Results 1 to 12 of 12

Thread: Google Redirect

  1. #1
    New Lounger
    Join Date
    Dec 2009
    Location
    Yorkshire, England
    Posts
    5
    Thanks
    0
    Thanked 0 Times in 0 Posts
    i am an IT professional working in the aerospace industry. I currently support a specialised ASP web application, but have spent a number of years
    "learning the trade" on various support functions. In short, i am pretty well aware of what goes on and how to resolve most day to day problems.
    However, recently, i have been hit by the Google redirect virus on my personal PC. I suspect this happened during a www search for drivers for a PC I
    was repairing.
    I have tried EVERY possible thing to resolve this problem. I have run the Microsoft malicious removal tool, Stinger, Kapersky IDSSKILLERand all the possible Malware removal tools etc etc. most of these utilities report no relative infection on the drive. there is a huge amount of information about ths problem posted around, but nothing seems to be able to locate and kill it.,
    I have even tried a portable apps stick with clamwin portable on. It still rediverts google using the onboard firefox browser.

    I really do not want to rebuild the current windows 7 ultimate setup...I do so hate to go for the easy option!

    Any suggestions?


    SORTED......................

    now resolved. Router infected by virus. The various IP addresses had been changed to direct the traffic to rogue servers. Reset router settings, change router password and flush dns settings in PC ip config. (run: ipconfig/flushdns)

    now happily 7 days of pain resolved.

    incidentally the miserable culprits are located in the russian federation!

    Why do we have to put up with these pratts?

    I hope that no one else spends 7 days trying to kill a virus on a pc That does not exist. I am surprised that this problem which has existed for 2 years is not documented as I haVE SPENT 7 DAYS following false trails!
    i HOPE THIS HELPS OTHER VICTIMS
    Remembering the Brave
    www.thecaseys.karoo.net

  2. #2
    Plutonium Lounger Medico's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    12,631
    Thanks
    161
    Thanked 936 Times in 856 Posts
    Quote Originally Posted by Mike Casey View Post
    i am an IT professional working in the aerospace industry. I currently support a specialised ASP web application, but have spent a number of years
    "learning the trade" on various support functions. In short, i am pretty well aware of what goes on and how to resolve most day to day problems.
    However, recently, i have been hit by the Google redirect virus on my personal PC. I suspect this happened during a www search for drivers for a PC I
    was repairing.
    I have tried EVERY possible thing to resolve this problem. I have run the Microsoft malicious removal tool, Stinger, Kapersky IDSSKILLERand all the possible Malware removal tools etc etc. most of these utilities report no relative infection on the drive. there is a huge amount of information about ths problem posted around, but nothing seems to be able to locate and kill it.,
    I have even tried a portable apps stick with clamwin portable on. It still rediverts google using the onboard firefox browser.

    I really do not want to rebuild the current windows 7 ultimate setup...I do so hate to go for the easy option!

    Any suggestions?
    Mike,

    You did not happen to make an image did you? I also like to know what causes a problem, but I find that at times the quick solution (Install image or rebuild OS and apps, then IMAGE) is much quicker than t/s and solve, even if it is possible. Sorry I do not have a great answer for you.
    BACKUP...BACKUP...BACKUP
    Have a Great Day! Ted


    Sony Vaio Laptop, 2.53 GHz Duo Core Intel CPU, 8 GB RAM, 320 GB HD
    Win 8 Pro (64 Bit), IE 10 (64 Bit)


    Complete PC Specs: By Speccy

  3. #3
    5 Star Lounger
    Join Date
    Dec 2003
    Location
    Burrton, KS, USA
    Posts
    833
    Thanks
    0
    Thanked 2 Times in 2 Posts
    You have checked your hosts file?

    http://support.microsoft.com/kb/972034

  4. #4
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    23,585
    Thanks
    5
    Thanked 1,059 Times in 928 Posts
    See How do I remove a Google Redirect Virus?? My TrendMicro and Windows Defender are not finding it. - Web Search Help for a list of malware removal sites that have some very good people to help.

    Joe
    Joe

  5. #5
    2 Star Lounger
    Join Date
    Dec 2009
    Location
    Calif
    Posts
    182
    Thanks
    0
    Thanked 14 Times in 13 Posts
    For a hopefully PRELIMINARY Step in solving your problem, I recommend
    you run Malwarebytes Anti-Malware ( www.malwarebytes.org/mbam.php )
    and "SUPERAntiSpyware" ( www.superantispyware.com ), BOTH of which
    come in a Free Version . If these do not resolve the problem, seek help
    from an experienced, trained, certified, Volunteer "Malware Removal
    Specialist" found on many Advanced malware removal forums, such as
    the One at www.geekstogo.com/forum/forums.html . This forum starts
    the investigative process by analyzing a "Log" from the FREE "OTL"
    program, which you can read about at
    http://www.geekstogo.com/forum/OTL-T...t-t277391.html .
    For the BEST in what counts in Life :

    http://www.ctftoronto.com

  6. #6
    Super Moderator CLiNT's Avatar
    Join Date
    Dec 2009
    Location
    California & Arizona
    Posts
    6,121
    Thanks
    160
    Thanked 609 Times in 557 Posts
    This seems to be the consensus for the virus;

    From Device Manager: click on "View" >>"Show Hidden Devices".
    Expand all the devices by click on the "Plus" sign. Locate "TDSSserv.sys" , then right click >>Disable.
    Do not select uninstall.
    Boot your computer, then follow Robin's advice.
    Install and run Malwarebytes Anti-Malware and SUPERAntiSpyware.



    How to Remove Google Redirect From a Computer
    vs
    How to Remove Google Redirect Virus
    DRIVE IMAGING
    Invest a little time and energy in a well thought out BACKUP regimen and you will have minimal down time, and headache.

    Build your own system; get everything you want and nothing you don't.
    Latest Build:
    ASUS X99 Deluxe, Core i7-5960X, Corsair Hydro H100i, Plextor M6e 256GB M.2 SSD, Corsair DOMINATOR Platinum 32GB DDR4@2666, W8.1 64 bit,
    EVGA GTX980, Seasonic PLATINUM-1000W PSU, MountainMods U2-UFO Case, and 7 other internal drives.

  7. #7
    Lounger
    Join Date
    Jun 2010
    Location
    A Texas State of Mind
    Posts
    44
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Heading to a malware removal support forum and getting assistance by the specialist there is your best bet with this kind of infection, malwarbytes would be the first attempt, however to make sure you are fully cleaned going to one of the forums and running specialized scans will ensure full removal. Bleeping computer does offer good tutorials for removals however having a guided clean up is the best way to go. Many of the support forums you can trust are listed here
    http://asap.maddoktor2.com/
    like this one for example
    Analysis and Malware Removal
    registered Linux user:476595

  8. #8
    New Lounger
    Join Date
    Dec 2009
    Location
    Yorkshire, England
    Posts
    5
    Thanks
    0
    Thanked 0 Times in 0 Posts
    now resolved. Router infected by virus. Reset router settings, change router password and flush dns settings in PC ip config. (ipconfig/flushdns)

    now happily 7 days of pain resolved.

    incidentally culprits are located in the russian federation!

    Why do we have to put up with these pratts?
    Remembering the Brave
    www.thecaseys.karoo.net

  9. #9
    5 Star Lounger
    Join Date
    Dec 2003
    Location
    Burrton, KS, USA
    Posts
    833
    Thanks
    0
    Thanked 2 Times in 2 Posts
    Mike,

    As I stated in the PM to you this is the first time I have seen this. Can you elaborate a bit on the "router infected by a virus" statement.

    Was the router administration pages taken over by someone and the settings changed?
    Were you using the default administrator password on the router?
    Were all machines on the network affected?
    Is your router the DNS server for your network and so was a victim of DNS cache poisoning without actually having its administration security settings breached?

    and last of all

    Is your router susceptible to another attack as its firmware is faulty?

  10. #10
    Lounger
    Join Date
    Jun 2010
    Location
    A Texas State of Mind
    Posts
    44
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I had seen mention of something similar at one of the other forums I am on and I think it was over on DSLR reports in the security forum but am not positive. I also would try the manufacturers website for updated firmware which might block such vulnerabilities. As mercyh mentioned all of those questions are definitely ones I would ask also, very interesting case. Goes to show how important keeping our routers very locked down can be. I see so many that just slap on a router and never change anything from default or set strong passwords.
    good luck Mike let us know how things progress.
    registered Linux user:476595

  11. #11
    5 Star Lounger
    Join Date
    Dec 2003
    Location
    Burrton, KS, USA
    Posts
    833
    Thanks
    0
    Thanked 2 Times in 2 Posts
    I don't know if Mike will comply with my request to post the details from the PM he sent me or not. I will not post the details as that is up to him if he wishes. I will just say this...

    CHANGE YOUR ROUTER'S DEFAULT ADMINISTRATION [s]ADDRESS[/s] PASSWORD. You have been WARNED.....

    I have read about this attack but this is the first time I have talked to someone that has experienced it.

  12. #12
    Lounger
    Join Date
    Jun 2010
    Location
    A Texas State of Mind
    Posts
    44
    Thanks
    0
    Thanked 0 Times in 0 Posts
    this is one of the articles I had seen about a type of router attack recently
    http://blogs.forbes.com/firewall/201...e-to-web-hack/
    registered Linux user:476595

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •