Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Go.google redirect virus
New Posts  All Forums:Forum Nav:

Go.google redirect virus - Page 2

post #11 of 24
Thread Starter 
Quote:
Originally Posted by Mygaffer View Post
Another thing you can do is change the password on the router again and log into the router and look at the log. You'll see that one of the computers keeps trying to access it. You'll then know which computer is infected.
Can you explain to me exactly how to do that?
My System
(14 items)
 
  
CPUMotherboardGraphicsRAM
Intel i7 2620M (Sandy Bridge) Basic Dell Mobo NVIDIA GeForce 540M 3 GB DDR3 
Hard DriveOSMouseAudio
685 GB Windows 7 Home Premium Razer Diamondback 3G Creative X-Fi Surround HD 
  hide details  
Reply
My System
(14 items)
 
  
CPUMotherboardGraphicsRAM
Intel i7 2620M (Sandy Bridge) Basic Dell Mobo NVIDIA GeForce 540M 3 GB DDR3 
Hard DriveOSMouseAudio
685 GB Windows 7 Home Premium Razer Diamondback 3G Creative X-Fi Surround HD 
  hide details  
Reply
post #12 of 24
Quote:
Originally Posted by JMac7 View Post
Can you explain to me exactly how to do that?
Well log into your router and look for it. It depends on the router but it should be labeled, just go through the various sections until you find it. I'm signing off now but you can always post the model of your router and see if anyone else can direct you right to where it is.
SBD:
(18 items)
 
  
CPUMotherboardGraphicsRAM
i7-3770k Gigabyte ga-z77x-up4 tb EVGA GTX 980 SC 32GB G.SKILL Trident X F3-1600C7Q-32GTX  
Hard DriveHard DriveOptical DriveCooling
Samsung 840 Pro 256GB SSD Western Digtal 2TB RE4 Plextor 24x DL Burner ThermalTake Water 2.0 Extreme 
OSMonitorMonitorKeyboard
Windows 7 Pro 64-bit Acer XB270HU 2560x1440, IPS-type panel, 144hz, ... EIZO FG2421 1920x1080 VA 120Hz QuickFire Cherry Blue 
PowerCaseMouseMouse Pad
Lepa G1000 1kw Corsair 550D Logitech G400 Roccat Taito 
AudioAudio
Xonar Essence ST Niles SI-275 Amplifier 
  hide details  
Reply
SBD:
(18 items)
 
  
CPUMotherboardGraphicsRAM
i7-3770k Gigabyte ga-z77x-up4 tb EVGA GTX 980 SC 32GB G.SKILL Trident X F3-1600C7Q-32GTX  
Hard DriveHard DriveOptical DriveCooling
Samsung 840 Pro 256GB SSD Western Digtal 2TB RE4 Plextor 24x DL Burner ThermalTake Water 2.0 Extreme 
OSMonitorMonitorKeyboard
Windows 7 Pro 64-bit Acer XB270HU 2560x1440, IPS-type panel, 144hz, ... EIZO FG2421 1920x1080 VA 120Hz QuickFire Cherry Blue 
PowerCaseMouseMouse Pad
Lepa G1000 1kw Corsair 550D Logitech G400 Roccat Taito 
AudioAudio
Xonar Essence ST Niles SI-275 Amplifier 
  hide details  
Reply
post #13 of 24
Thread Starter 
Router Model: Linksys WRT150N v1
Firmware Version: DD-WRT v24-sp2 (08/07/10) mini - build 14896
My System
(14 items)
 
  
CPUMotherboardGraphicsRAM
Intel i7 2620M (Sandy Bridge) Basic Dell Mobo NVIDIA GeForce 540M 3 GB DDR3 
Hard DriveOSMouseAudio
685 GB Windows 7 Home Premium Razer Diamondback 3G Creative X-Fi Surround HD 
  hide details  
Reply
My System
(14 items)
 
  
CPUMotherboardGraphicsRAM
Intel i7 2620M (Sandy Bridge) Basic Dell Mobo NVIDIA GeForce 540M 3 GB DDR3 
Hard DriveOSMouseAudio
685 GB Windows 7 Home Premium Razer Diamondback 3G Creative X-Fi Surround HD 
  hide details  
Reply
post #14 of 24
I don't have anything to back this up, I'm sure you could google it to confirm it, but I'm fairly sure that malware bytes will not work to its full extent in safe mode.
post #15 of 24
JMac, to change the password of the router in dd-wrt, go to the address of the router, click on the Administration tab and change the password there.
Don't change the username to anything else besides root though
mah bebe
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 2600k @ 4.7GHz Asus P8P67 Pro Powercolor PCS+ 6970 CF G.Skill RipjawsX 8GB 1600 
Hard DrivePowerCase
WD 1TB Cav. Black Corsair HX850 HAF 932 Adv. 
  hide details  
Reply
mah bebe
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 2600k @ 4.7GHz Asus P8P67 Pro Powercolor PCS+ 6970 CF G.Skill RipjawsX 8GB 1600 
Hard DrivePowerCase
WD 1TB Cav. Black Corsair HX850 HAF 932 Adv. 
  hide details  
Reply
post #16 of 24
Had one of these at work. Nothing could get it removed besides Hitman Pro. http://www.surfright.nl/en It has a 30 day free trial.

I spent a long time one day playing with so many AV's and malware programs.
BiTStream
(13 items)
 
  
CPUMotherboardGraphicsRAM
Phenom II X4 955 BE 3.9GHz MSI 790FX-GD70 MSI GTX 580 TFII | MSI GTS 250 TF G.SKILL Ripjaws 8GB (2x4) DDR3 
Hard DriveOptical DriveOSMonitor
X25-M (OS) X25-V (Games) | 2x Spinpoint F3 1TB Lite-on/Samsung Win7 Pro x64 | Ubuntu Studio x64 Samsung B2430H | Acer AL2216W 
KeyboardPowerCaseMouse
Logitech G15 Corsair TX750 Antec 900 (Modded) Logitech G500 
  hide details  
Reply
BiTStream
(13 items)
 
  
CPUMotherboardGraphicsRAM
Phenom II X4 955 BE 3.9GHz MSI 790FX-GD70 MSI GTX 580 TFII | MSI GTS 250 TF G.SKILL Ripjaws 8GB (2x4) DDR3 
Hard DriveOptical DriveOSMonitor
X25-M (OS) X25-V (Games) | 2x Spinpoint F3 1TB Lite-on/Samsung Win7 Pro x64 | Ubuntu Studio x64 Samsung B2430H | Acer AL2216W 
KeyboardPowerCaseMouse
Logitech G15 Corsair TX750 Antec 900 (Modded) Logitech G500 
  hide details  
Reply
post #17 of 24
Use combofix, then emisoft's Asquared. I have had amazing results using those two removal tools. It could be a rootkit causing this though. In that case lookup kaspersky TDSSkiller.
post #18 of 24
Thread Starter 
Quote:
Originally Posted by illusive snpr View Post
Use combofix, then emisoft's Asquared. I have had amazing results using those two removal tools. It could be a rootkit causing this though. In that case lookup kaspersky TDSSkiller.
I have tried the rookiller (or whatever the slang term for it is) on this computer I'm using right now and it found nothing. I'm downloading it right now on the home computer to check it. My brother's computer I can download the rootkill on but I can't on my father's because it is a work computer and all file exchanges are checked by tech support weekly and they get really stingy on that sort of thing apparently.

But, back to what I was going to try...

If I reset the router, the virus is gone long enough for a new DNS to be issued. is there a way I can look into (what I believe you guys called the..) log to see which computer is sending this into the router?
My System
(14 items)
 
  
CPUMotherboardGraphicsRAM
Intel i7 2620M (Sandy Bridge) Basic Dell Mobo NVIDIA GeForce 540M 3 GB DDR3 
Hard DriveOSMouseAudio
685 GB Windows 7 Home Premium Razer Diamondback 3G Creative X-Fi Surround HD 
  hide details  
Reply
My System
(14 items)
 
  
CPUMotherboardGraphicsRAM
Intel i7 2620M (Sandy Bridge) Basic Dell Mobo NVIDIA GeForce 540M 3 GB DDR3 
Hard DriveOSMouseAudio
685 GB Windows 7 Home Premium Razer Diamondback 3G Creative X-Fi Surround HD 
  hide details  
Reply
post #19 of 24
if ur running xp its in ur volsnap.sys file. gonna have to run combofix to get rid of it, follow up with tdsskiller just to make sure and then update/patch everything.
    
CPUMotherboardGraphicsRAM
5960x @ 4.4ghz (1.19v) evga x99 micro2 (2) evga gtx 980 ti hybrid 32gb hyperx 2666mhz 
Hard DriveCoolingOSMonitor
samsung 950 pro 512gb NVMe M.2 ssd ek everything win 10 xl2430t / u2515h (x2) / u2913wm 
KeyboardPowerCaseMouse
cm novatouch w/ pbt caps. evga 1200 p2 lian li pc-9f nixeus revel 
Mouse PadAudioOther
steelseries qck heavy gustard U12/X12 -> H10/Lyr presonus 22vsl > mxl770 (mic) 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
5960x @ 4.4ghz (1.19v) evga x99 micro2 (2) evga gtx 980 ti hybrid 32gb hyperx 2666mhz 
Hard DriveCoolingOSMonitor
samsung 950 pro 512gb NVMe M.2 ssd ek everything win 10 xl2430t / u2515h (x2) / u2913wm 
KeyboardPowerCaseMouse
cm novatouch w/ pbt caps. evga 1200 p2 lian li pc-9f nixeus revel 
Mouse PadAudioOther
steelseries qck heavy gustard U12/X12 -> H10/Lyr presonus 22vsl > mxl770 (mic) 
  hide details  
Reply
post #20 of 24
Thread Starter 
Quote:
Originally Posted by Thogar View Post
JMac, to change the password of the router in dd-wrt, go to the address of the router, click on the Administration tab and change the password there.
Don't change the username to anything else besides root though
I do know how to change the password to the router. However, do you know how to do what Mygaffer was talking about by resetting the router and looking into the log at which computer is affecting the router? Or did I misunderstand what I read?
My System
(14 items)
 
  
CPUMotherboardGraphicsRAM
Intel i7 2620M (Sandy Bridge) Basic Dell Mobo NVIDIA GeForce 540M 3 GB DDR3 
Hard DriveOSMouseAudio
685 GB Windows 7 Home Premium Razer Diamondback 3G Creative X-Fi Surround HD 
  hide details  
Reply
My System
(14 items)
 
  
CPUMotherboardGraphicsRAM
Intel i7 2620M (Sandy Bridge) Basic Dell Mobo NVIDIA GeForce 540M 3 GB DDR3 
Hard DriveOSMouseAudio
685 GB Windows 7 Home Premium Razer Diamondback 3G Creative X-Fi Surround HD 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Networking & Security
Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Go.google redirect virus