Google Redirect caused way more havoc than just redirection!

[lquidstarzzz]

I need help with the "google redirect virus" problem. And then some...

Malwarebytes won't run...hijack this won't run...

I tried to do a search...it caused a blue screen shut down.

I could (notice I said "could" open windows using the last configuration that worked) but I went looking for the

culprit that others had identified as "windows/system32/wdmaud.sys"...it wasn't there but a number of "EMPTY FOLDERS" were...so I deleted them.

NOW...I get this message"system32/config/system corrupt" on a blue screen.

Windows won't open...

the cd drawer won't open to reload WindowsXP...

How do I get the CD drawer open...PLUS...how do I get rid of the google redirect virus?

Most of the "fixes" that I have found online are dated...as they suggest the malwarebytes...

oh yes..the other suggestions were to rename malware to something else...I used someone's suggestion to name it YOYO...however...it won't run at all.

I also tried a program called "Avenger" by swandog 49.

The computer is down...plus it does not belong to me. It is my husbands...my very easily upset husband. Please help...I am actually afraid.

Edited July 5, 2009 by lquidstarzzz

[Colin-uk Veteran]

if your cd rom drive wont open its because its not powered up or the drive itself is faulty.

a repair install should fix your issues once you can get the cd rom in the drive.

[lquidstarzzz]

if your cd rom drive wont open its because its not powered up or the drive itself is faulty.

a repair install should fix your issues once you can get the cd rom in the drive.

...is there a manual way to open the cd drawer?

It use to have an opening issue ...where it would just open and close by itself randomly...over and over.

When I do the drawer open...and I put the xp disc in...what should I do?

[Comic Book Guy]

if your cd rom drive wont open its because its not powered up or the drive itself is faulty.

Shouldn't you be able to open the drive as soon or just after you power on the PC, if you can't then I agree it's faulty.

...is there a manual way to open the cd drawer?

It use to have an opening issue ...where it would just open and close by itself randomly...over and over.

When I do the drawer open...and I put the xp disc in...what should I do?

Do you see that little hole on the drive, you can pop the drive tray open with a paperclip, you have to straighten it to be able to do so.

[lquidstarzzz]

Shouldn't you be able to open the drive as soon or just after you power on the PC, if you can't then I agree it's faulty.

Do you see that little hole on the drive, you can pop the drive tray open with a paperclip, you have to straighten it to be able to do so.

OKAY---I have the xp disc in the drawer...should it just start running???? Because it's not.

please HELP - I am really afraid of the consequences!

I am not afraid of buying a new computer...I am afraid of how angry my husband will react to the mess I have caused.

Edited July 5, 2009 by lquidstarzzz

[Phantom Helix]

I am copying this from GeeksToGo incase you can't view the website.

anyway first thing is insert the XP CD/DVD and folow these directions here XP Repair Install

the follow these steps here

Oh and just a side note, unless you have billions of dollars worth of data on that PC your husband should NOT get that upset to make you "fear" him, if he does then he wins my DBOTD for today and you should leave him no matter the circumstances

The following guide is to cure your PC from that annoying piece of malware which hijacks and redirects your Google searches and other search engines, otherwise known as a Google redirect. Other than the search engine redirect, some other signs that you may have this infection are:

Not being able to download, install, or run security programs like HijackThis or Malware Bytes Anti-Malware

Being blocked from navigating to security/malware removal sites, for example : Microsoft or GeeksToGo

This infection is also commonly known by security applications as Rootkit.Win32.TDSS, Trojan.DNS_Changer, or Troj/Rustock. It also has other aliases due to the fact that it evolves and changes over time.

You may find your anti-virus or anti-spyware programs identifies any of the following:

C:\windows\system32\drivers\SKYNETsunjnbdw.sys

C:\windows\system32\drivers\MSIVXvvynaffpomuyaycwkoiyldjssbgligea.sys

C:\windows\system32\drivers\UACgrevmydoyiftawolx.sys

C:\windows\system32\drivers\ovfsthhtkoslmsqrvwsntnkdioglrpufewidyw.sys

C:\windows\system32\drivers\TDSSmaxt.sys

C:\windows\system32\drivers\kungsfndqriiha.sys

C:\windows\system32\drivers\hjgruijxteoexy.sys

C:\windows\system32\drivers\seneka.sys

Another sign of it would be this line showing up in your HijackThis or OTL log, however this is not always present so you cant rely on it completely to tell whether you have the infection or not:

O17 - HKLM\System\CCS\Services\Tcpip\..\{3B8FF4B4-174F-4B7F-BE68-78043E53C8DA}: NameServer = 85.255.112.70;85.255.112.201

Now lets get onto the good stuff, removing this infection from your PC!

Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. For the fix to work properly we will need you to close your browser, and any security programs like an anti-virus or anti-spyware. If you aren't completely sure how to do that, just continue on with the guide.

Step 1 :

We need to clean out your temp files and folders to speed up the whole process.

Download TFC (Temp File Cleaner) to your desktop

Open the file and close any other windows.

It will close all programs itself when run, make sure to let it run uninterrupted.

Click the Start button to begin the process. The program should not take long to finish its job

Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

Step 2 :

We need to make sure you don't have another infection which can cause Google redirects. This is unlikely to fix your problem but its best to be safe than sorry as they say.

Please download GooredFix from one of the locations below and save it to your Desktop

Download Mirror #1

Download Mirror #2

Ensure all Firefox windows are closed.

To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).

When prompted to run the scan, click Yes.

GooredFix will check for and remove any infections. You can close it when its finished.

Step 3 :

The following should remove the redirects and have your PC back to normal

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

If you are using Firefox, make sure that your download settings are as follows:

Tools->Options->Main tab

Set to "Always ask me where to Save the files".

During the download, rename Combofix to Combo-Fix as follows:

It is important you rename Combofix during the download, but not after.

Please do not rename Combofix to other names, but only to the one indicated.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

-----------------------------------------------------------

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

-----------------------------------------------------------

Double click on combo-Fix.exe & follow the prompts.

Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall

This should fix your search engine redirects. Please restart your PC, check how its running and if there are any more redirects.

Step 4 :

This step is easy and quick, it is to remove any left over pieces of malware or anything else that may be hiding

Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select "Perform Quick Scan", then click Scan.

The scan may take some time to finish,so please be patient.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed it is recommended you reboot your PC

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Conclusion :

Let us remove those tools we used, its best not to keep them around.

Download OTC to your desktop and run it

Click Yes to beginning the Cleanup process and remove these components, including this application.

You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

Your PC should hopefully be clean from those pesky redirects ! There is nothing left to do but enjoy having a normal PC again. If that isn't the case then you must have some other sort of infection or a new variant. Don't worry though, its nothing we cant fix. Just pop over to the Virus, Spyware and Trojan Removal forum here

Make sure you read the Start Here Guide first. This will have you go through some essential steps before posting on the forum. It will be of big help to us so please do all the steps.

However, if this guide did fix your PC, then we are glad to be of assistance. Feel free to hang around as there is plenty to read and learn here.

Regards

The GeeksToGo Team.

Edited July 5, 2009 by Phantom Helix

[Phantom Helix]

Guess he found out???

[BGM]

or he got redirected away from this page :p

must say though, i had this issue a month or so ago, it was an absolute nightmare to get rid of. very clever little bugger.

[kimsland]

Combofix probably would have enabled Malwarebytes to work

It could have been TDSSserv device enabled in Device Manager too. Eeasy fix, just disable this hidden device, or do this:

• sc stop TDSSserv.sys
  sc delete TDSSserv.sys
  

But ideally a HijackThis log would have helped to know just about everything, and what the next steps should be

But its all too late now, Mr. Grumpy must have come home. It must be a great feeling being scared of someone you live with. Personally I'd leave.

Oh and Check Disk may have helped that corruption

[Phantom Helix]

Guess he found out???

I was referring to Her Husband, lol

[kimsland]

But its all too late now, Mr. Grumpy must have come home.

I know

Me too. Obviously no more OP replies. I hope she is ok, does angry mean verbally angry or physically angry?

I hate angry people, they make me so damn.. so damn mad ! :)