[SOLVED] Nasty Search Engine Redirect Malware!!
i am at my wits end.
i have run adaware, ewido, avg antispyware and antivirus, ccleaner, cwshredder, fixwareout, hijackthis (obviously), registry mechanic, and probably a couple other things i've forgotten by now. Every program that could be used in safemode was used there.
Someone who shares this machine caught Windows Antivirus 2008 on their profile while attempting to download a wallpaper. i seem to have gotten rid of all that, but still get redirected whenever a link is followed from a search engine. The status bar reflects a redirect to "go.google.com" and then many ip addresses before landing at a fake search engine site, if google is used. If yahoo is used, it redirects to go.yahoo.com, etc.
The WAV2008 was contracted via Firefox. i have since removed IE from the machine entirely (as far as i know) and have removed Firefox 3.0 and downgraded to 2.0. i also just installed Opera and the same tredirect happens there. Some programs i've used found things, cleaned them and when i ran them again, came up clean. Everything is coming up clean but i am still being redirected. i am also unable to access help forums like this one (thank god i have a laptop); i get an "unable to establish a connection to server" page, but i can access it via proxy page. Also can't update adaware definitions- it fails. Had to download onto laptop and network the machines to update it. i'm now at a total loss and you guys are my only hope.
Here's my HijackThis log at present:
Logfile of HijackThis v1.99.1
Scan saved at 8:50:45 PM, on 9/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Documents and Settings\wolf\My Documents\CLEANING\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: Copy to Semagic - C:\Program Files\Semagic\copy.htm
O8 - Extra context menu item: Semagic - C:\Program Files\Semagic\link.htm
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
Thanks for any help in advance.
__________________
|
