Google Redirect virus

What browser are you using?

There's a bit of malware getting inadvertantly installed now with other programs (I got hit with one called mybrowserbar), and it's a script thing.

I got rid of it with Hijackthis, I think. I might have used Hijackthis in combination with SuperAntiSpyware.

I use Noscript with Firefox now--it blocks everything except what I want to allow. It takes a bit to establish what's ok, but it keeps your browser from diverting away and lets you know when something is going on.

 

Seems like its your host file that is redirecting.... try Norton Power Eraser

 

we had this on one of our computers at work, they had to send it off somewhere to have it fixed...

 

Just re-install the OS, something that is infected that badly isn't worth messing with. My suggestion is to make an image of your PC right after you get the OS installed, drivers installed and OS patched. That way if you ever have to do it again, it is that much less work next time. Look into http://clonezilla.org/ it is a free alternative to Norton Ghost and the like.

 

Good info, my moms computer only lets us surf the web on my sisters profile, but it was working before . I believe it has this redirect virus, its freaking annoying.

 

microsoft security essentials

 

If your redirector is coolwebsearch, this might help:

http://download.cnet.com/CWShredder/3000-8022_4-10301587.html

 

This ^^ big time. That might be why you're getting reinfected.

Also
http://www.bleepingcomputer.com/virus-removal/remove-tdss-tdl3-alureon-rootkit-using-tdsskiller. I know you said you tried it, but perhaps this page will give you a bit more info.

Renaming TDSSkiller.exe might help too.

Also check out the tools from Avira. I've had great success with them, especially the bootable rescue CD (Avira AntiVir Rescue System) whcih allows you to boot off the CD, bypassing Windows. It's free. They've got a nice anti-rootkit tool as well.

But MAKE SURE you turn off system recovery first!

 

such great info in this thread

 

It's redirecting to random websites, not really consistent.

I'll try that. Thanks

 

Try posting over on bleepingcomputer.com. They'll walk you through a process to ID and extract the malware. Do exactly as they tell you and nothing more. They have good folks on that forum.

 

This. I can send you a new HOST file, but check out bleepingcomputer.com they are pretty good. I've had to remove this virus several times for clients.

 

New host file may not work as I've seen these apps recreate them if they are replaced. I've also seen them locked down so you can't change them out. A process like RKILL is the only way to stop the app and then run the tools to kill the infection. This is why I always suggest people post in bleepingcomputer as they will ask for appropriate logs to determine the best course of action.

 

Indeed. bleepingcomputer is a great forum, they are very helpful - but like others said, do exactly as they say - no more, no less. Some of the stuff they have you do could be pretty dangerous if you don't follow their directions carefully.

 

Sorry if someone has already suggested this but you could boot into safe mode and then use system restore to go back to a restore point before you were infected. Good luck

 

If it continues to reappear after it looks like it's gone, there is something hidden in your registry. I've run into a virus like this before. Took me almost a week to get rid of it. Malwarebytes got rid of a portion, but I still had to delete a few entries from the registry to prevent a return. I found the entries by using the name of a site it redirected me to and googling "redirect virus <site name>". Good luck.

 

I just picked one. I guess it was a lucky pick. Didn't say it was gonna be easy.

Try googling "google redirect virus registry entries". You might get lucky.

PS BACK UP YOUR REGISTRY BEFORE FUCKING WITH IT!!!!