Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Google redirect virus, need alternative to TDSSKILLER
New Posts  All Forums:Forum Nav:

Google redirect virus, need alternative to TDSSKILLER

post #1 of 18
Thread Starter 
this virus is beating my computers ass big time..and TDSSKiller won't run..it extracts everything but it wont initialize..is there an alternative program that can kill this virus as well (malwarebytes is useless vs this thing)
My System
(13 items)
 
  
CPUMotherboardGraphicsRAM
E6750 @ 3.4 Gigabyte P35 BFG GTX 260 216 MaxCore 55 @ 700/1500/1200 2gb crucial DDR2 667 @824 
Hard DriveOSMonitorKeyboard
74GB sata 10,000rpm rapto Windows XP westinghouse 22 logitech g15 
PowerCaseMouse
coolermaster 500w cooler master microsoft digital 
  hide details  
Reply
My System
(13 items)
 
  
CPUMotherboardGraphicsRAM
E6750 @ 3.4 Gigabyte P35 BFG GTX 260 216 MaxCore 55 @ 700/1500/1200 2gb crucial DDR2 667 @824 
Hard DriveOSMonitorKeyboard
74GB sata 10,000rpm rapto Windows XP westinghouse 22 logitech g15 
PowerCaseMouse
coolermaster 500w cooler master microsoft digital 
  hide details  
Reply
post #2 of 18
Quote:
Originally Posted by Rockin Z28 View Post
this virus is beating my computers ass big time..and TDSSKiller won't run..it extracts everything but it wont initialize..is there an alternative program that can kill this virus as well (malwarebytes is useless vs this thing)
Virus's aren't really magical things, they run like programs and certain steps must be taken depending upon the model/version. The google redirect could be many things, but most likely is that the virus changed your FF/IE/ Chrome network setting and is sending you through a proxy. Note: You should not be browsing or using this computer in any way, and it should be unplugged from the network.

Is it "MS Super AV" or something? Get the title and google it, there will be steps you can take such as killing the process or deleting a registry key that will shut down the virus for long enough for you to run MBAM (since the EXE is blocked like TDSSKiller).
    
CPUMotherboardGraphicsRAM
C2D T7100 1.8 ghz (undervolted) ummm... Dell Intel X3100 2 x 1gb 667mhz 
Hard DriveOptical DriveOSMonitor
Fujitsu 7200 RPM 120gb CD-RW/DVD dual boot Vista business 1440x900 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
C2D T7100 1.8 ghz (undervolted) ummm... Dell Intel X3100 2 x 1gb 667mhz 
Hard DriveOptical DriveOSMonitor
Fujitsu 7200 RPM 120gb CD-RW/DVD dual boot Vista business 1440x900 
  hide details  
Reply
post #3 of 18
Well, an alternative to TDSSKiller is MBR Check, but there's no guarantee that what you have is a tdss rootkit. Does MBAM find any infections at all? If so, can you post the log?
Workstation
(19 items)
 
  
CPUMotherboardGraphicsGraphics
Intel i7 920 c0 @ 3.50 Asus Sabertooth X58 Nvidia gtx 570 Nvidia gtx 210 
RAMHard DriveOptical DriveOptical Drive
12 GB (Patriot 4GB DDR3 1600 Mhz + G.Skill Ripj... OCZ Vertex II 60GB + x2 WD 1TB + WD 500 GB Lite-On DVD Burner LG Blu Ray Burner 
OSMonitorMonitorMonitor
Windows 8 Professional x64, Arch Linux x64 Samsung 22 inch 1920x1080 60Hz Asus 23 inch 1920x1080 IPS Acer 19 inch 1600x900 
KeyboardPowerCaseMouse
Logitech g11 Corsair 750 Watt NZXT Tempest Razer deathadder 3500 dpi 
Mouse PadAudioAudio
OCZ Audigy SE Sony MDR-V6 
  hide details  
Reply
Workstation
(19 items)
 
  
CPUMotherboardGraphicsGraphics
Intel i7 920 c0 @ 3.50 Asus Sabertooth X58 Nvidia gtx 570 Nvidia gtx 210 
RAMHard DriveOptical DriveOptical Drive
12 GB (Patriot 4GB DDR3 1600 Mhz + G.Skill Ripj... OCZ Vertex II 60GB + x2 WD 1TB + WD 500 GB Lite-On DVD Burner LG Blu Ray Burner 
OSMonitorMonitorMonitor
Windows 8 Professional x64, Arch Linux x64 Samsung 22 inch 1920x1080 60Hz Asus 23 inch 1920x1080 IPS Acer 19 inch 1600x900 
KeyboardPowerCaseMouse
Logitech g11 Corsair 750 Watt NZXT Tempest Razer deathadder 3500 dpi 
Mouse PadAudioAudio
OCZ Audigy SE Sony MDR-V6 
  hide details  
Reply
post #4 of 18
Boot into safe mode w/ networking

Remove any WINS/DNS settings that the virus might of put in on your NIC Settings.
Remove any proxy server settings the virus might of put in on your web browser settings.

Download RKill.exe http://www.technibble.com/rkill-repa...l-of-the-week/

Run Rkill.exe to have it kill any processes that are running that aren't necessary (this will kill the process that basically closes out any program (.exe) you are trying to run to get ride of the virus.

Download Malwarebytes and install and update

Run Malwarebytes scan while in Safemode still and it typically cleans the virus.

Reboot and load into Windows regularly. Run another Malwarebytes scan to ensure that it cleaned all the traces of the virus.

We had a couple PC's here at work have a fake AV that wouldnt allow any .exe's other than internet explorer to be opened up. And when you opened up IE it would redirect you to their website over and over again. This is how I cleaned the virus off. (It was a variant of the Trojan.Vundo virus)
post #5 of 18
After you do the above steps please:

change your AV to avast!

use Comodo Firewall
- use ONLY the firewall, not Defense+ or anything else

Run Prevx this along side your AV as a second opinion detection software

download and run SUPERAntiSpyware and Emsisoft Anti-Malware

Change your browser to Chrome

change your DNS to NortonDNS

use these addons for chrome:
Web of Trust (WOT)
AdBlock Plus and subscribe to Malware Domains
LastPass
XMarks

Browse shady/seedy websites in Sandboxie

Consider making backup images of your hard drive on an external drive every once in a while with Paragon
Edited by lucido - 4/26/11 at 10:30pm
Good Ol' Bob
(15 items)
 
  
CPUMotherboardGraphicsGraphics
Intel Core i7-950 ASUS P6X58D LGA 1366 EVGA GeForce GTX 470 EVGA GeForce GTX 470 
RAMHard DriveOptical DriveOS
CORSAIR XMS3 6GB (3 x 2GB) 240-Pin DDR3 1600 1TB Western Digital LG DVD-RW Windows 7 x64 Home Premium 
MonitorKeyboardPowerCase
Acer P243W 24" Logitech K200 600W NZXT Tempest 
MouseMouse PadAudio
Logitech g9x X TRAC PADS PRO Senheisser HD555 
  hide details  
Reply
Good Ol' Bob
(15 items)
 
  
CPUMotherboardGraphicsGraphics
Intel Core i7-950 ASUS P6X58D LGA 1366 EVGA GeForce GTX 470 EVGA GeForce GTX 470 
RAMHard DriveOptical DriveOS
CORSAIR XMS3 6GB (3 x 2GB) 240-Pin DDR3 1600 1TB Western Digital LG DVD-RW Windows 7 x64 Home Premium 
MonitorKeyboardPowerCase
Acer P243W 24" Logitech K200 600W NZXT Tempest 
MouseMouse PadAudio
Logitech g9x X TRAC PADS PRO Senheisser HD555 
  hide details  
Reply
post #6 of 18
download hijackthis and put it on a thumb drive.

boot computer in safe mode, run hijackthis

it should be able to take care of it from there
Unnamed Build
(23 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i7 3770k MAXIMUS V GENE NVIDIA GeForce GTX 780 Hydro Copper Vulcan 
Hard DriveCoolingCoolingCooling
Samsung 1TB 840 SSD Koolance CPU-380i XSPC Dual Bay Reservoir Phobya Xtreme 200mm Radiator 
CoolingCoolingCoolingOS
XSPC EX120 120mm Radiator Silverstone AP181 Fan Gentle Typhoon AP15 Windows 8 Professional x64 
MonitorKeyboardPowerCase
HP LP3065c DasKeyboard Ultimate Model S Seasonic X650 Silverstone TJ08B-E 
MouseMouse PadAudioAudio
Logitech G700 Mionix Propus 380 Audioengine D1 USB DAC Parasound 2125 Amplifier 
AudioAudioAudio
Beyerdynamic DT 770 Pro-80 Closed Studio Headph... Audio-Technica ATH-M50 Definitive Technology Studiomonitor 450 
  hide details  
Reply
Unnamed Build
(23 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i7 3770k MAXIMUS V GENE NVIDIA GeForce GTX 780 Hydro Copper Vulcan 
Hard DriveCoolingCoolingCooling
Samsung 1TB 840 SSD Koolance CPU-380i XSPC Dual Bay Reservoir Phobya Xtreme 200mm Radiator 
CoolingCoolingCoolingOS
XSPC EX120 120mm Radiator Silverstone AP181 Fan Gentle Typhoon AP15 Windows 8 Professional x64 
MonitorKeyboardPowerCase
HP LP3065c DasKeyboard Ultimate Model S Seasonic X650 Silverstone TJ08B-E 
MouseMouse PadAudioAudio
Logitech G700 Mionix Propus 380 Audioengine D1 USB DAC Parasound 2125 Amplifier 
AudioAudioAudio
Beyerdynamic DT 770 Pro-80 Closed Studio Headph... Audio-Technica ATH-M50 Definitive Technology Studiomonitor 450 
  hide details  
Reply
post #7 of 18
Quote:
Originally Posted by Skoobs View Post
download hijackthis and put it on a thumb drive.

boot computer in safe mode, run hijackthis

it should be able to take care of it from there
Hijackthis generates reports, It doesn't directly remove malware.
Good Ol' Bob
(15 items)
 
  
CPUMotherboardGraphicsGraphics
Intel Core i7-950 ASUS P6X58D LGA 1366 EVGA GeForce GTX 470 EVGA GeForce GTX 470 
RAMHard DriveOptical DriveOS
CORSAIR XMS3 6GB (3 x 2GB) 240-Pin DDR3 1600 1TB Western Digital LG DVD-RW Windows 7 x64 Home Premium 
MonitorKeyboardPowerCase
Acer P243W 24" Logitech K200 600W NZXT Tempest 
MouseMouse PadAudio
Logitech g9x X TRAC PADS PRO Senheisser HD555 
  hide details  
Reply
Good Ol' Bob
(15 items)
 
  
CPUMotherboardGraphicsGraphics
Intel Core i7-950 ASUS P6X58D LGA 1366 EVGA GeForce GTX 470 EVGA GeForce GTX 470 
RAMHard DriveOptical DriveOS
CORSAIR XMS3 6GB (3 x 2GB) 240-Pin DDR3 1600 1TB Western Digital LG DVD-RW Windows 7 x64 Home Premium 
MonitorKeyboardPowerCase
Acer P243W 24" Logitech K200 600W NZXT Tempest 
MouseMouse PadAudio
Logitech g9x X TRAC PADS PRO Senheisser HD555 
  hide details  
Reply
post #8 of 18
yeah it does... ive used it to clear up some crazy viruses for friends...

Quote:
HijackThis makes no separation between safe and unsafe settings in its scan results giving you the ability to selectively remove items from your machine. In addition to this scan and remove capability HijackThis comes with several tools useful in manually removing malware from a computer.
taken from http://free.antivirus.com/hijackthis/
Unnamed Build
(23 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i7 3770k MAXIMUS V GENE NVIDIA GeForce GTX 780 Hydro Copper Vulcan 
Hard DriveCoolingCoolingCooling
Samsung 1TB 840 SSD Koolance CPU-380i XSPC Dual Bay Reservoir Phobya Xtreme 200mm Radiator 
CoolingCoolingCoolingOS
XSPC EX120 120mm Radiator Silverstone AP181 Fan Gentle Typhoon AP15 Windows 8 Professional x64 
MonitorKeyboardPowerCase
HP LP3065c DasKeyboard Ultimate Model S Seasonic X650 Silverstone TJ08B-E 
MouseMouse PadAudioAudio
Logitech G700 Mionix Propus 380 Audioengine D1 USB DAC Parasound 2125 Amplifier 
AudioAudioAudio
Beyerdynamic DT 770 Pro-80 Closed Studio Headph... Audio-Technica ATH-M50 Definitive Technology Studiomonitor 450 
  hide details  
Reply
Unnamed Build
(23 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i7 3770k MAXIMUS V GENE NVIDIA GeForce GTX 780 Hydro Copper Vulcan 
Hard DriveCoolingCoolingCooling
Samsung 1TB 840 SSD Koolance CPU-380i XSPC Dual Bay Reservoir Phobya Xtreme 200mm Radiator 
CoolingCoolingCoolingOS
XSPC EX120 120mm Radiator Silverstone AP181 Fan Gentle Typhoon AP15 Windows 8 Professional x64 
MonitorKeyboardPowerCase
HP LP3065c DasKeyboard Ultimate Model S Seasonic X650 Silverstone TJ08B-E 
MouseMouse PadAudioAudio
Logitech G700 Mionix Propus 380 Audioengine D1 USB DAC Parasound 2125 Amplifier 
AudioAudioAudio
Beyerdynamic DT 770 Pro-80 Closed Studio Headph... Audio-Technica ATH-M50 Definitive Technology Studiomonitor 450 
  hide details  
Reply
post #9 of 18
It does not distinguish between good and bad files. You need someone trained in its use to analyze your log and develop a cleaning strategy or combofix script. It is not recommended to attempt this on your own as one can easily cause catastrophic and irreversible damage to your operating system install.
Good Ol' Bob
(15 items)
 
  
CPUMotherboardGraphicsGraphics
Intel Core i7-950 ASUS P6X58D LGA 1366 EVGA GeForce GTX 470 EVGA GeForce GTX 470 
RAMHard DriveOptical DriveOS
CORSAIR XMS3 6GB (3 x 2GB) 240-Pin DDR3 1600 1TB Western Digital LG DVD-RW Windows 7 x64 Home Premium 
MonitorKeyboardPowerCase
Acer P243W 24" Logitech K200 600W NZXT Tempest 
MouseMouse PadAudio
Logitech g9x X TRAC PADS PRO Senheisser HD555 
  hide details  
Reply
Good Ol' Bob
(15 items)
 
  
CPUMotherboardGraphicsGraphics
Intel Core i7-950 ASUS P6X58D LGA 1366 EVGA GeForce GTX 470 EVGA GeForce GTX 470 
RAMHard DriveOptical DriveOS
CORSAIR XMS3 6GB (3 x 2GB) 240-Pin DDR3 1600 1TB Western Digital LG DVD-RW Windows 7 x64 Home Premium 
MonitorKeyboardPowerCase
Acer P243W 24" Logitech K200 600W NZXT Tempest 
MouseMouse PadAudio
Logitech g9x X TRAC PADS PRO Senheisser HD555 
  hide details  
Reply
post #10 of 18
if you are knowledgeable at all (or have at least looked through your computer a lot) you should be able to distinguish which files are not supposed to be there. you can also google the ones you do not know.

i have used it many times with great results, but it was just a suggestion. it is true that it does not distinguish between anything.

however, i dont think that it will ruin your OS, as when my friend first showed the program to me, he said "yeah bro just delete everything. it makes sure it doesnt start on boot." i did what he said, and deleted everything. my computer still functioned as normal, but programs such as my antivirus (which is still used at the time lol) didnt show up in the system tray. they still worked though, and i would get the same popups as i did before, it just wasnt in the system tray. once again, my computer still functioned perfectly, and was actually much faster.

im not saying that you should use hijackthis, as for the average user it is probably not a good idea. however, i would like to say that people should try a program and get familiar with it before they shoot it down completely.

i think hijackthis is really good for finding spyware, etc., because you can look down the list and find all of the files that are OBVIOUSLY malware. ja know?
Unnamed Build
(23 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i7 3770k MAXIMUS V GENE NVIDIA GeForce GTX 780 Hydro Copper Vulcan 
Hard DriveCoolingCoolingCooling
Samsung 1TB 840 SSD Koolance CPU-380i XSPC Dual Bay Reservoir Phobya Xtreme 200mm Radiator 
CoolingCoolingCoolingOS
XSPC EX120 120mm Radiator Silverstone AP181 Fan Gentle Typhoon AP15 Windows 8 Professional x64 
MonitorKeyboardPowerCase
HP LP3065c DasKeyboard Ultimate Model S Seasonic X650 Silverstone TJ08B-E 
MouseMouse PadAudioAudio
Logitech G700 Mionix Propus 380 Audioengine D1 USB DAC Parasound 2125 Amplifier 
AudioAudioAudio
Beyerdynamic DT 770 Pro-80 Closed Studio Headph... Audio-Technica ATH-M50 Definitive Technology Studiomonitor 450 
  hide details  
Reply
Unnamed Build
(23 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i7 3770k MAXIMUS V GENE NVIDIA GeForce GTX 780 Hydro Copper Vulcan 
Hard DriveCoolingCoolingCooling
Samsung 1TB 840 SSD Koolance CPU-380i XSPC Dual Bay Reservoir Phobya Xtreme 200mm Radiator 
CoolingCoolingCoolingOS
XSPC EX120 120mm Radiator Silverstone AP181 Fan Gentle Typhoon AP15 Windows 8 Professional x64 
MonitorKeyboardPowerCase
HP LP3065c DasKeyboard Ultimate Model S Seasonic X650 Silverstone TJ08B-E 
MouseMouse PadAudioAudio
Logitech G700 Mionix Propus 380 Audioengine D1 USB DAC Parasound 2125 Amplifier 
AudioAudioAudio
Beyerdynamic DT 770 Pro-80 Closed Studio Headph... Audio-Technica ATH-M50 Definitive Technology Studiomonitor 450 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Networking & Security
Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Google redirect virus, need alternative to TDSSKILLER