Help with Google Re-Direct Virus...

MrsChips

Anyways ~ THIS is dodgy
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Config\csrss.exe

I've just spoken to my B/F he says that this file has been removed by an AVG Scan - we cant locate this file on the Computer and when we start up the PC a Windows message pops up to tell us that it cant find the file?

I'll do the other Scan now and report back as soon as I have results.

I will also re-check the TeaTimer Setting in SpyBot - I did un-tick the box but couldnt see an option to apply new setting or save changes. would it do it automatically is I un-ticked the box?

aliEnRIK

tea timer ~ no settings to save. Its either ticked, or it isnt ~ theres 2 on the same page though, top one SHOULD be ticked, bottom one (tea timer) should be UNTICKED

aliEnRIK

If the scan doesnt sort the problem, try GLARY UTILITIES
http://www.download.com/Glary-Utilities/3000-2094_4-10508531.html
Run the ONE CLICK scan

MrsChips

Well you did right with what you said about switching tea timer off. Are you SURE you unticked it? (Should have gone from the control panel bottom right)

Just checked TeaTimer and it was still Ticked - Did it again and it seems to have saved the change now...... Just going to start the Scan now.

MrsChips

Hi all - I'm still Scanning with Kaspersky - its taking a while so I may have to post results tommorrow.

GunJack

good luck chips...it'll get there eventually sounds like it could be one of the current new breed of browser hijackers..they are proving to be persistent little burgers


p.s. not too sure about this in HJT log....maybe R-S or RIK could provide more detail as to whether legit or not....

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1


...and this still looks a bit norton-ish.....
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

aliEnRIK

Hi Jack
Yeah, that proxy is very dodgy. Ill get the OP to kill it if Kaspersky fails

As for norton. I dont want to touch it in case it effects something else (And ive no clue how to fully remove it safely as theres nothing else by them running)

MrsChips

I'm still here....

IE has just crashed after 4 hours of Scanning so i've lost all the current scan on Kaspersky !!! It hadnt picked up anything in those 4 hours so I've begun the GLARY UTILITIES scan instead. I can always go back to Kaspersky tommorrow if this doesnt work (I Hope!)

Gunjack - I'll wait to see what the others say about the Suspect files before I remove them. It's odd that Norton is still showing because we've had a brand new Hard Drive since we last had Norton Installed ??

I'll be back tomorrow.

GunJack

aliEnRIK wrote: »

As for norton. I dont want to touch it in case it effects something else (And ive no clue how to fully remove it safely as theres nothing else by them running)

I was thinking their own removal tool.....but might be worth checking the filepath and see what else is in that symantec shared folder...might give a clue as towhat it is...
edit: a quick google has shown up this info on that norton file...looks big and a resource hog...might be best to get shut !!

http://www.file.net/process/symlcsvc.exe.html

aliEnRIK

Yeah
Run the 2004 uninstall tool (Which is what its classing it as)
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2007080716270339?Open&docid=2005033108162039&nsf=tsgeninfo.nsf&view=docid

And run COMBOFIX
http://www.bleepingcomputer.com/combofix/how-to-use-combofix