Question:
Virus that keeps Redirecting me to unrelated Website's?
Shane
2010-02-25 13:16:38 UTC
Hello ive got a virus that is very annoying when iam in google when i search for a website and click it, it takes me to another website unrelated to the one iam searching for here is my hijack this log
__________________________________
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:56:48, on 25/02/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\locator.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\WLAN\WLANUtility\WlanUtility.exe
C:\WINDOWS\system32\bcmwltry.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.genie.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Genie Internet
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\msqjra32.exe,
O2 - BHO: (no name) - {051BD6DC-9EA9-4671-A493-14A4F92AC4A8} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {081DE96B-D2D1-4EC5-B03B-472D5DF3CC95} - (no file)
O2 - BHO: (no name) - {0A22C4B5-8CB3-4ACD-A5F1-2C7C742A263F} - (no file)
O2 - BHO: (no name) - {10CB7552-12CA-4B45-B176-1ADAB79FEDB8} - (no file)
O2 - BHO: (no name) - {11DD845C-C0C8-49ED-934B-D9CEE4AEB784} - (no file)
O2 - BHO: (no name) - {166E4BC1-3872-49D4-890B-F9777DB89474} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {199E4515-B8B1-49E2-B7BE-724AD28F5021} - (no file)
O2 - BHO: (no name) - {19C0B0E8-6C81-4846-94B3-C0D46C93D141} - (no file)
O2 - BHO: (no name) - {1E3560AC-0CC5-44B4-A51D-FB582D47E669} - (no file)
O2 - BHO: (no name) - {1E681D3B-6532-428E-B8E6-5478A1E017E9} - (no file)
O2 - BHO: (no name) - {1E9990B6-EE95-4A88-A9E1-05490416D2B7} - (no file)
O2 - BHO: (no name) - {1F07692F-2D71-44E4-88ED-3F7AA18EB2ED} - (no file)
O2 - BHO: (no name) - {2152B8B7-FECB-47AF-B21C-E879F654CACB} - (no file)
O2 - BHO: (no name) - {2798181C-0F07-4FC6-ACDC-069ABB35CEB2} - (no file)
O2 - BHO: (no name) - {2B246C6F-22E7-4FD1-8DD2-BCAAD40A13A1} - (no file)
O2 - BHO: (no name) - {2C6C205E-E469-4386-836E-67AA52B7C5B8} - (no file)
O2 - BHO: (no name) - {2EF9717E-6961-44FD-919D-2E6AB62605A8} - (no file)
O2 - BHO: (no name) - {397A82E1-FB33-45D1-96AE-546EDD7C487F} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {45A7729D-2519-4AC5-BCD0-37284BD40BB0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {53DAF7F1-C9D3-43A2-8484-F80F49C03557} - (no file)
O2 - BHO: (no name) - {54091412-F214-4C09-859D-AB872AAFD0D6} - (no
Five answers:
?
2010-02-25 13:22:30 UTC
get Malwarebytes Antimalware from http://download.cnet.com



also, get rid of those BHOs ugh!
Vesta
2016-08-29 02:12:52 UTC
2
Diana B
2010-02-25 13:55:17 UTC
You've got a serious problem. I would suggest that you NOT download any security software. With your problem, you'll be lucky to actually reach a genuine website of a security software maker. More likely, you'll be diverted to a fake site.



You need to go out and buy genuine security software. I suggest kaspersky.
2016-04-14 09:40:03 UTC
Download the free versions of Malwarebytes, avast free or panda cloud antivirus. If that deos not work try switching browsers or reinstalling them. oes that happen in all browsers?
Mike
2010-02-25 15:39:10 UTC
I think you should read this http://deletemalware.blogspot.com/2010/02/remove-google-redirect-virus.html


This content was originally posted on Y! Answers, a Q&A website that shut down in 2021.
Loading...