Google Redirect Malware?

[theribdoctor]

I ran Malwarebytes for the first time 3-4 weeks ago and it did find a few things besides the basic trackers. Then about 1.5 weeks later, the crap was back. Now running Malwarebytes finds nothing. I've already tried Rkill and all other methods including rib's directions above with no luck. They didn't find anything.

ribdoctor, thanks much for the offer. I'm in the middle of downloading another copy of Rkill on my clean computer, transferring it to desktop on infected, then running in safe mode, then malwarebytes, then superantispyware and will see what happens. If it comes back, I might just take you up on your offer... thanks!

update: running malwarebytes now in safe mode found 1 thing...
Heuristics.Reserved.Word.Exploit
located: c:\users\myname\desktop\uSeRiNiT.exe

I'm assuming this is okay to ignore since the file above is what I just downloaded and installed... the Rkill program? Did a google search and it seems okay.

Rib... please reply if you see this as I will wait to ignore/quarantine on malwarebytes until I hear back.

Malwarebytes will see rkill as a problem as it stops running services. Make sure you update malwarebytes and superantispyware, until they say you are up to date.

 

[AlohaStyle]

Malwarebytes will see rkill as a problem as it stops running services. Make sure you update malwarebytes and superantispyware, until they say you are up to date.

:thumbsup:

 

[theribdoctor]

:thumbsup:

Everything good?

 

[theribdoctor]

if it doesn't work, we can try hijackthis, but we have to be careful what we remove.

 

[AlohaStyle]

Everything good?

after running everything in safe mode, Rkill, malwarebytes then superantivirus all came up clean. I don't believe it...

My MWB updates is 2 days old, so I am booting up in normal mode, updating MWB, running everything in normal mode. Deleting temp files. Booting in safe mode and doing it all again.

I will keep you posted... thanks again.

 

[TravelingJ]

Yeah, I think Plush is right. Could have bought a mac in a lot less time.

 

[theribdoctor]

after running everything in safe mode, Rkill, malwarebytes then superantivirus all came up clean. I don't believe it...

My MWB updates is 2 days old, so I am booting up in normal mode, updating MWB, running everything in normal mode. Deleting temp files. Booting in safe mode and doing it all again.

I will keep you posted... thanks again.

Anytime, no problem.

Yeah, I think Plush is right. Could have bought a mac in a lot less time.

Yeah but he probably would get the same problem,,,:cbig:

 

[AlohaStyle]

with ribby...pretty easy to fix...had it happen to me twice and both time malware kicked it in the nutz...

I wish it was so simple. Sure people can have no problem getting rid of it, but this shit is rooted deep in my pc, not letting the anti-malware touch it!?!

After doing 3 rounds of everything recommended yesterday in both safe and regular mode with nothing coming up, I logged on today and wanted to test it right away by doing a google search. Yep, the first 2 links I click on redirected me to some random crap! From my experience, I get randomly redirected about 8-10 times and after that, then I get the fake warning pop ups saying my system is infected and I must "upgrade" and pay for added security to get rid of the "virus."

rib, I know you made a generous offer to look at my pc, but do you really want to and have time? I'm to the point of not wanting to bother with it and just do a reinstall (as time consuming as it will be to reinstall everything), but I'm so pissed that I kind of want to see where this bastard malware has been hiding! LOL

 

[AlohaStyle]

One question I have and was thinking about this morning AFTER I booted up my computer... do you think it would help to uninstall all of my web browsers with Revo? Or would it not matter because the malware is rooted in?

 

[theribdoctor]

One question I have and was thinking about this morning AFTER I booted up my computer... do you think it would help to uninstall all of my web browsers with Revo? Or would it not matter because the malware is rooted in?

You can try to uninstall your browsers, but we can try one more thing in using hijack this, and see if it helps. I'm willing to take a look before throwing the towel in.

 

[AlohaStyle]

Just got done being abused by theribdoctor... watching him control my pc!?! LOL Thanks much Jeremy, I appreciate your time brother. He found a few suspicious looking things using hijackthis and deleted those files, then we did some google searches and they all clicked through to the correct site instead of being redirected. Jeremy is optimistic the malware is gone, but seeing how many times this crap came back, I'm being cautiously jaded with my fingers crossed! LOL

Thanks again brother, I'll keep you posted if it reappears.

 

[themoneycollector]

Hope you got rid of that bug for good. Think about it, you just saved $2k by not buying an entry level iairmacbooknitroprotabletphone or the rumored iairmacbooknitroprotabletphonemini :rofl:

 

[theribdoctor]

Just got done being abused by theribdoctor... watching him control my pc!?! LOL Thanks much Jeremy, I appreciate your time brother. He found a few suspicious looking things using hijackthis and deleted those files, then we did some google searches and they all clicked through to the correct site instead of being redirected. Jeremy is optimistic the malware is gone, but seeing how many times this crap came back, I'm being cautiously jaded with my fingers crossed! LOL

Thanks again brother, I'll keep you posted if it reappears.

Nice talking to you brother, heres hoping it stays away...glad to help.

 

[AlohaStyle]

It took all of 3 hours to come back Not so easy to get rid of for everyone...

 

[theribdoctor]

It took all of 3 hours to come back Not so easy to get rid of for everyone...

wow, I wonder if iwon had an ad hacked.

 

[theribdoctor]

unfortunately it may be time for a reimage...sometimes these things get so far on, and they stay hidden. that sucks.

 

[AlohaStyle]

wow, I wonder if iwon had an ad hacked.

Yeah I knew you were wondering that. I know it's not a great website with lots of crap on it, but I just grew used to getting my news headlines from that site in one nice section... 4 headlines each in world, entertainment, sports, finance and technology.

Kinda ironic, the google search I was doing when my malware finally resurfaced was top news websites... looking to replace my homepage!?! LOL

 

[gui_tarzan]

Try combofix, it seems to kill the latest fake anti-virus malware too.