• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

Kudos0

Hapilli/ Gimmieanswers redirect virus on google searches. Norton 360 seems oblivious to it.

I have the same problem as this thread and after doing the online research it seems it's very persistent. I am very dissapointed that I paid for Norton 360 and it is completely oblivious to the problem after running fully system scans consecutively and doing live updates.

Im running IE9 on WIndows 7 x64 (updated with the latest SP and automatic uptades. Ditto for Norton 360 v6.1.2.

Should I proceed with the "advanced tools" on my own risk or will Symantec actually care about their customers and push an update to remove this thing. Is my banking/website logon information also at risk? Would attaching some logs of norton 360 or some advanced tool (Tdss, combofixetc) help?

-Octavian


Replies

Kudos0

Re: Hapilli/ Gimmieanswers redirect virus on google searches. Norton 360 seems oblivious to it.

Please read carefully and follow these steps.
Download TDSSKiller hxxp://support.kaspersky.com/downloads/utils/tdsskiller.exe and save it to your Desktop. (replace the hxxp with http)
doubleclick on TDSSKiller.exe to run the application,

Find the Change Parameters on the Main IU screen, then Select the Detect TDLFS filesystem.

then on Start Scan.

If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please attach the log in the post back


Please download aswMBR hxxp://public.avast.com/~gmerek/aswMBR.exe to your desktop. (replace the hxxp with http)
Double click the aswMBR.exe icon to run it
it will ask to download extra definitions - ALLOW IT, YES
Click the Scan button to start the scan
On completion of the scan, click the save log button, save it to your desktop and Please attach the log in the post back

Quads

Kudos0

Re: Hapilli/ Gimmieanswers redirect virus on google searches. Norton 360 seems oblivious to it.

Ok did so and here are the two logs. pesky thing is still up there

File Attachment: 
Kudos0

Re: Hapilli/ Gimmieanswers redirect virus on google searches. Norton 360 seems oblivious to it.

Please scan with ESET next

I'd like us to scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the  button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on  to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the  icon on your desktop.
  • Check 
  • Click the  button.
  • Accept any security warnings from your browser.
  • Under scan settings, check  and DON'T (NO) check Remove found threats 
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • Copy and paste the resulting log in your next reply


If you think a log should have been generated then go to C:\Program Files\ESET\ESET Online Scanner\log.txt to find it. 

Quads

Kudos0

Re: Hapilli/ Gimmieanswers redirect virus on google searches. Norton 360 seems oblivious to it.

Here's the corresponding log.

File Attachment: 
Kudos0

Re: Hapilli/ Gimmieanswers redirect virus on google searches. Norton 360 seems oblivious to it.

Download Combofix to your Desktop from http://www.bleepingcomputer.com/download/anti-virus/combofix

Download the attachment to this post (CFscript.txt) and save it to your desktop also.

Disable Norton and close your Browser(s)

Now  drag the CFScript.txt into the ComboFix.exe  


Do not do anything else while it is running including moving the mouse cursor inside combofix.


****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

*EXTRA NOTES*

  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
  • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

When it is finished it will create a log after, also you may have to restart the PC before you are able to use the Browsers.

Quads

File Attachment: 
Kudos0

Re: Hapilli/ Gimmieanswers redirect virus on google searches. Norton 360 seems oblivious to it.

and here's the combofix log!

What next?

File Attachment: 
Kudos0

Re: Hapilli/ Gimmieanswers redirect virus on google searches. Norton 360 seems oblivious to it.

What did you use HitmanPro for??  it was not asked to run on this thread.

Quads

Kudos0

Re: Hapilli/ Gimmieanswers redirect virus on google searches. Norton 360 seems oblivious to it.

I do not recall downloading such a thing. is something like that in the logs?

Kudos0

Re: Hapilli/ Gimmieanswers redirect virus on google searches. Norton 360 seems oblivious to it.

Ok now I googled it and it seems I have visited the download page of hitman pro. However, I did not run it once you started to send instructions. I might have run it a couple of days back when I first stumbled upon the problem and read stuff on the forums on what other people tried.

I reiterate, though, I followed all the instructions to the very last one on this thread.

Is there any way we can still fix  things now that I made this neophyte mistake?

Kudos0

Re: Hapilli/ Gimmieanswers redirect virus on google searches. Norton 360 seems oblivious to it.

Go into the hitman Pro folder and see if it has any .txt file in there.

You do have drivers missing I don't know if they are legit or not yet.

Quads

Kudos0

Re: Hapilli/ Gimmieanswers redirect virus on google searches. Norton 360 seems oblivious to it.

0) WHen I initially did the research I did not think it would be this complicated and proceeded to doing what other people have used (combofix, tdss, aswMBR etc). Only then I realized that if I wanted help from forums I shouldn't have gone on my own path with these tools. I apologize for that. However, I did not run hitman Pro or any other tool once I followed this thread but performed every instruction to the latter.

1) I had the hitman pro exec downloaded to the downloads directory and I searched for a log and found nothing. Should I rescan again with hitman pro and send you the log?

2) Some power management is missing according to windows but in the Device Manager nothing appears with the black/yellow triangle and "!".

What's next. 

Kudos0

Re: Hapilli/ Gimmieanswers redirect virus on google searches. Norton 360 seems oblivious to it.

People need to learn,   Don't use advanced tools without supervison, even the people that up keep and created Combofix state this,   Even if you are a Computer Tech,  does not mean you know how to use these tools, or are a specialist in malware and it's removal.   PC repair shops have found that out.

1)  The  Hitman Pro Log should be in c:\programdata\HitmanPro,  I also need the Combofix logs, all of them, for instance

Combofix.txt

ComboFix2.txt 2012-04-04 02:15
ComboFix3.txt 2012-04-03 19:45
ComboFix4.txt 2012-04-02 19:07

................................

2) That is not enough to go on, some power management is missing, doesn't tell me much, or whether it's due to running HitmanPro, or Combofix 4 times at least.

Quads

Kudos0

Re: Hapilli/ Gimmieanswers redirect virus on google searches. Norton 360 seems oblivious to it.

Here are all the combofix logs I have.

Kudos0

Re: Hapilli/ Gimmieanswers redirect virus on google searches. Norton 360 seems oblivious to it.

and here's what it quarantined during one of the previous runs

Kudos0

Re: Hapilli/ Gimmieanswers redirect virus on google searches. Norton 360 seems oblivious to it.

Power Management, is probably under Processors, and Video cards in the device manager,   In Safe Mode you can not use power management due to not using your Video Card drivers but instead using the plug n play feature, maybe there is a problem with the Video drivers.

Quads

Kudos0

Re: Hapilli/ Gimmieanswers redirect virus on google searches. Norton 360 seems oblivious to it.

My video drivers were the 295.73 Nvidia Release.(21st of February 2012). There is the 296.10 Release on Nvidia's website. Should I update to that?

Also I can install the power management driver. Do you want me to do that?

Kudos0

Re: Hapilli/ Gimmieanswers redirect virus on google searches. Norton 360 seems oblivious to it.

You could try reinstalling the drivers, if using a system from a PC company like Dell, they may have the Power Management driver package on their website, like. http://support.lenovo.com/en_US/downloads/detail.page?LegacyDocID=MIGR-70024

It could also be that your using a template for your setting, or was,  and that is no longer there so you have to go back to a standard profile template.

Quads

Kudos0

Re: Hapilli/ Gimmieanswers redirect virus on google searches. Norton 360 seems oblivious to it.

My computer was runnign properly and it seems very bizzare to me that drivers are missing. In any case, I updated my video drivers to the latest built and installed my MB power management driver.

What should I do next?

Kudos0

Re: Hapilli/ Gimmieanswers redirect virus on google searches. Norton 360 seems oblivious to it.

Are you still getting the power management missing message, what does it actually say when alerting you.

Quads

Kudos0

Re: Hapilli/ Gimmieanswers redirect virus on google searches. Norton 360 seems oblivious to it.

That messgae was just in the Win7 action center. there was no problem/error msg or yellow sign hardware problem.

it seems the problem solved itslef (maybe finally Norton 360 pushed an updated (finally!!!) and all of a sudden my User Profile service was corrupted and couldn't log in. (maybe the NTuser.dat or something got quarantined ?) So I logged in as my admin and transfered all my data from the old corrupted user to a new user. I left  the Appdata folder intact. Now on this new username the google searches don't get redirected.

Did Norton360 get actually updated to fix this problem or was this whole user profile corruption something else? Am I safe from this pesky thing in the future?

Kudos0

Re: Hapilli/ Gimmieanswers redirect virus on google searches. Norton 360 seems oblivious to it.

It could be there was a Windows Update also.

Download Malwarebytes Free and have it update the definitions, then run a Full Scan.

Quads

This thread is closed from further comment. Please visit the forum to start a new thread.