Google redirect virus

Norton Security | Norton Internet Security
21

I appear to be suffering froma Google redirect trojan of some kind.  When I click on a searched link I get a redirct to an ad or porn site.  Not evry time, but frequently (~75%).  Please help.

22

[Instructions are for the thread starters system only, Not another users system]

 

 

Please Read  http://community.norton.com/t5/Malware-Discussion/Malware-Discussion-Board-Guidelines/td-p/961409

 

This is to make sure the user has seen the Guidelines before starting.  

 

Even other Malware Removal forums state like

 

"you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.
From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean."

 

 

Users have to realise these tools used can cause problems anyway, and if instructions are not followed, bigger problems can occur from deleting something that shouldn't be, the program has caused the system to freeze, the program jammed during the restart etc etc.  and so we use instructions to allow the tools to be in the correct location (so we also know) settings given so that items won't be automatically deleted, other programs disabled so things can be done without detection or conflict.

 

When the user follow instructions and things still go a little haywire, and it does happen, it is up to us to sort the extra problem out.

 

Confirm in Reply you have read and understand the Guidelines etc.

 

Quads

23

I have read and understand

24

Read Slowly and all of it.

 

Please download http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/   You need to download the 64 bit version.

 

Save it on to your desktop

 

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) On to your Desktop. Please attach back in a Reply your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Quads

25

Here you go. 

26

Looks Similar to Tracur

 

Download the fixlist.txt that is attached to this message / post  Have fixlist.txt on the Desktop with FRST.exe (so same location).  The script tells FRST what to do.

DO NOT DRAG AND DROP to download the script,  it won't work for FRST (Right click on the attachment link (not the normal left click) and from the menu choose  Save As or Save Link as.)

 

 

  • Start FRST that is on the desktop  
  • When the tool opens click Yes to disclaimer. (if it still does)
  • Press the Fix button just once and wait.
  • The tool will make a log on the Desktop (Fixlog.txt) please post it to your reply (attach).

 

Quads

27

Done.

28

With Tracur, The files been moved and the registry keys deleted, the Redirects should now stop.

 

Quads

29

Sorry - still happening.  I just tied a google search and got redirected to

 

[Removed Link]

 

That redirect lasted for just a second, then it settled into

 

[Removed Link]

 


Edited by Quads

30

Go here and click on the fix it button - http://support.microsoft.com/kb/923737  (Should be able to be run or saved from Chrome also)

Then

 

With IE 
click on safety
click on Delete Browsing History
make sure all boxes are checked
click on Delete
click on Tools
click Internet Options
On the Advanced tab, click Reset (Restore Advanced Settings)
put a check mark next to Delete Personal Settings
click Reset
when complete click Close

 

  

Restart the Computer  Now see if IE stops redirecting.

 

Quads

31

I am receiving an error when trying to run teh MSI.  "The Temp folder is on a drive that is full or inaccessible.  Free up space on the drive or verify that you have write permission on the Temp folder."

 

It does not specify which Temp folder.  I have 92GB free on the C: drive. 

32

Try this bit instead to reset

 

With IE 
click on safety
click on Delete Browsing History
make sure all boxes are checked
click on Delete
click on Tools
click Internet Options
On the Advanced tab, click Reset (Restore Advanced Settings)
put a check mark next to Delete Personal Settings
click Reset
when complete click Close

 

  

Restart the Computer  Now see if IE stops redirecting.

 

Quads

33

Sorry - running IE9.  I found most of those settings are under Internet Options, but nothing labeled "safety".  I deleted all browsing history from the "general" tab.  I followed teh instructions as witten for resetting advanced options and restoring IE to default settings (after checking "Delete Personal Settings")

34

That seems to have done it.   I hit search links about 20 times without getting a redirect.

 

Thank you.

35

Any redirect using IE now??

 

Quads

36

Posted at the same time.  Is Chrome Redirecting??   I have just moved the Tracur looking files and there must have been a setting / piece for it in the Browsers.

 

Quads

37

I never really use Chrome so I didn;t notice if it was redirecting before.  When I oaunched it I gor an error that my profile could not be read.  The home page was set to "elta search" when it launched, which struk me as odd.  But I browsed to Google and tried about a dozen links without error.

38

Delta Search is a PUP.

 

Quads