1 2 Previous Next 10 Replies Latest reply on Nov 14, 2012 7:56 AM by 4brown4

    Redirection virus help

      I have this virus on my computer that hides when i run mcafee scans. When i go to a search engine...it takes me to a different page that isnt usually a real website. How do i get rid of this thing?

        • 1. Re: Redirection virus help
          Peacekeeper

          Read

          McAfee Communities: Anti-Spyware, Malware & Hijacker Tools

           

          Run the following in order

          Stinger fake AV

          Getsusp version 170 brand new and add your email to the programs preferences so it can update you to what was found

           

          then run Malwarebytes.

          If you already have Malwarebytes installed, the virus could be protecting itself against it. In that case, in order to get Malwarebytes running you'll need to rename the executable. Open theC:\Program Files\Malwarebytes Antimalware folder, then rename the "mbam.exe" file and double-click directly on the file to open the program. After updating the program, run a full system scan usingMalwarebytes. This also a good idea to rename folder it is in and exe file when you install it.

           

          Post a pic showing full path of what Malware bytes pics up that Stinger / getsusp missed please.

          • 2. Re: Redirection virus help

            Okay im terrible at this. I downloaded the AV Fake Stinger and then ran the scan. Next i downloaded the malwarebytes device and ran a scan on it. The malwarebytes detected 3 viruses that the AV Fake Stinger didnt. I dont know how to put a picture of it up here though but i saved a copy of it in my "Downloads" file.

            • 3. Re: Redirection virus help

              The malwarebytes program said it removed the 3 viruses but whenever i use the search engine...it still redirects.

              • 4. Re: Redirection virus help
                Peacekeeper

                Ok the pic thing another way is open MWB and open logs and post the last log file here.

                 

                Ensure you deleted all detected files.

                 

                Go to www.superantispyware.com ie install and run superantispyware

                 

                Re the redirect virus the above fixed it on my PC but there are many so depends on what yoou have.

                 

                Run getsusp there is a new version 170 out now. Ensure you include your email address in the preferences

                 

                Message was edited by: Peacekeeper on 22/07/11 7:34:07 PM
                • 5. Re: Redirection virus help

                  How do i install the new version and give my email? Oh and i thought i had removed on the malwarebytes bc the options it gave me were to ignore or remove. I hit remove and after it gave me a log. This is what it said:

                  Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Database version: 7219 Windows 6.1.7600 (Safe Mode) Internet Explorer 8.0.7600.16385 7/22/2011 4:15:08 AM

                  mbam-log-2011-07-22 (04-14-57).txt Scan type: Quick scan Objects scanned: 166832 Time elapsed: 3 minute(s), 48 second(s)

                  Memory Processes Infected: 0

                  Memory Modules Infected: 0

                  Registry Keys Infected: 0

                  Registry Values Infected: 0

                  Registry Data Items Infected: 0

                  Folders Infected: 0

                  Files Infected: 3

                  Memory Processes Infected: (No malicious items detected)

                  Memory Modules Infected: (No malicious items detected)

                  Registry Keys Infected: (No malicious items detected)

                  Registry Values Infected: (No malicious items detected)

                  Registry Data Items Infected: (No malicious items detected)

                  Folders Infected: (No malicious items detected)

                  Files Infected: c:\$Recycle.Bin\s-1-5-21-621883520-1550988648-3029366945-1000\$RGYN3GH.exe (PUP.SmsPay.PGen) -> No action taken. c:\$Recycle.Bin\s-1-5-21-621883520-1550988648-3029366945-1000\$RSM2QDT.exe (PUP.SmsPay.PGen) -> No action taken. c:\Users\Molly\AppData\Local\Temp\tmp6AF5.tmp (Trojan.FakeAlert) -> No action taken.

                   

                  Message was edited by: Hayton. I took the liberty of formatting the message to highlight the infection messages - on 26/07/11 15:32:52 IST
                  • 6. Re: Redirection virus help

                    Hi Mollymae,

                     

                     

                    You would have to manually select the programs listed under the Potentially unwnted programs in the SHOW RESULTS tab and then re,ove them.

                     

                    Sameer

                    • 7. Re: Redirection virus help

                      I ran the superanitspyware program and hit the quarantine and remove but i still have the virus. This is what the log said : SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 07/23/2011 at 00:55 AM Application Version : 4.55.1000 Core Rules Database Version : 7443 Trace Rules Database Version: 5255 Scan type      : Quick Scan Total Scan Time : 00:21:09 Memory items scanned      : 716 Memory threats detected  : 0 Registry items scanned    : 2789 Registry threats detected : 0 File items scanned        : 13162 File threats detected    : 90 Adware.Tracking Cookie C:\Users\Molly\AppData\Roaming\Microsoft\Windows\Cookies\molly@realmedia[2].txt C:\Users\Molly\AppData\Roaming\Microsoft\Windows\Cookies\molly@fastclick[2].txt C:\Users\Molly\AppData\Roaming\Microsoft\Windows\Cookies\molly@mediabrandsww[2] .txt C:\Users\Molly\AppData\Roaming\Microsoft\Windows\Cookies\molly@ads.undertone[2] .txt C:\Users\Molly\AppData\Roaming\Microsoft\Windows\Cookies\molly@interclick[1].tx t C:\Users\Molly\AppData\Roaming\Microsoft\Windows\Cookies\molly@adbrite[2].txt C:\Users\Molly\AppData\Roaming\Microsoft\Windows\Cookies\molly@lucidmedia[4].tx t C:\Users\Molly\AppData\Roaming\Microsoft\Windows\Cookies\molly@citi.bridgetrack [4].txt C:\Users\Molly\AppData\Roaming\Microsoft\Windows\Cookies\molly@zedo[3].txt C:\Users\Molly\AppData\Roaming\Microsoft\Windows\Cookies\molly@bridge1.admarket place[1].txt C:\Users\Molly\AppData\Roaming\Microsoft\Windows\Cookies\molly@search.toseeking [1].txt C:\Users\Molly\AppData\Roaming\Microsoft\Windows\Cookies\molly@ad.wsod[2].txt C:\Users\Molly\AppData\Roaming\Microsoft\Windows\Cookies\molly@adecn[1].txt C:\Users\Molly\AppData\Roaming\Microsoft\Windows\Cookies\molly@revsci[4].txt C:\Users\Molly\AppData\Roaming\Microsoft\Windows\Cookies\molly@r1-ads.ace.adver tising[3].txt C:\Users\Molly\AppData\Roaming\Microsoft\Windows\Cookies\molly@ads.financialcon tent[1].txt C:\Users\Molly\AppData\Roaming\Microsoft\Windows\Cookies\molly@revsci[3].txt C:\Users\Molly\AppData\Roaming\Microsoft\Windows\Cookies\molly@yieldmanager[2]. txt C:\Users\Molly\AppData\Roaming\Microsoft\Windows\Cookies\molly@ads.pof[4].txt C:\Users\Molly\AppData\Roaming\Microsoft\Windows\Cookies\molly@tribalfusion[1]. txt C:\Users\Molly\AppData\Roaming\Microsoft\Windows\Cookies\molly@pro-market[3].tx t C:\Users\Molly\AppData\Roaming\Microsoft\Windows\Cookies\molly@questionmarket[3 ].txt C:\Users\Molly\AppData\Roaming\Microsoft\Windows\Cookies\molly@bs.serving-sys[1 ].txt C:\Users\Molly\AppData\Roaming\Microsoft\Windows\Cookies\molly@ads.pointroll[4] .txt C:\Users\Molly\AppData\Roaming\Microsoft\Windows\Cookies\molly@adserver.adtechu s[1].txt C:\Users\Molly\AppData\Roaming\Microsoft\Windows\Cookies\molly@serving-sys[2].t xt C:\Users\Molly\AppData\Roaming\Microsoft\Windows\Cookies\[1].txt C:\Users\Molly\AppData\Roaming\Microsoft\Windows\Cookies\molly@segment-pixel.in vitemedia[1].txt C:\Users\Molly\AppData\Roaming\Microsoft\Windows\Cookies\molly@atdmt[9].txt C:\Users\Molly\AppData\Roaming\Microsoft\Windows\Cookies\molly@newmusiccountdow n.mevio[1].txt C:\Users\Molly\AppData\Roaming\Microsoft\Windows\Cookies\molly@cdn1.trafficmp[2 ].txt C:\Users\Molly\AppData\Roaming\Microsoft\Windows\Cookies\molly@collective-media [1].txt C:\Users\Molly\AppData\Roaming\Microsoft\Windows\Cookies\molly@ru4[3].txt C:\Users\Molly\AppData\Roaming\Microsoft\Windows\Cookies\molly@ads.bridgetrack[ 3].txt C:\Users\Molly\AppData\Roaming\Microsoft\Windows\Cookies\molly@at.atwola[2].txt C:\Users\Molly\AppData\Roaming\Microsoft\Windows\Cookies\molly@adinterax[5].txt C:\Users\Molly\AppData\Roaming\Microsoft\Windows\Cookies\molly@fastsfind[1].txt C:\Users\Molly\AppData\Roaming\Microsoft\Windows\Cookies\molly@search.amazeclic k[1].txt C:\Users\Molly\AppData\Roaming\Microsoft\Windows\Cookies\molly@search.321findit [1].txt C:\Users\Molly\AppData\Roaming\Microsoft\Windows\Cookies\molly@admarketplace[1] .txt C:\Users\Molly\AppData\Roaming\Microsoft\Windows\Cookies\molly@www.burstnet[3]. txt C:\Users\Molly\AppData\Roaming\Microsoft\Windows\Cookies\molly@msnportal.112.2o 7[1].txt C:\Users\Molly\AppData\Roaming\Microsoft\Windows\Cookies\molly@advertising[3].t xt C:\Users\Molly\AppData\Roaming\Microsoft\Windows\Cookies\molly@advertise[4].txt C:\Users\Molly\AppData\Roaming\Microsoft\Windows\Cookies\molly@in.getclicky[1]. txt C:\Users\Molly\AppData\Roaming\Microsoft\Windows\Cookies\molly@apmebf[6].txt C:\Users\Molly\AppData\Roaming\Microsoft\Windows\Cookies\molly@snap9.advertserv e[1].txt C:\Users\Molly\AppData\Roaming\Microsoft\Windows\Cookies\molly@ad.yieldmanager[ 4].txt C:\Users\Molly\AppData\Roaming\Microsoft\Windows\Cookies\molly@anrtx.tacoda[3]. txt C:\Users\Molly\AppData\Roaming\Microsoft\Windows\Cookies\molly@trafficmp[1].txt C:\Users\Molly\AppData\Roaming\Microsoft\Windows\Cookies\molly@invitemedia[5].t xt C:\Users\Molly\AppData\Roaming\Microsoft\Windows\Cookies\molly@pointroll[2].txt C:\Users\Molly\AppData\Roaming\Microsoft\Windows\Cookies\molly@media6degrees[2] .txt C:\Users\Molly\AppData\Roaming\Microsoft\Windows\Cookies\molly@a1.interclick[3] .txt C:\Users\Molly\AppData\Roaming\Microsoft\Windows\Cookies\molly@dealtime[1].txt C:\Users\Molly\AppData\Roaming\Microsoft\Windows\Cookies\molly@liveperson[2].tx t C:\Users\Molly\AppData\Roaming\Microsoft\Windows\Cookies\molly@content.yieldman ager[6].txt C:\Users\Molly\AppData\Roaming\Microsoft\Windows\Cookies\molly@shopica[3].txt C:\Users\Molly\AppData\Roaming\Microsoft\Windows\Cookies\molly@homestore.122.2o 7[2].txt C:\Users\Molly\AppData\Roaming\Microsoft\Windows\Cookies\molly@adxpose[2].txt C:\Users\Molly\AppData\Roaming\Microsoft\Windows\Cookies\molly@search.orfind[2] .txt C:\Users\Molly\AppData\Roaming\Microsoft\Windows\Cookies\molly@search.clickchee r[1].txt C:\Users\Molly\AppData\Roaming\Microsoft\Windows\Cookies\molly@www.find-fast-an swers[3].txt C:\Users\Molly\AppData\Roaming\Microsoft\Windows\Cookies\molly@specificclick[2] .txt C:\Users\Molly\AppData\Roaming\Microsoft\Windows\Cookies\molly@imrworldwide[4]. txt C:\Users\Molly\AppData\Roaming\Microsoft\Windows\Cookies\molly@insightexpressai [1].txt C:\Users\Molly\AppData\Roaming\Microsoft\Windows\Cookies\molly@draftfcb.112.2o7 [1].txt C:\Users\Molly\AppData\Roaming\Microsoft\Windows\Cookies\molly@ar.atwola[1].txt C:\Users\Molly\AppData\Roaming\Microsoft\Windows\Cookies\molly@ads.eqads[2].txt C:\Users\Molly\AppData\Roaming\Microsoft\Windows\Cookies\molly@link.mercent[1]. txt C:\Users\Molly\AppData\Roaming\Microsoft\Windows\Cookies\molly@stat.dealtime[1] .txt C:\Users\Molly\AppData\Roaming\Microsoft\Windows\Cookies\molly@clients.pointrol l[2].txt a.ads2.msads.net [ C:\Users\Molly\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FGWJS2ZM ] ads2.msads.net [ C:\Users\Molly\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FGWJS2ZM ] b.ads2.msads.net [ C:\Users\Molly\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FGWJS2ZM ] ds.serving-sys.com [ C:\Users\Molly\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FGWJS2ZM ] ia.media-imdb.com [ C:\Users\Molly\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FGWJS2ZM ] media.mtvnservices.com [ C:\Users\Molly\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FGWJS2ZM ] media1.break.com [ C:\Users\Molly\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FGWJS2ZM ] msnbcmedia.msn.com [ C:\Users\Molly\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FGWJS2ZM ] objects.tremormedia.com [ C:\Users\Molly\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FGWJS2ZM ] s0.2mdn.net [ C:\Users\Molly\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FGWJS2ZM ] secure-us.imrworldwide.com [ C:\Users\Molly\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FGWJS2ZM ] spe.atdmt.com [ C:\Users\Molly\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FGWJS2ZM ] www.clickstrackingz.info [ C:\Users\Molly\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FGWJS2ZM ] www.naiadsystems.com [ C:\Users\Molly\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FGWJS2ZM ] www.naked.com [ C:\Users\Molly\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FGWJS2ZM ] www.petsex.com [ C:\Users\Molly\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FGWJS2ZM ] www.pornhub.com [ C:\Users\Molly\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FGWJS2ZM ] wwwstatic.megaporn.com [ C:\Users\Molly\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FGWJS2ZM ]

                       

                      Message was edited by: Peacekeeper on 22/07/11 7:39:19 PM
                      • 8. Re: Redirection virus help
                        Peacekeeper

                        Well besides that being a tad hard to read (save to a txt file and attach here maybe better.

                         

                        Seems you need to disable restore points and delete all temp files klatter via accessories /system tools/ disk cleanup

                         

                        All Malwarebytes issues in those places.

                        • 9. Re: Redirection virus help

                          mollymae, You can also try this product called hitman pro.I believe they will give you a 30 day free trial.If you are still having problems.It will work with your existing AV according to their website.It uses 5 Av scanners

                          and on demand behavorial analisis.Here is the link http://www.surfright.nl/en

                          1 2 Previous Next