04-23-2012 04:29 PM - edited 04-23-2012 04:31 PM
Don't use Norton Power Eraser on this Redirects group like
There is a combo of Malware that causes this. The system is infected with the Smart HDD FakeAV /Fake HDD as well as Zeroaccess and Boot.Pihar for starters.
c:\windows\system32\consrv.dll Do NOT Remove (subsystems) registry fixing required first.
That is why Malware removal crews state the likes of,
Please do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
If NPE removes Rootkits belonging to the zeroaccess, especially x64's .dll or Pihar, Boot Sector, Windows doesn't load or you are screwed.
04-23-2012 06:58 PM
I was following the instructions from Sagar (Symantec Employee).
It appears running Norton Power Eraser (NPE) corrects the problem for some situations, for others, things go very wrong as you have described above.
For me, NPE did not appear to cause any problems, it also did not find/remove the virus.
Any sugestions on where I should go from here would be greatly appreciated (I will follow your directions exactly).
04-23-2012 07:16 PM - edited 04-23-2012 07:43 PM
Another user has jumped in and told users to use Norton Power Eraser (or other more dangerous programs) without logging or knowing what is causing the problem, so to know that it won't cause Windows problems.
I have had to pull PC's out of the fire after using these tools and Symantec Tech Support can't fix it, I have fixed these problems as have other Malware removal guys (and girls) I have warned and warned about the problems of just running NPE, Fixzeroaccess, FixTDSS etc.
For that reason I am now not going to attempt it with logs and scripting, let the Symantec Employee do so.
04-23-2012 09:29 PM - edited 04-23-2012 09:36 PM
Good to know that your issue is fixed.
This message is for Cannibal713 :-)
Brett, I am cheking for other alternative soultions for helping you.
04-23-2012 09:38 PM
Ok, the Google re-directs seemed to have stopped.
The following are the things that I did:
1) Ran Norton Security Suite with latest definitions (I don't believe this fixed anything)
2) Ran Norton Power Eraser (download instructions found in post above) - This may have fixed the issue for IE but not for Chrome (Only tested Chrome at this point and the problem was still there).
3) Deleted Java Cache (Click windows icon, type in "Java" in search box, click on "Java (32-bit)" application under Control Panel, Click "Settings" under Temporary Internet Files section, Click "Delete Files", Click Ok. At this point, IE no longer had re-direct issues, but Chrome still did.
4) Uninstalled and re-installed Chrome. Chrome now seems to be ok also.
I'll wait for a few days to see if it comes back before I mark this issues/thread as solved.
A few comments:
*The symptoms of this virus (ie. happili redirects) seem to be caused by a number of different viruses and the different viruses require different solutions. What worked for me may or may not work for you.
*The Jedi Virus Slayer known as Quads has wisely advised users to use extreme caution in running programs such as NPE, ComboFix, TDSSKiller, etc. Because depending on the type of infection you have, you may "brick" your computer (ie. won't boot) and is a challenge to fix.
*Best approach may be to get help from individuals that will instruct you on how to do specific scans of your systems that generate logs that when properly interpreted will point to the appropriate actions to take.
*In my experience, looking for quick solutions for this Virus/Malware/Trojan/Rootkit (not sure the right name) via Google searches did not yield very useful results (results were often confusing, conflicting, less than satisfying).
*A good place to start are places like this forum or other forms such as Bleeping Computer, once you place a post, you may want to wait for several replies on recommendations to try before you try anything (you may get conflicting advice)
04-23-2012 11:14 PM
Some wise words in there Brett!
Windows 7 x64 SP1 N360v188.8.131.52 NU16 SSR 2013 Secunia PSI SpywareBlaster NoScript MBAM free SAS free
04-24-2012 05:32 PM
Brett, you got that right.
It is a lot easier to remove fully running malware on an intact Windows (the user states Norton or Malwarebytes can't remove or detect xxxxx)
Than when a user uses advanced tools like NPE, Rootkit Removal tools, Combofix, OTL, FRST................................. especially when asked, what did NPE remove?? Can't remember.
People like myself infect our system with these tougher Malware groups, sometimes letting it do what it wants for like 1 hour, then I work out ways to remove the infection without bricking Windows, Everything from Ramnit / Virut though to TDL2, 3, 4 zeroaccess, Pihar and its variants.
Here is an example of someone who thought he was smart or got the wrong advice but he basically ripped his system apart,
04-25-2012 08:37 PM - edited 04-25-2012 08:57 PM
And here is one ofter the use of TDSSkiller (like NPE, and other tools.).
The partition Infomation is broken