Google Redirect Malware?

AlohaStyle · Jun 20, 2011

Hey fellas,

I read the thread Danilo started awhile back and this looks like a good answer to the problem: http://www.botl.org/community/forums/showpost.php?p=842624&postcount=18

But it doesn't work for me... has anyone had experience getting rid of the Google Redirect malware on a pc? I've done a lot of googling trying to learn how to get rid of it with no luck... keeps coming back. I ran Malwarebytes that looked like it got rid of it, but then came back a week later. I've tried the TDSS Killer as posted above with no luck, GMER, Hitman Pro and all have not helped. I've read that the malware does not allow downloads of new anti-virus/malware programs correctly as it changes or doesn't allow the actual scripts to run correctly when you run the new program.

Anyway, this is driving me nuts. The only thing that allows me to even use my pc when infected is to run Malwarebytes in Safe Mode, but it only runs for a week or so before it takes over my computer again. Fortunately I have a couple computers and those are not infected, yet!?!

Any recs???

TravelingJ · Jun 20, 2011

Time for a format!

AlohaStyle · Jun 20, 2011

TravelingJ said:
Time for a format!

I hear ya, but I don't want to hear it!?!

TravelingJ · Jun 20, 2011

I just always found that was about the fastest way to fix that stuff. I managed to get something nasty 2 days after the office gave me a newly imaged drive. Spent a month trying to fix it before I admitted it to the office, and they formatted and had me going again in a few hours.

theribdoctor · Jun 20, 2011

first, delete your temp files, then turn off system restore, then download malwarebytes, and superantispyware and run both, once you reboot, turn system restore back on.

pfm721 · Jun 20, 2011

download a program called rkill

you may need to get an extension other than the .exe

boot into safe mode, run rkill, run malwarebytes, then run super anti spyware.

If that doesn't kill it don't know how to help you.

Could always go to bleepingcomputer.com and start a thread asking for help.

AlohaStyle · Jun 20, 2011

pfm721 said:
download a program called rkill

you may need to get an extension other than the .exe

boot into safe mode, run rkill, run malwarebytes, then run super anti spyware.

If that doesn't kill it don't know how to help you.

Could always go to bleepingcomputer.com and start a thread asking for help.

Thanks for the replies, I appreciate it. From what I've all read so far, looks like a lot of people are only getting rid of it by using the expert help like you talk about above. I'd rather just wipe my pc clean and start over as I don't think I would have the patience and time needed. Although wiping my pc clean will be a lot of work to reinstall everything!?!

theribdoctor · Jun 21, 2011

AlohaStyle said:
Thanks for the replies, I appreciate it. From what I've all read so far, looks like a lot of people are only getting rid of it by using the expert help like you talk about above. I'd rather just wipe my pc clean and start over as I don't think I would have the patience and time needed. Although wiping my pc clean will be a lot of work to reinstall everything!?!

its not hard, the info both myself and patrick gave you should work. Rkill may be blocked, but safe mode is a good place to start, and I do this for a living.

Askonison · Jun 21, 2011

+1 for Malwarebytes best freeware I have found

skynyrd09 · Jun 21, 2011

I had a similar issue the other week and tried a few malware programs to try to resolve the annoying Google redirect but nothing seemed to work. I then decided to simply do a system restore to a prior date that I knew had no issues and it resolved the issue for me.

Highlander · Jun 21, 2011

I've had to do this about 5 times on different PC's here at work in the last year. (remove really bad malware) Only program I'd add to the suggestions is hijackthis, which is great for seeing exactly whats running and killing suspicious add ons.

PLUSH · Jun 21, 2011

Maybe time for a Mac

theribdoctor · Jun 21, 2011

PLUSH said:
Maybe time for a Mac

Biggest misconception that macs don't get spyware or virii, yeah spend minimally 1000 dollars to replace something for free.

TravelingJ · Jun 21, 2011

Looks like Plush found ribby's hot button.

theribdoctor · Jun 21, 2011

TravelingJ said:
Looks like Plush found ribby's hot button.

Not exactly, as someone who actually does this for a living, I don't like the principle of, hey if you can't figure it out, throw money at it. I think with a couple hours of work, this spyware will be gone..

AlohaStyle · Jun 21, 2011

PLUSH said:
Maybe time for a Mac

Sorry to burst your Apple Fanboi bubble Brian, but if you click on Danilo's thread above, you will see that he got this same Malware on his MAC, not a pc... :tongueout

themoneycollector · Jun 21, 2011

AlohaStyle said:
Sorry to burst your Apple Fanboi bubble Brian, but if you click on Danilo's thread above, you will see that he got this same Malware on his MAC, not a pc... :tongueout

What?!? On a mac? Heresy. Impossible.

Quick, delete the thread, we don't want misconceptions to be spread about macs. :rofl:

Let's downplay it from a virus to spyware to malware to browser incompatibility. We don't want to tarnish macs' impeccable rep. :laugh:

theribdoctor · Jun 21, 2011

Wow! I'm in shock. Aloha, if you pm me, I'll send you my phone number and I'll try to connect to your pc remotely and fix it.

smokemifugotem · Jun 21, 2011

with ribby...pretty easy to fix...had it happen to me twice and both time malware kicked it in the nutz...

AlohaStyle · Jun 21, 2011

theribdoctor said:
Wow! I'm in shock. Aloha, if you pm me, I'll send you my phone number and I'll try to connect to your pc remotely and fix it.

smokemifugotem said:
with ribby...pretty easy to fix...had it happen to me twice and both time malware kicked it in the nutz...

I ran Malwarebytes for the first time 3-4 weeks ago and it did find a few things besides the basic trackers. Then about 1.5 weeks later, the crap was back. Now running Malwarebytes finds nothing. I've already tried Rkill and all other methods including rib's directions above with no luck. They didn't find anything.

ribdoctor, thanks much for the offer. I'm in the middle of downloading another copy of Rkill on my clean computer, transferring it to desktop on infected, then running in safe mode, then malwarebytes, then superantispyware and will see what happens. If it comes back, I might just take you up on your offer... thanks!

update: running malwarebytes now in safe mode found 1 thing...
Heuristics.Reserved.Word.Exploit
located: c:\users\myname\desktop\uSeRiNiT.exe

I'm assuming this is okay to ignore since the file above is what I just downloaded and installed... the Rkill program? Did a google search and it seems okay.

Rib... please reply if you see this as I will wait to ignore/quarantine on malwarebytes until I hear back.

Search

Search

Google Redirect Malware?

AlohaStyle

BoM Sept '12 & Aug '13

TravelingJ

AlohaStyle

BoM Sept '12 & Aug '13

TravelingJ

theribdoctor

Certifiable.

pfm721

AlohaStyle

BoM Sept '12 & Aug '13

theribdoctor

Certifiable.

Askonison

skynyrd09

Highlander

PLUSH

Some random brother

theribdoctor

Certifiable.

TravelingJ

theribdoctor

Certifiable.

AlohaStyle

BoM Sept '12 & Aug '13

themoneycollector

Ermagherd Sergarse

theribdoctor

Certifiable.

smokemifugotem

BoM July '10

AlohaStyle

BoM Sept '12 & Aug '13