Inactive [InActive] Web searches being redirected

Hi
OK looks good.

I see you have P2P software ( Limewire, BitTorrent uTorrent etc… ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections.

References for the risk of these programs are here,
here and here.

I would strongly recommend that you uninstall them,

Note: Please be advised that continued use of these programs after being warned of the danger of infections from them, may result in the discontinued help of future cleaning of your system here at Windowsbbs Malware and Virus removal.


Please do this.

Your Java is out of date and we need to update it.

Please download JavaRa and save the file to your desktop.

• Right click and Extract All
• Once extracted, open and run JavaRa.exe
• Click Search For Updates
• Select Update Using jucheck.exe
• Click Search
• If a newer version is found, allow it to be installed
• Uncheck the Google Toolbar option. (if you don't want the Google tool bar)
• When complete, click Remove Older Versions in the JavaRa interface and allow it to proceed
• When that is complete, click Additional Tasks, then select Remove Useless JRE Files and click Go
• Exit the tool when complete.

Read and then You can delete the gpl-2.0.txt file.


Now lets get a on line scan.

Download ATF Cleaner by Atribune and save it to your Desktop.
This is a good tool to get rid of the temporary garbage you pick up while surfing the net.
Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:

Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
Recycle bin

The rest are optional - if you want it to remove everything check "Select All ".
Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK.


Please do an online scan with Kaspersky WebScanner

Click on “Accept” If your pop –up blocker blocks any windows from opening.

Click Run on the window that opens.
Windows Vista users you must open the web browser using the Run as Administrator command.

• The program will launch and then begin downloading the latest definition files:
• Under Scan on the left side.Click on My Computer
• This will start the program and scan your system.
• Click the “Scan Report” On the left side.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  • Click the Save Report As button, and in the Browse dialog box, type a name for the scan report file that you want to create and select its type Text file. Click OK to save the file.:
• Save the text file to your desktop.
• Copy and paste that information in your next post.

Please post the Kaspersky results.

Thanks
Geri

 

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, October 30, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, October 28, 2008 11:18:32
Records in database: 1352977
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - Critical Areas:
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
C:\Program Files
C:\WINDOWS

Scan statistics:
Files scanned: 203758
Threat name: 4
Infected objects: 5
Suspicious objects: 0
Duration of the scan: 30:26:51


File name / Threat name / Threats count
C:\Program Files\Firtware\Cache\0000305e_44186f6f_0007de29 Infected: Trojan-Downloader.HTML.Agent.au 1
C:\Program Files\Firtware\Cache\00003727_440ac017_00031493 Infected: Exploit.HTML.Mht 1
C:\Program Files\Firtware\Cache\000075ef_440de4d1_0005f5e1 Infected: Trojan-Downloader.HTML.Agent.au 1
C:\WINDOWS\JUSTIN2.exe Infected: not-a-virus:AdWare.Win32.EZula.bn 1
C:\WINDOWS\system32\nsn43.dll Infected: not-a-virus:AdWare.Win32.EZula.cs 1

The selected area was scanned.




Sorry for the long delay, it took 30 hours to finish the scan.

 

Hi

I've had some other complaints on this also, I will have to see if I can find out what is happing.

OK please do this.

Highlight and copy the contents of the code box below and paste it into a blank Notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button.
Click here to see how to use CFScript.txt
Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

Code:

File::
C:\WINDOWS\JUSTIN2.exe
C:\WINDOWS\system32\nsn43.dll 

Folder::
C:\Program Files\Firtware 

Please post the combofix log.

Thanks
Geri

 

I did the following, But when i did it said in the blue box "access denied" then a small box popped up saying Combo fix needed an update, wanting to wait and post that here i clicked no. when i did Combofix vanished from my desktop.

 

Hi
OK please re-download it and run the script I provided.

Geri

 

Google Redirect

I have been having a similar problem. Any google search result redirects and many websites involved with antispyware or antivirus software show the error "connection with server cannot be made." I also tried the links given on this posting and cannot download with the same errors, excepting the most recent, which had a 404 error. Any help would be greatly appreciated. Thanks.

 

Hi bsrrx
Welcome to Windowsbbs.

Please start a topic of your own and some one will be glad to help you out.

Thanks
Geri