Solve : Google re-direction?

1.	Solve : Google re-direction?
Answer» Ok I'm asking for searches on google and in my browser it starts re-directing to other search I think it's this Trojan:JS/Dursg.B It cleared it once on microsoft security essentials but now it does not recognise it. Any help much appreciated Hello! We need to do some diagnostics to get started. 1. Please download Profiles by noahdfear. Save it to your desktop. Double-CLICK profiles.exe and post its log when you reply 2. Download Win32kDiag by ad13 and save it to your Desktop. Double-click Win32kDiag.exe to run Win32kDiag and let it finish. When it states "Finished! Press any key to exit...", press any key on your keyboard to close the program. Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as a reply to this topic. 3. Please download Cheetah-Anti-Rogue by me, and save to your Desktop. Double-click on Cheetah-Anti-Rogue.zip, and extract the file to your Desktop. Double-click on Cheetah-Anti-Rogue.cmd to start. It will finish quickly and launch a log. Post the contents of it in your next reply. 4. In your next reply, please post the following logs for my review: Profiles log (1) Win32kDiag log (2) Cheetah log (3) Thanks! :) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18 ProfileImagePath REG_EXPAND_SZ %systemroot%\system32\config\systemprofile HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19 ProfileImagePath REG_EXPAND_SZ %SystemRoot%\ServiceProfiles\LocalService HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20 ProfileImagePath REG_EXPAND_SZ %SystemRoot%\ServiceProfiles\NetworkService HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2589518989-727022852-2468593643-1000 ProfileImagePath REG_EXPAND_SZ C:\Users\Graham HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2589518989-727022852-2468593643-1001.bak ProfileImagePath REG_EXPAND_SZ C:\Users\Greg HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2589518989-727022852-2468593643-501 ProfileImagePath REG_EXPAND_SZ C:\Users\Guest ProfileImagePath REG_EXPAND_SZ %SystemRoot%\ServiceProfiles\LocalService ProfileImagePath REG_EXPAND_SZ %SystemRoot%\ServiceProfiles\NetworkService SystemRoot REG_SZ C:\Windows Starting up... Running from: C:\Users\Graham\Desktop\System defence\Win32kDiag.exe Log file at : C:\Users\Graham\Desktop\Win32kDiag.txt WARNING: Could not get backup privileges! Searching 'C:\Windows'... Cannot access: C:\Windows\bthservsdp.dat Please let me know what else you need... Cheetah-Anti-Rogue is needed, also. I included the instructions for my first reply to you.I new I forgot to mention something. That link to Cheetah does not work.Ok. I will see what is wrong with my link there. Edit: try it again. I fixed it.OK thanks for that. See attached. Cheetah-Anti-Rogue v1.3.35 by DragonMaster Jay Microsoft Windows [Version 6.0.6002] Date: 02/04/2010 - Time: 19:13:23 - Arch.: x86 -- Malware removal tools check -- USER has Sandboxie installed! Sandboxie CCleaner Trend Micro HijackThis 2.0.2 Malwarebytes' Anti-Malware SUPERAntiSpyware -- Known infection -- Extra MESSAGE: Detection only. EOF [recovering disk space - old attachment deleted by admin]Please download Stealth MBR Rootkit DETECTOR by GMER from GMER.net, and save to your Desktop. Right-click on mbr.exe and click Run as Administrator to start the program. When done scanning, it will save a log on the Desktop called mbr.log. Please post the contents of that log in your next reply. Here's the log. [recovering disk space - old attachment deleted by admin]Please download RootRepeal from GooglePages.com. Extract the program file to your Desktop. Run the program RootRepeal.exe. Click Settings > Options. Drag the slider to High Level. Then, click the Red X. Go to the Report tab and click on the Scan button. Select ALL of the checkboxes and then click OK and it will start scanning your system. If you have multiple drives you only need to check the C: drive or the one Windows is installed on. When done, click on Save Report Save it to the Desktop. Please copy/paste the contents of the report in your next reply. Please remove any e-mail address in the RootRepeal report (if PRESENT).

Answer»

Ok I'm asking for searches on google and in my browser it starts re-directing to other search

I think it's this Trojan:JS/Dursg.B

It cleared it once on microsoft security essentials but now it does not recognise it.

Any help much appreciated

Hello! We need to do some diagnostics to get started.

1. Please download Profiles by noahdfear.

Save it to your desktop.
Double-CLICK profiles.exe and post its log when you reply

2. Download Win32kDiag by ad13 and save it to your Desktop.

Double-click Win32kDiag.exe to run Win32kDiag and let it finish.
When it states "Finished! Press any key to exit...", press any key on your keyboard to close the program.
Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as a reply to this topic.

3. Please download Cheetah-Anti-Rogue by me, and save to your Desktop.

Double-click on Cheetah-Anti-Rogue.zip, and extract the file to your Desktop.
Double-click on Cheetah-Anti-Rogue.cmd to start.
It will finish quickly and launch a log.
Post the contents of it in your next reply.

4. In your next reply, please post the following logs for my review:

Profiles log (1)
Win32kDiag log (2)
Cheetah log (3)

Thanks! :)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18
ProfileImagePath REG_EXPAND_SZ %systemroot%\system32\config\systemprofile

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19
ProfileImagePath REG_EXPAND_SZ %SystemRoot%\ServiceProfiles\LocalService

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20
ProfileImagePath REG_EXPAND_SZ %SystemRoot%\ServiceProfiles\NetworkService

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2589518989-727022852-2468593643-1000
ProfileImagePath REG_EXPAND_SZ C:\Users\Graham

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2589518989-727022852-2468593643-1001.bak
ProfileImagePath REG_EXPAND_SZ C:\Users\Greg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2589518989-727022852-2468593643-501
ProfileImagePath REG_EXPAND_SZ C:\Users\Guest

ProfileImagePath REG_EXPAND_SZ %SystemRoot%\ServiceProfiles\LocalService
ProfileImagePath REG_EXPAND_SZ %SystemRoot%\ServiceProfiles\NetworkService
SystemRoot REG_SZ C:\Windows

Starting up...
Running from: C:\Users\Graham\Desktop\System defence\Win32kDiag.exe
Log file at : C:\Users\Graham\Desktop\Win32kDiag.txt
WARNING: Could not get backup privileges!
Searching 'C:\Windows'...

Cannot access: C:\Windows\bthservsdp.dat

Please let me know what else you need...

Cheetah-Anti-Rogue is needed, also. I included the instructions for my first reply to you.I new I forgot to mention something. That link to Cheetah does not work.Ok. I will see what is wrong with my link there.

Edit: try it again. I fixed it.OK thanks for that. See attached.

Cheetah-Anti-Rogue v1.3.35
by DragonMaster Jay

Microsoft Windows [Version 6.0.6002]
Date: 02/04/2010 - Time: 19:13:23 - Arch.: x86

-- Malware removal tools check --
USER has Sandboxie installed!
Sandboxie
CCleaner
Trend Micro HijackThis 2.0.2
Malwarebytes' Anti-Malware
SUPERAntiSpyware

-- Known infection --

Extra MESSAGE: Detection only.

EOF

[recovering disk space - old attachment deleted by admin]Please download Stealth MBR Rootkit DETECTOR by GMER from GMER.net, and save to your Desktop.

Right-click on mbr.exe and click Run as Administrator to start the program.
When done scanning, it will save a log on the Desktop called mbr.log.
Please post the contents of that log in your next reply.

Here's the log.

[recovering disk space - old attachment deleted by admin]Please download RootRepeal from GooglePages.com.

Extract the program file to your Desktop.
Run the program RootRepeal.exe.
Click Settings > Options. Drag the slider to High Level. Then, click the Red X.
Go to the Report tab and click on the Scan button.
Select ALL of the checkboxes and then click OK and it will start scanning your system.
If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
When done, click on Save Report
Save it to the Desktop.
Please copy/paste the contents of the report in your next reply.

Please remove any e-mail address in the RootRepeal report (if PRESENT).

Solve : Google re-direction?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment