Skip to content


Reply
Legendary Noble
malwarekiller
Posts: 3,990
Registered: ‎08-08-2011
Accepted Solution

How to fix google redirects/Rootkits.

[ Edited ]

Due to Increase in such cases i am forced to write this guide so that newly infected user get some help.

 

To get assistance please make a seperate topic and please do not post problems in this topic in order to avoid getting ignored on one thread.ThankYou.:smileyhappy:

 

 

Step 1 : Safety precautions


Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference.


Backup Your Registry with ERUNT

  • Please use the following link and scroll down to ERUNT and download it.
    http://aumha.org/freeware/freeware.php
  • For version with the Installer:
    Use the setup program to install ERUNT on your computer
  • For the zipped version:
    Unzip all the files into a folder of your choice.

Click Erunt.exe to backup your registry to the folder of your choice.

Note: to restore your registry, go to the folder and start ERDNT.exe



Please download OTM

download area found here:

 http://www.geekstogo.com/forum/files/file/402-otm-oldtimers-move-it/

 

  • Save it to your desktop.
  • Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Files
    ipconfig
    /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [EMPTYFLASH]
    [Reboot]


  • Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.

  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM and reboot your PC.


Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. 



Step 2 : The fix



Please download GooredFix from one of the locations below and save it to your Desktop
download area is found here:

http://forums.majorgeeks.com/showthread.php?t=182559


  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • It doesn't take long to run, once it is finished move onto the next step




Please read carefully and follow these steps. 

  • Download TDSSKiller and save it to your Desktop.
  • download area is found here:
  • http://support.kaspersky.com/viruses/utility
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image


  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image


  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image


  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

 



Download aswmbr to your desktop.

download link is found here:

public.avast.com/~gmerek/aswMBR.htm

 

Double click the aswMBR to run it

 

 

Click the [Scan] button to start scan

 

 Click save log at the end of the scan and post that log here on next reply.

 

How to fix

 

Re-run aswmbr

 

Click [Scan]

 

Click the [Fix] for TDL4 (MBRoot) or [FixMBR] for Whistler (button select as appropriate)

 

 

 

THEN

 

google for malwarebytes antimalware,update it do a full scan,once scan is complete,click show results,make sure everything detected is ticked and hit remove selected,a log will be generated after the removal is complete copy and paste it here on your next reply.

—————
Was this post helpful? Say “thanks” by giving me a “Kudo”!
Was your question answered or issue solved? Mark that post as an “Accepted Solution”!
Please use plain text.
Trend Micro Employee
red_one
Posts: 170
Registered: ‎04-06-2011

Re: How to fix google redirects/Rootkits.

Nice article :smileyhappy:


I am a Trend Micro employee. My comments and advice come from my personal knowledge and experience. I’m happy to volunteer what I can to help others have a great Trend Micro experience.
Please use plain text.
Affiliate
greggmh123
Posts: 1,978
Registered: ‎01-23-2010

Re: How to fix google redirects/Rootkits.

Nice article indeed...until your "JSMO" guy sees it and deletes all the links to your competitors' products!

 

Gregg Hill


I am a Trend Micro Affiliate. My comments and advice come from my personal knowledge and experience. I’m happy to volunteer what I can to help others have a great Trend Micro experience.
Please use plain text.
Trend Micro Employee
red_one
Posts: 170
Registered: ‎04-06-2011

Re: How to fix google redirects/Rootkits.

the links are working :smileyhappy:


I am a Trend Micro employee. My comments and advice come from my personal knowledge and experience. I’m happy to volunteer what I can to help others have a great Trend Micro experience.
Please use plain text.
Affiliate
greggmh123
Posts: 1,978
Registered: ‎01-23-2010

Re: How to fix google redirects/Rootkits.

Like I said, until your "JSMO" guy sees it.


I am a Trend Micro Affiliate. My comments and advice come from my personal knowledge and experience. I’m happy to volunteer what I can to help others have a great Trend Micro experience.
Please use plain text.
Legendary Noble
malwarekiller
Posts: 3,990
Registered: ‎08-08-2011

Re: How to fix google redirects/Rootkits.

Credit goes to the Geeks to go! site for this article.....

—————
Was this post helpful? Say “thanks” by giving me a “Kudo”!
Was your question answered or issue solved? Mark that post as an “Accepted Solution”!
Please use plain text.