Instructables

Google Jump/Re-direct "Virus" Help!!

Has anyone else had issues the last few days, with an Adware/Trojan which re-directs links and addresses? I have delt with them before yet this one seems particularly nasty. Not only does it re-direct every link in all search engines to random sites it also blocks many if not all sites associated with adware removal tools/tech support etc. Example: HJ this is not attainable to send techs logs. I can't get to my email because hotmail.com wont open. It begun as just a simple re-direct script but it seems the sites which I have been re-directed to are flooding my comp with ad-ware/fake virus removal tools/security warnings. One of the spawning virus's has managed to remove my "task bar" and "My computer" from the desktop. My comp is just spawning trojans and adware at the moment, every time I do a full scan there is atleast 40 more spawned by the time it is finished (15min). At the moment the only thing I have is Super Anti Spyware, which the guys there are obvious on this as their 15min updates seem to be catching the new creations... But I'm fighting a loosing battle here... I know it is probably beyond most here to help me, yet I was more interested to see if any one else has been affected, as the site that I can get to for tech assistant is flooded out with... "Another Google re-direct Virus Help!" in their forums... Google has to be PO'd about this one.

deaf2584 years ago
Looks like there is a new version of Google Ads trojan! Found it here on Instructables.com.
yourcat5 years ago
My dad's a computer tech, if any with this problem happen to be in the nebraska panhandle area, maybe I could get you some help.
gazzo5 years ago
i think its an add-on go to tools click manage add-ons then click enable or disable look for name D or file mwb23880.dll and disable it worked for me
Any news, is your computer ok now?
Lftndbt (author)  lordofthedonuts5 years ago
Yes it is thankyou. I managed to get to my hotmail via Firefox. Opera and IE were blocking it. That allowed me to get my BBS forums password and return there for assistance. with 2 hours of getting back on their forums, a volunteer (Geri) managed to remove any traces of it. This was done by removing all suspicious entries HJ this found and Geri supplied a renamed copy of Combo fix (because the wiruses will not let you download anything associated with viruses removal). Combo fix is what you need to null the anti download part of the virus. Once Combo fix killed the root entry, it allowed me to download, MBAM and RSIT. MBAM removed the rest of the Malware and the system was restored. So in answer to your question yes, everything is good now. Thanks for your interest/support.
Yay! No more zoo porn!
Lftndbt (author)  Doctor What5 years ago
Double YaY!! The G/F was starting to get suspicious... LoL Who makes ZOO porn anyway? For that matter, who looks at it? Poor lil' ZOO animals. LMAO
People that are deeply, deeply disturbed. Fetishists.
Not Fetishists in general, just animal fetishists. Is fetishists even a word? Why do I continue to go on?
I have the same problem, (without the removal of stuff though) now it's worse I can't even go on Google... I've found that it's what's called a "Browser Hijacker" and well it's pretty nasty stuff. I can't get rid of it. And I unfortunately did not made any system save for a restore...
Lftndbt (author)  lordofthedonuts5 years ago
Forget your sys restore. That was one major stuff up from the beginning. The sys restore method allows a loop-hole in which the Ad-ware simply rights itself into your restore points... If you have the same one as me it will wipe your restore points any way.. I'm just hoping someone comes up with something soon as my net/computer is getting lagged really bad now. If you can still acces your mail, join a comp help site and download Highjack this. Post a log and a tech will be able to help you.... I can't even enter some emails address such as hotmail, and hence can't join/access any help sites.
I tried HijackThis but didn't know what to do then. First I'll try to remove the HDD and run it on anther computer as an external drive and scan it with a battery of virus/spyware/malware removal tool, if that doesn't work I'll reformat. It doesn't causes any problem to me. Next time I'll do a ghost of my clean system­.
Lftndbt (author)  lordofthedonuts5 years ago
No!! Do not connect it to another clean pc!! Take the HJ this log and post it on a computer tech help forum... They will find the root of the cause and help you remove it.... If not leave it where it is and re-format it if you can.
Well, My dad's a computer technician, I think he knows what he's doing. ; )
Lftndbt (author)  lordofthedonuts5 years ago
Well, you didn't say that now did you? In that case any chance he could check out your and my HJ this log?
Sorry he can't help you, he doesn't know about HJthis. The scanning of the disk didn't work, I'm formatting my computer right now...
HJ this is short for HIjack this-I'll bet he knows about it.
I know what HJ is, downloaded it... And no, he doesn't know that program... Sorry...
That is very strange. Huh.
Lftndbt (author)  Lithium Rain5 years ago
That's what I was thinking. "Huh"
Well, I mean, I'm not saying anything, but it does seem strange for a computer technician to not know about it...
let's just say my father is a strange technician. ; )
Lftndbt (author)  lordofthedonuts5 years ago
Perhaps not strange, but if he knows his stuff he probably doesn't need HJ this. HJ this is just a convienient wat of logging processes running and other items that you may not notice off hand. It isn't the be all and end all of scanning utils by far. It misses alot of things...
Bond, James Bond...
wazupwiop5 years ago
um... if you haven't gotten rid of it already, you need to use another friends computer and burn a cd of an anti virus software, and run it in safe mode. My dad had to take a virus of a computer once and it took 2 days. If you want you can back up your whole computer to an external hard drive, so next time a virus attacks your computer you can format your hard drive and then restore your data.
Lftndbt (author) 5 years ago
(removed by author or community request)
Rockerx Lftndbt5 years ago
If you haven't gotten rid of them yet. I could tell you which are good and which should be deleted/terminated if you want.
Lftndbt (author)  Rockerx5 years ago
hang on ill delete that and post a fresh gimme a sec.
Rockerx Lftndbt5 years ago
k
Lftndbt (author)  Rockerx5 years ago
any ideas?
Derin5 years ago
Whoa,that seems serious.My dad once got this virus that kept opening a porn site,FOR GOD,IM GONNA STRANGLE THE MAN WHO MADE THAT VIRUS
HomerStranglesBart1.gif
LOL!!!
Lftndbt (author)  Derin5 years ago
Well apparently I am into "animal porn"/ "Zoo porn" as I now have several folders on my desktop for various services... LoL
Zoo porn? How interesting. My email is...
Lftndbt (author) 5 years ago
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:39:07 PM, on 9/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Venturi\Client\ventc.exe
C:\Program Files\Venturi\squid\ventcsquid.exe
C:\Program Files\Venturi\squid\ventcdnsserver.exe
C:\Program Files\Venturi\squid\ventcdnsserver.exe
C:\Program Files\Venturi\squid\ventcdnsserver.exe
C:\Program Files\Venturi\squid\ventcdnsserver.exe
C:\Program Files\Venturi\squid\ventcdnsserver.exe
C:\Program Files\Venturi\squid\ventcdnsserver.exe
C:\Program Files\Venturi\squid\ventcunlinkd.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Venturi\Configurator\ventcfg.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Unwired\UwSCT.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Multimedia Mouse Driver\MouseDrv.exe
C:\Program Files\Opera\Opera.exe
C:\Virus scanners\Trend Micro\HijackThis\HijackThis.exe

O4 - HKLM\..\Run: [Venturi Configurator] C:\Program Files\Venturi\Configurator\ventcfg.exe -nomsgbox
O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\Multimedia Mouse Driver\StartAutorun.exe MouseDrv.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Unwired Launchpad.lnk = C:\Program Files\Unwired\UwSCT.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Venturi Client (VenturiClient) - Venturi Wireless - C:\Program Files\Venturi\Client\ventc.exe

--
End of file - 2429 bytes
Doctor What5 years ago
Where'd you pick it up from? Got a general idea?
Lftndbt (author)  Doctor What5 years ago
No unfortunatley not... It wasn't like whammooo !!!! it was sneaky, it got in some how, wrote itself all over the place.. I'm fairly certain it is just designed to redirects links, yet the links seem to be ad-ware full and every mis-link somehow lets in several adware progs. I have managed to remove over 1000 ad-ware/trojan/viruses in the last three days, now im down to none, with about 6 spawning somehow every hours. I have stopped clicking dead links which seems to have curbed the intake of adware yet the redirect issue is still there. My internet is running at less than dial up speed at the moment... It also screwing with my display card ad everytime, I lag out and something fishy seems to be happening I get flickers of miss-pixels on my screen. Never seen that before. I am also getting spikes every 5 secs on my ram usage.... shoots up to 100% and hangs, which causes opera to "not respond" I have a feeling that I am now the hacker, the way the comp is lagged out im thinking its now helping the hackers cause.
emuman4evr5 years ago
Restart in windows safe mode. Clean up your registry. Run a virus scan delete everything. Blow up your computer.
Lftndbt (author)  emuman4evr5 years ago
All done.... cept for the "Blow up your computer" part... Will that be necessary.?
It prevents the spread of aids from computer to computer contact via usb, ethernet, and other peripherals.
aids?computers dont get aids,men do,anyway i turn off antivirus only when I unplug any means of communication.
dsman1952765 years ago
ya, this has happened to me. what i do is take the google address for the site and copy it into the address bar. and then do what emuman4evr said.
NachoMahma5 years ago
. I haven't run into that one. I'd do a search to see if anyone has a way to get rid of it. If not, reformat the HD.
Would booting into safe mode and doing a scan work?
Lftndbt (author)  whatsisface5 years ago
Yes it does, everytime. But unfortunatley it spawns itself prior/while being removed.
Lftndbt (author)  NachoMahma5 years ago
LoL, sll search enignes "re-diect" to random sites.