1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Google redirect

Discussion in 'Malware and Virus Removal Archive' started by natasha, 2011/01/02.

Page 1 of 4
  1. 2011/01/02
    natasha

    natasha Inactive Thread Starter

    Joined:
    2011/01/02
    Messages:
    40
    Likes Received:
    0
    [Resolved] Google redirect

    Please help me
    one month ago, when I tried to log on to google, it said it was getting too much traffic from my site and to proceed further I had to type in one of those words ( to make sure I wasn't a computer)

    Well.. I did Mcafee virus check and sophos root kit
    and it reported nothing.

    Day before I lost all access to google, gmail and yahoo.
    internet works and ask.com works.
    Hence I am writing this email

    Checking on the forum
    I saw that I had to clear hosts or something
    on c window/system 32/drivers/etc/hosts
    but under this link .. I don't have any files called hosts

    I did a search and found plenty.. but I don't know which ones to delte

    I also downloads spy bot and on checking found many bad files
    I deleted all
    except there was two
    Microsoft windows. redirected hosts
    Fraud Windows system
    I was unable to delete or repair these two.

    well google , or yahoo or gmail and related sites
    still not working

    PLEASE HELP ME.
    thank you
    :eek:
     
    natasha,
    #1
  2. 2011/01/02
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Welcome aboard :)

    Please, read this post, then post the requested log(s).

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
    broni,
    #2


  3. to hide this advert.

  4. 2011/01/02
    natasha

    natasha Inactive Thread Starter

    Joined:
    2011/01/02
    Messages:
    40
    Likes Received:
    0
    ok.. thank you
     
    Last edited: 2011/01/03
    natasha,
    #3
  5. 2011/01/02
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Ok :)
     
    broni,
    #4
  6. 2011/01/02
    natasha

    natasha Inactive Thread Starter

    Joined:
    2011/01/02
    Messages:
    40
    Likes Received:
    0
    the log from malware
    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5446

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 7.0.5730.13

    1/2/2011 8:13:07 PM
    mbam-log-2011-01-02 (20-13-07).txt

    Scan type: Full scan (C:\|D:\|)
    Objects scanned: 174399
    Time elapsed: 29 minute(s), 45 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
    natasha,
    #5
  7. 2011/01/02
    natasha

    natasha Inactive Thread Starter

    Joined:
    2011/01/02
    Messages:
    40
    Likes Received:
    0
    not imp message
     
    Last edited: 2011/01/03
    natasha,
    #6
  8. 2011/01/02
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Just approved it.
     
    broni,
    #7
  9. 2011/01/02
    natasha

    natasha Inactive Thread Starter

    Joined:
    2011/01/02
    Messages:
    40
    Likes Received:
    0
    not imp message
     
    Last edited: 2011/01/03
    natasha,
    #8
  10. 2011/01/02
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You're welcome :)

    Restart computer in Safe Mode and run GMER from there.
    In that case, you don't have worry about disabling anything.
     
    broni,
    #9
  11. 2011/01/02
    natasha

    natasha Inactive Thread Starter

    Joined:
    2011/01/02
    Messages:
    40
    Likes Received:
    0
    not imp message
     
    Last edited: 2011/01/03
    natasha,
    #10
  12. 2011/01/02
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    No worries...

    Restart computer and keep TAPPING F8 key until menu appears.
    Using your keyboard up/down keys, select Safe Mode.
     
    broni,
    #11
  13. 2011/01/02
    natasha

    natasha Inactive Thread Starter

    Joined:
    2011/01/02
    Messages:
    40
    Likes Received:
    0
    not imp message
     
    Last edited: 2011/01/03
    natasha,
    #12
  14. 2011/01/02
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    broni,
    #13
  15. 2011/01/02
    natasha

    natasha Inactive Thread Starter

    Joined:
    2011/01/02
    Messages:
    40
    Likes Received:
    0
    sorry I meant Malware bytes
    so many names
    so many programs
    confusion sorry.
    anyways
    I ended up
    deleting the malware bytes
    and here is the log
    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2011-01-02 22:27:39
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 WDC_WD1600BEVT-60ZCT1 rev.13.01A13
    Running: ks254l65.exe; Driver: C:\DOCUME~1\user\LOCALS~1\Temp\pxtdrpow.sys


    ---- System - GMER 1.0.15 ----

    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xA90E42DB]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xA90E42EF]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xA90E431B]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xA90E42C7]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xA90E4305]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xA90E4331]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xA90E4347]

    ---- Kernel code sections - GMER 1.0.15 ----

    PAGE ntkrnlpa.exe!ZwTerminateProcess 805D299E 5 Bytes JMP A90E434B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwSetValueKey 80621D0C 7 Bytes JMP A90E4335 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwRenameKey 806231A8 7 Bytes JMP A90E4309 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwCreateKey 80623786 5 Bytes JMP A90E42DF \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwDeleteKey 80623C16 7 Bytes JMP A90E42F3 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwDeleteValueKey 80623DE6 7 Bytes JMP A90E431F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwOpenKey 80624B58 5 Bytes JMP A90E42CB \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Ip mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\RawIp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

    ---- EOF - GMER 1.0.15 ----
     
    natasha,
    #14
  16. 2011/01/02
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Good :)

    Go on....
     
    broni,
    #15
  17. 2011/01/02
    natasha

    natasha Inactive Thread Starter

    Joined:
    2011/01/02
    Messages:
    40
    Likes Received:
    0
    and thanky ou
     
    Last edited: 2011/01/03
    natasha,
    #16
  18. 2011/01/02
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    No problem :)
     
    broni,
    #17
  19. 2011/01/02
    natasha

    natasha Inactive Thread Starter

    Joined:
    2011/01/02
    Messages:
    40
    Likes Received:
    0
    my message already showed up..
     
    Last edited: 2011/01/02
    natasha,
    #18
  20. 2011/01/02
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    What message?

    I still need other logs.
    It's OK to post them tomorrow, if you're ready for bed :)
     
    broni,
    #19
  21. 2011/01/03
    natasha

    natasha Inactive Thread Starter

    Joined:
    2011/01/02
    Messages:
    40
    Likes Received:
    0
    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2011-01-02 23:22:47
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 WDC_WD1600BEVT-60ZCT1 rev.13.01A13
    Running: ks254l65.exe; Driver: C:\DOCUME~1\user\LOCALS~1\Temp\pxtdrpow.sys


    ---- System - GMER 1.0.15 ----

    Code \SystemRoot\system32\drivers\mfehidk.sys ZwCreateKey [0xA90E42DB]
    Code \SystemRoot\system32\drivers\mfehidk.sys ZwDeleteKey [0xA90E42EF]
    Code \SystemRoot\system32\drivers\mfehidk.sys ZwDeleteValueKey [0xA90E431B]
    Code \SystemRoot\system32\drivers\mfehidk.sys ZwOpenKey [0xA90E42C7]
    Code \SystemRoot\system32\drivers\mfehidk.sys ZwRenameKey [0xA90E4305]
    Code \SystemRoot\system32\drivers\mfehidk.sys ZwSetValueKey [0xA90E4331]
    Code \SystemRoot\system32\drivers\mfehidk.sys ZwTerminateProcess [0xA90E4347]

    ---- Kernel code sections - GMER 1.0.15 ----

    PAGE ntkrnlpa.exe!ZwTerminateProcess 805D299E 5 Bytes JMP A90E434B \SystemRoot\system32\drivers\mfehidk.sys
    PAGE ntkrnlpa.exe!ZwSetValueKey 80621D0C 7 Bytes JMP A90E4335 \SystemRoot\system32\drivers\mfehidk.sys
    PAGE ntkrnlpa.exe!ZwRenameKey 806231A8 7 Bytes JMP A90E4309 \SystemRoot\system32\drivers\mfehidk.sys
    PAGE ntkrnlpa.exe!ZwCreateKey 80623786 5 Bytes JMP A90E42DF \SystemRoot\system32\drivers\mfehidk.sys
    PAGE ntkrnlpa.exe!ZwDeleteKey 80623C16 7 Bytes JMP A90E42F3 \SystemRoot\system32\drivers\mfehidk.sys
    PAGE ntkrnlpa.exe!ZwDeleteValueKey 80623DE6 7 Bytes JMP A90E431F \SystemRoot\system32\drivers\mfehidk.sys
    PAGE ntkrnlpa.exe!ZwOpenKey 80624B58 5 Bytes JMP A90E42CB \SystemRoot\system32\drivers\mfehidk.sys
    ? system32\drivers\mfetdik.sys The system cannot find the path specified. !
    ? C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys The system cannot find the file specified. !
    ? system32\drivers\mfehidk.sys The system cannot find the path specified. !

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys
    AttachedDevice \Driver\Tcpip \Device\Ip mfetdik.sys
    AttachedDevice \Driver\Tcpip \Device\Tcp mfetdik.sys
    AttachedDevice \Driver\Tcpip \Device\Udp mfetdik.sys
    AttachedDevice \Driver\Tcpip \Device\RawIp mfetdik.sys
    ---- Processes - GMER 1.0.15 ----

    Library C:\Program (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [1064] 0x14490000
    Library C:\Program (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [1064] 0x15C20000

    ---- EOF - GMER 1.0.15 ----
     
    natasha,
    #20
Page 1 of 4

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...