Ad: Manage updates with the Download App
ie8 fix
Click Here

Spyware, viruses, & security forum: Can't get rid of a google redirect trojan/virus.

by: Jennifer1510 November 27, 2012 8:18 PM PST

Like this

0 people like this thread

Staff pick

Resolved question

Can't get rid of a google redirect trojan/virus.

by Jennifer1510 - 11/27/12 8:18 PM

I am having issues with google redirect. To be more specific, when I google something, and then click a link, I will be sent to a very obvious spam website instead of the link I clicked. If I click the back button, I will get to the link I wanted in the first place.

I have run multiple scans with AVG, eSet, Malwarebytes, and Hitman. Eset is the only thing that found anything. It found these items:


C:\$RECYCLE.BIN\S-1-5-21-785293973-1187815849-3269181308-1000\$R9TFSQT.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\$RECYCLE.BIN\S-1-5-21-785293973-1187815849-3269181308-1000\$RQH0ION.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Users\andyandjenni\AppData\Local\Temp\013aa5a58c11.exe a variant of Win32/Kryptik.ANVZ trojan cleaned by deleting - quarantined
C:\Users\andyandjenni\AppData\Local\Temp\ICReinstall\cnet2_Greenshot-INSTALLER-0_8_0-0627_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Users\andyandjenni\AppData\Local\Temp\ICReinstall\cnet_ComboFix_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Users\andyandjenni\AppData\Local\Temp\is1598539481\BuzzdockSetup-Silent.exe multiple threats cleaned by deleting - quarantined
C:\Users\andyandjenni\AppData\Local\Temp\is1598539481\zgInstaller.exe Win32/Toolbar.Zugo application cleaned by deleting - quarantined
C:\Users\andyandjenni\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\111004132821909.rsc multiple threats deleted - quarantined
C:\Users\andyandjenni\Downloads\cnet_ComboFix_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Users\andyandjenni\Downloads\defragsetup.exe a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined



but afterwards I am still having the redirect problem. I reran the eset scan and now it doesn't find anything. I'm ready to try anything and follow directions explicitly if anyone knows what to try. I'm running Vista. Let me know what else you need.

Jennifer1510 has chosen the best answer to his/her question.
Click here to view the answer that was selected.


Jennifer1510 has chosen the best answer to his/her question!
Click here to view the answer that was selected.

Answer This
Ask for clarification
Report offensive post
Email to friend

Clarification request: Some of those?

by R. Proffitt Moderator - 11/28/12 5:32 PM

In Reply to: Can't get rid of a google redirect trojan/virus. by Jennifer1510

http://security.stackexchange.com/questions/14515/is-buzzdocks-a-security-threat

I'd try Grif's advice at http://forums.cnet.com/7726-6132_102-5098912.html?tag=posts;msg5099421 then take a look at my DNS and homepage entries if all comes up clean.

I'd also consider ejecting all toolbars.
Bob


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Toolbars

by Jennifer1510 - 11/30/12 2:19 PM

In Reply to: Some of those? by R. Proffitt Moderator

Do you see a specific toolbar in that list? I'm not aware that I have any.


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Give yourself time.

by R. Proffitt Moderator - 11/30/12 5:20 PM

In Reply to: Toolbars by Jennifer1510

I've run into new users that call them APPS or add ons and the list is far too long. Your post revealed one so I put a laser focus on it but now I worry that you are in need of a personal computer tech.
Bob


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

clarification

by Jennifer1510 - 12/5/12 7:12 AM

In Reply to: Give yourself time. by R. Proffitt Moderator

I'll uninstall the toolbar. Which of those items is it? Need a name or something.


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

I supplied. Buzzdock.

by R. Proffitt Moderator - 12/5/12 9:58 AM

In Reply to: clarification by Jennifer1510

I also supplied a link discussing it. Some of these HIDE under other names.

I am not at your PC but you could uninstall one toolbar after another until you get it. IE and browsers work fine without these.
Bob


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend
Answers
Answer Best answer as chosen by user Jennifer1510

Got my answer elsewhere

by Jennifer1510 - 12/10/12 7:12 AM

In Reply to: Can't get rid of a google redirect trojan/virus. by Jennifer1510

Wanted to mark this question as resolved, but I didn't get it resolved here. Another website forum was able to pinpoint my problem.


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Thanks for letting us know..

by Carol~ Moderator - 12/10/12 9:06 AM

In Reply to: Got my answer elsewhere by Jennifer1510

Jen..

In some cases, it's best to post at a Malware Removal forum. You already found out it can be a tedious process, depending on what the problem is - and where.

Sometimes it's as simple as running a couple of scans. Sometimes it's not. When it's not, the Malware Removal forums will work with you "one on one", until the problem is resolved. As they did with you over this past week. Time constraints permit us from doing the same.

Glad to hear .. all is well.

Carol


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

I read @Alternate Data Stream.

by R. Proffitt Moderator - 12/10/12 9:34 AM

In Reply to: Got my answer elsewhere by Jennifer1510

Lovely, deep, and wonderful issue. At times I wonder if ADS should be removed from this OS.
Bob


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend
Answer Best answer as chosen by user Jennifer1510

An Additional Thought

by Carol~ Moderator - 12/5/12 11:53 AM

In Reply to: Can't get rid of a google redirect trojan/virus. by Jennifer1510

Jenni..

In addition to Grif's advice, which Bob recommended you follow, you might also want to try scanning with:

Kaspersky's TDSSKiller - Instructions are listed below. (Additional instructions can be found here)
http://support.kaspersky.com/viruses/solutions?qid=208280684

Best of luck..
Carol


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Forum Icon Legend

  • UnreadUnread
  • ReadRead
  • Locked threadLocked thread
  •   
  •   
  •   
  •   
  •   
  •   
  •   
  • ModeratorModerator
  • CNET StaffCNET Staff
  • Samsung StaffSamsung Staff
  • Norton Authorized Support TeamNorton Authorized Support Team
  • AVG StaffAVG Staff
  • avast! Staffavast! Staff
  • Webroot Support TeamWebroot Support Team
  • Acer Customer Experience TeamAcer Customer Experience Team
  • Windows Outreach TeamWindows Outreach Team
  • DISH staffDISH staff
  • Dell StaffDell Staff
  • Intel StaffIntel Staff
  • QuestionQuestion
  • Resolved questionResolved question
  • General discussionGeneral discussion
  • TipTip
  • Alert or warningAlert or warning
  • PraisePraise
  • RantRant

You are e-mailing the following post: Post Subject

Your e-mail address is used only to let the recipient know who sent the e-mail and in case of transmission error. Neither your address nor the recipient's address will be used for any other purpose.

Sorry, there was a problem emailing this post. Please try again.

Submit Email Cancel

Thank you. Sent email to

Close

Thank you. Sent email to

Close

You are reporting the following post: Post Subject

If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.

Offensive: Sexually explicit or offensive language

Spam: Advertisements or commercial links

Disruptive posting: Flaming or offending other users

Illegal activities: Promote cracked software, or other illegal content

Sorry, there was a problem submitting your post. Please try again.

Submit Report Cancel

Your message has been submitted and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.

Close

Your message has been submitted and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.

Close

You are posting a reply to: Post Subject

The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to the CNET Forums policies for details. All submitted content is subject to CBS Interactive Site Terms of Use.

You are currently tracking this discussion. Click here to manage your tracked discussions.

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

Sorry, there was a problem submitting your post. Please try again.

Sorry, there was a problem generating the preview. Please try again.

Duplicate posts are not allowed in the forums. Please edit your post and submit again.

Submit Reply Preview Cancel

Thank you, , your post has been submitted.

> Click here to view your post. > Manage your tracked discussions. > Track this discussion. Close

Thank you, , your post has been submitted and will appear on our site shortly.

Close

You are requesting a clarification of the question: Post Subject

The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to the CNET Forums policies for details. All submitted content is subject to CBS Interactive Site Terms of Use.

You are currently tracking this discussion. Click here to manage your tracked discussions.

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

Sorry, there was a problem submitting your post. Please try again.

Sorry, there was a problem generating the preview. Please try again.

Submit Clarification Request Preview Cancel

Thank you, , your post has been submitted.

> Click here to view your post. > Manage your tracked discussions. > Track this discussion. Close

Thank you, , your post has been submitted and will appear on our site shortly.

Close

You are posting an answer to the question: Post Subject

The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to the CNET Forums policies for details. All submitted content is subject to CBS Interactive Site Terms of Use.

You are currently tracking this discussion. Click here to manage your tracked discussions.

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

Sorry, there was a problem submitting your post. Please try again.

Sorry, there was a problem generating the preview. Please try again.

Submit Answer Preview Cancel

Thank you, , your post has been submitted.

> Click here to view your post. > Manage your tracked discussions. > Track this discussion. Close

Thank you, , your post has been submitted and will appear on our site shortly.

Close
close

Click here to be notified via e-mail when someone submits an answer.

Would you like to resolve this question? close

Based on your response, it looks like this question has been answered.



Sorry, there was a problem resolving this question. Please try again.

Resolve Leave unresolved