Google redirect virus & WMSCSY~1.EXE
-
As mention above... since ydy until now whenever i click on a link at google or anywhere else, it will redirect me to a unknown website then back to google. I know is a google redirect virus and trying to remove it but is quite difficult due to the fact of click on website which direct me to an unknown website and back to google.
Also, i noticed my Task Manager has this WMSCSY~1.EXE on the proccess.. what is that?? i suspect is linked to the google redirect virus and now here is only place tat i can surf propely without being direct out...
-
Oh ya i also did a Malwarebytes' Anti-Malware full scan and i got a trojan.. i removed it but is still the same... so now wat i can do is manual ..
-
Hey why no reply? :( anyway this is the proccess which i might think is the cause of the google redirect zz
i know currently there is no cure of removing this virus :(
-
check your hosts file
-
I did... i have removed those stupid ad links via notepad but still the same :(
i even use CCleaner also cannot, SUPERAntiSpyware Free Edition has detected and remove but still the same :(
-
Originally posted by bus555:
I did... i have removed those stupid ad links via notepad but still the same :(
i even use CCleaner also cannot, SUPERAntiSpyware Free Edition has detected and remove but still the same :(
so ummm... what's the contents of your hosts file now? empty?
-
ooook, apparently this virus is kinda well known (or i had been living in a hole)
googling for 'google redirect virus removal tool' gives lots of results, including the one below
http://www.brighthub.com/internet/google/articles/66090.aspx
-
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost -
I know .. i saw that sometime ago le.. most ppl say use TDSSKiller but when i do a scan, no result of it zzz
-
combofix? http://www.combofix.org/
-
Mayi will be here tonight to assist you.
-
Originally posted by Zweiz:
combofix? http://www.combofix.org/
This is not the official site of Combofix.
Please see Combofix's disclaimer - http://img.photobucket.com/albums/v666/sUBs/New_Disclaimer_090525.gif
-
zzz lucky nvr download combo... so now wad?
-
1. Download DDS and save it to your desktop
2. Download Gmer and save it to your desktop
Part 1
a. Run DDS. When done, it will produce 2 logs - DDS.txt and Attach.txt.
b. Upload both files to Mediafire, then post back the links to both logs.
Part 2
a. Run Gmer. It will start an initial scan. When the scan is completed, it may prompt that your system has a rootkit and ask if you want to run a full scan. Click No
b. On the right hand side, uncheck these boxes:
- IAT/EAT
- Show All
- All drives (except C drive)
c. Click on on Scan
d. Once the scan is complete, click on the Save
e. Save this log to the desktop
f. Upload this log to the Mediafire and post back the link to the log
-
ok done as mention above. Here the link for 2 log for DDS (i use 4shared to upload instead so yea):
http://www.4shared.com/document/8j4Ss809/DDS.html
http://www.4shared.com/document/T2T3TPNu/Attach.html
and here the link of the log for Gmer:http://www.4shared.com/file/55_lOTCt/GMER_log.html
hope this helps... :(
-
bumps
-
it would help to know the browser you are using. Internet Explorer, Mozilla Firefox, Google Chrome, or some other browser? Also, provide the version number. Try running your browser in either Safe mode (Internet Explorer's safe mode, not Windose), or inPrivate Browsing (I. Explorer)/Private Browsing (Firefox)/Incognito Mode and see if the problem remain. Using such modes usually disables all browser add-ons/toolbars/extensions that may be redirecting you.
-
Sigh i think my computer no hope liao.. EVEN my explorer.exe & winlogon.exe has virus liao zz
http://www.bleepingcomputer.com/forums/topic367700.html
:(
-
I sense a reformat... Though I'll leave it to the experts :) If you want to back up your data, do it in safe mode, you don't want the virus to leave a copy of itself in the thumbdrive/hard disk you are copying to.
-
Originally posted by bus555:
Sigh i think my computer no hope liao.. EVEN my explorer.exe & winlogon.exe has virus liao zz
http://www.bleepingcomputer.com/forums/topic367700.html
:(
How did you know? Your log has sign of infection though...
Go to http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Follow the guide to run Combofix. Upload the log to 4shared and post back the link to the log.
-
ok.. here it is...
