1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

[Active] Google time limit redirect

Discussion in 'Spyware, Adware, Viruses and Malware Removal' started by Teebs, Jan 26, 2010.

  1. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    1. Please download The Avenger to your Desktop.

    • Right click on the Avenger.zip folder and select "Extract All..."
    • Follow the prompts and extract the Avenger folder to your desktop

    2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):


    Code:
    Begin copying here:
    Files to move:
    C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys | C:\WINDOWS\system32\drivers\atapi.sys
    
    3. Now, open the avenger folder and start The Avenger program by clicking on its icon.


    • Right click on the window under Input script here:, and select Paste.
    • You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard.
    • Click on Execute
    • Answer "Yes" twice when prompted.

    4. The Avenger will automatically do the following:


    • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
    • On reboot, it will briefly open a black command windowon your desktop, this is normal.
    • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
    • The Avenger will also back up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

    5. Please copy/paste the content of c:\avenger.txt into your reply
     
  2. Teebs

    Teebs Techie7 New Member

    Logfile of The Avenger Version 2.0, (c) by Swandog46
    Swandog46's Public Anti-Malware Tools

    Platform: Windows Vista

    *******************

    Script file opened successfully.
    Script file read successfully.

    Backups directory opened successfully at C:\Avenger

    *******************

    Beginning to process script file:

    Rootkit scan active.
    No rootkits found!

    File move operation "C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys|C:\WINDOWS\system32\drivers\atapi.sys" completed successfully.

    Completed script processing.

    *******************

    Finished! Terminate.
     
  3. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    How is redirection?
     
  4. Teebs

    Teebs Techie7 New Member

    Still there I'm afraid.
     
  5. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    I assume, we're still talking about this issue:
    You're not really being redirected to some nasty sites, correct?
    What browser is it?
     
  6. Teebs

    Teebs Techie7 New Member

    No, it's literally holding me on a blank page for 10 seconds (I counted, it's exactly 10 seconds every time) before redirecting me to the correct page, it's very annoying... but I'm just worried that something malicious is going on in the background... browsing habits being recorded etc.

    Firefox but like I said it's also happening in IE too.

    I know a lot of people are having a similar thing only they are being redirected to spam sites, but it's just a blank page for me, I just have to wait 10 seconds if I click on a link from Google.
     
  7. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    Your computer looks clean, but we'll check further in a moment.

    Close Firefox. Go Start>All Programs>Mozilla Firefox, click on Mozilla Firefox (safe mode). Same thing?

    Close IE.
    Go Start>All Programs>Accessories>System Tools, and click on Internet Explorer (no add-ons). Same thing?
     
  8. Teebs

    Teebs Techie7 New Member

    Same thing on both counts.
     
  9. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    Couple more questions...
    When the browser goes to the blank page, is there anything displayed in address bar?
    After 10 second, does it go to the right page by itself, or you have to do something?
     
  10. Teebs

    Teebs Techie7 New Member

    As an example when I search for test in Google and click the second link down i.e

    TEST

    The page is blank for 10 seconds with this in the address bar

    test - Google Search

    The forum automatically turned the above into a link but you can see the address by right clicking and copy link address... It seems that it is simply the Google URL for the search test.


    ...
    Then after 10 seconds it forwards to the correct page all by itself.
     
    Last edited: Feb 1, 2010
  11. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    I see:
    Code:
    http://www.google.co.uk/search?q=test&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a&as_acct=1ya4np8o9o07&cr=j4c725kh22d3


    You know, I really don't think, we're dealing with any infection here, but let's run couple more scans.

    1. Download Temp File Cleaner (TFC)
    Double click on TFC.exe to run the program.
    Click on Start button to begin cleaning process.
    TFC will close all running programs, and it may ask you to restart computer.


    2. Go to Kaspersky website and perform an online antivirus scan.

    1. Disable your active antivirus program.
    2. Read through the requirements and privacy statement and click on Accept button.
    3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    4. When the downloads have finished, click on Settings.
    5. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:


    • Spyware, Adware, Dialers, and other potentially dangerous programs
      [*] Archives
      [*] Mail databases

    6. Click on My Computer under Scan.
    7. Once the scan is complete, it will display the results. Click on View Scan Report.
    8. You will see a list of infected items there. Click on Save Report As....
    9. Save this report to a convenient place. Change the Files of type to Text file (.txt before clicking on the Save button. Then post it here.
     
  12. Teebs

    Teebs Techie7 New Member

    The Temp File Cleaner seemed to do the trick.

    I hope that you don't think this was a complete waste of time, as I did have active threats initially which you very much helped me to get rid off.

    I appreciate all your help.

    Thank you!
     
  13. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    Of course not. I learn too from every new thread :)
    I still would like you to run Kaspersky scan though...
     
  14. Teebs

    Teebs Techie7 New Member

    I'll do that now and report back.
     
  15. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    Cool :)