXPAND_SZ %SystemRoot%\ServiceProfiles\NetworkService

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2589518989-727022852-2468593643-1000
ProfileImagePath REG_EXPAND_SZ C:\Users\Graham

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2589518989-727022852-2468593643-1001.bak
ProfileImagePath REG_EXPAND_SZ C:\Users\Greg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2589518989-727022852-2468593643-501
ProfileImagePath REG_EXPAND_SZ C:\Users\Guest

ProfileImagePath REG_EXPAND_SZ %SystemRoot%\ServiceProfiles\LocalService
ProfileImagePath REG_EXPAND_SZ %SystemRoot%\ServiceProfiles\NetworkService
SystemRoot REG_SZ C:\Windows

Starting up...
Running from: C:\Users\Graham\Desktop\System defence\Win32kDiag.exe
Log file at : C:\Users\Graham\Desktop\Win32kDiag.txt
WARNING: Could not get backup privileges!
Searching 'C:\Windows'...

Cannot access: C:\Windows\bthservsdp.dat

Please let me know what else you need...

Dr Jay · « **Reply #3 on:** April 02, 2010, 11:08:34 AM »

Cheetah-Anti-Rogue is needed, also. I included the instructions for my first reply to you.

Mulreay · « **Reply #4 on:** April 02, 2010, 11:59:43 AM »

I new I forgot to mention something. That link to Cheetah does not work.

Dr Jay · « **Reply #5 on:** April 02, 2010, 12:02:46 PM »

Ok. I will see what is wrong with my link there.

Edit: try it again. I fixed it.

Mulreay · « **Reply #6 on:** April 02, 2010, 12:38:17 PM »

OK thanks for that. See attached.

Cheetah-Anti-Rogue v1.3.35
by DragonMaster Jay

Microsoft Windows [Version 6.0.6002]
Date: 02/04/2010 - Time: 19:13:23 - Arch.: x86

-- Malware removal tools check --
User has Sandboxie installed!

Sandboxie
CCleaner
Trend Micro HijackThis 2.0.2
Malwarebytes' Anti-Malware
SUPERAntiSpyware

-- Known infection --

Extra message: Detection only.

EOF

[recovering disk space - old attachment deleted by admin]

Dr Jay · « **Reply #7 on:** April 02, 2010, 09:01:53 PM »

Please download Stealth MBR Rootkit Detector by GMER from GMER.net, and save to your Desktop.

Right-click on mbr.exe and click Run as Administrator to start the program.
When done scanning, it will save a log on the Desktop called mbr.log.
Please post the contents of that log in your next reply.

Mulreay · « **Reply #8 on:** April 03, 2010, 05:08:33 AM »

Here's the log.

[recovering disk space - old attachment deleted by admin]

Dr Jay · « **Reply #9 on:** April 03, 2010, 07:22:14 AM »

Please download RootRepeal from GooglePages.com.

Extract the program file to your Desktop.
Run the program RootRepeal.exe.
Click Settings > Options. Drag the slider to High Level. Then, click the Red X.
Go to the Report tab and click on the Scan button.
Select ALL of the checkboxes and then click OK and it will start scanning your system.
If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
When done, click on Save Report
Save it to the Desktop.
Please copy/paste the contents of the report in your next reply.

Please remove any e-mail address in the RootRepeal report (if present).

Computer Hope Forum

News:

Author Topic: Google re-direction (Read 9746 times)

Mulreay

Google re-direction

Dr Jay

Re: Google re-direction

Mulreay

Re: Google re-direction

Dr Jay

Re: Google re-direction

Mulreay

Re: Google re-direction

Dr Jay

Re: Google re-direction

Mulreay

Re: Google re-direction

Dr Jay

Re: Google re-direction

Mulreay

Re: Google re-direction

Dr Jay

Re: Google re-direction