Hi Experts:

My Windows XP Pro SP 3 desktop appears to be infected by the google redirector virus. When I click on any of the Results from a google search, I am taken to various other sites.

Another issue which is probably related to this malware is that: I cannot start the desktop in Safe mode. I attempted to press F8 to enter safe mode at XP startup, but was unable to. I can make the selection, but XP loads some drivers, but then always restarts. So I started XP normally and went in and manually ran <msconfig> and checked the /safeboot option in the boot.ini. However when XP restarts, the system keeps repeatedly rebooting. I read in one of the blogs that some recent malware have begun to cause this problem.

I ran Malwarebytes Anti-Malware in normal mode a couple of times. It is not showing any errors anymore.
I ran SuperAntispyware in normal mode. It is not showing any errors anymore.
I ran SpyBot and it is not showing any errors anymore.
I ran ATF-Cleaner and zapped all the temp logs etc.

ComboFixIT output is attached.
Hijack output is attached also.

Any help would be greatly appreciated. I do not know how to get the problem resolved.

Attached Files

ComboFix.txt (27.7 KB, 2 views)

Hi chandgy2

Welcome to Tech-101

Couple of things I would like to point out.

1,
You have attached a Combofix log. ComboFix is a very powerful removal program that can send a system to its knees. It can if used improperly cause your system to fail and become un-usable in the worst case.
Please for your own safety don't run Combofix unless asked by a professional.

We are looking out for you

2,
You seem to have missed the HijackThis log. Its not attached, just your combfix log is present.

3,
You said you have run Malwarebytes. Can you please attach the logs it has produced. It may be useful for your helper.
It will be named like this:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Its possible that its not Virus related but its worthwhile getting checked out so good first step.
Someone will be along shortly to analyse your logs and help you from there.

Good luck!

__________________

Hi:

Thanks so much for emailing me. I will follow your suggestion and not run any diagnostic/repair software without expert help.

I am attaching the requested files.

All my computer problems started when I copied couple of files from a friend onto 2 computers (not networked). I have deleted the 2 files - one was a PDF and another an AVI of an Ultrasound scan. Both computers are having similar problems now. The google redirect problems appeared immediately afterwords on both computers.

I ran TFC.exe, updated JAVA to the latest version.

I am again running the Full Scan with Anti Malwarebyes.

Any help would be greatly appreciated. Thanks again.

Attached Files

	hijackthis.txt (14.5 KB, 0 views)
	mbam-log-2009-10-26 (07-36-23).txt (852 Bytes, 1 views)
	RootRepeal.txt (40.4 KB, 0 views)
	RSIT_log.txt (49.5 KB, 1 views)
	RSID_info.txt (32.8 KB, 0 views)

Hi,

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

__________________
Infected? Use the Preliminary Removal Instructions then post in the Virus and Malware Removal Forums