1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Google redirects me to some random site! Help!!!

Discussion in 'Virus & Other Malware Removal' started by xinsid3x, Jun 23, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. xinsid3x

    xinsid3x Thread Starter

    Joined:
    Jun 23, 2010
    Messages:
    4
    Well for the past week, I've noticed that when I click a google link it redirects me to a random site.So I ran malwarebytes and I got 5 trojans for that. The log is

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4230

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    6/23/2010 4:11:55 PM
    mbam-log-2010-06-23 (16-11-55).txt

    Scan type: Quick scan
    Objects scanned: 128911
    Time elapsed: 11 minute(s), 25 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 4
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 93.188.162.161,93.188.166.192 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 93.188.162.161,93.188.166.192 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{e5041c34-627d-43f3-aaf2-20fdc34ed9c2}\DhcpNameServer (Trojan.DNSChanger) -> Data: 93.188.162.161,93.188.166.192 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{e5041c34-627d-43f3-aaf2-20fdc34ed9c2}\NameServer (Trojan.DNSChanger) -> Data: 93.188.162.161,93.188.166.192 -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\Documents and Settings\JSP\Application Data\cade624d.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
     
  2. xinsid3x

    xinsid3x Thread Starter

    Joined:
    Jun 23, 2010
    Messages:
    4
  3. xinsid3x

    xinsid3x Thread Starter

    Joined:
    Jun 23, 2010
    Messages:
    4
  4. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,929
    Hi and Welcome,

    Please do the following:

    Please download DDS from either of these links

    LINK 1
    LINK 2

    and save it to your desktop.
    • Disable any script blocking protection
    • Double click dds.pif to run the tool.
    • When done, two DDS.txt's will open.
    • Save both reports to your desktop.
    ---------------------------------------------------
    Please include the contents of the following in your next reply:

    DDS.txt
    Attach.txt.


    NEXT




    Download GMER Rootkit Scanner from here to your desktop. It will be a randomly named executable.
    • Double click the exe file.
    • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan.


      [​IMG]
      Click the image to enlarge it


    • In the right panel, you will see several boxes that have been checked. Ensure the following are unchecked
      • IAT/EAT
      • Drives/Partition other than Systemdrive (typically C:\)
      • Show All (don't miss this one)
    • Then click the Scan button & wait for it to finish.
    • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
    • Save it where you can easily find it, such as your desktop, and attach it in reply.

    **Caution**
    Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/931061