Help with Google Re-Direct Virus...

MrsChips

Hello - That was a long night !!

Here's the update.... Eventually got Kaspersky to Run but it didnt detect anything and the log file was blank ? So I ran Glary Utilities Scan, they came up with a few threats (mostly cookies etc) but all are now fixed or removed. Cant post a log file as they dont have one.

This morning AVG seemed to pick up something (automatically) but having looked in the log file I can only see old reports - One of the old reports contains the deleted file C:\WINDOWS\Config\csrss.exe which was detected as a Trojan Horse - Back Door. VB.DMS (Which I think showed up on a scan as BackDoorBot). Dont know if that helps ?? Should we remove that file from AVG ?

Yeah
Run the 2004 uninstall tool (Which is what its classing it as)
http://service1.symantec.com/SUPPORT...nsf&view=docid

And run COMBOFIX
http://www.bleepingcomputer.com/comb...o-use-combofix

I'll try both of these this afternoon and post back later.

Thanks Again Guys !!!

aliEnRIK

MrsChips ~
Leave the file locked (Quarantined) in AVG for now

aliEnRIK

* Click start > Run
* In the run box type: msconfig to open up System Configuration Utility.
* Click on startup tab.
* Find the entry pointing to C:\windows\config\csrss.exe
* Uncheck the box next to it.
* Press Apply and confirm if it is needed to reboot.

Let us know what IS starting it up (if its there at all)

MrsChips

Not had chance to do any of this yet as my b/f is using the PC for work

but.....

We have just had a Windows Automatic Update Message, we dowloaded the updates and then re-started the PC and the normal Google search is Back !!!

:T Not sure if it will last but for now things are restored.

I guess I should still do the symantec removal and try and find the info on Msconfig anyway ...... just to be sure ? Shall I also do the COMBOFIX too ?

aliEnRIK

Dont run combofix if its running fine no. Its a bit of a dodgy program to use and I only recommend it when running out of ideas

MrsChips

* Click start > Run
* In the run box type: msconfig to open up System Configuration Utility.
* Click on startup tab.
* Find the entry pointing to C:\windows\config\csrss.exe
* Uncheck the box next to it.
* Press Apply and confirm if it is needed to reboot.

Let us know what IS starting it up (if its there at all)

Sorry didnt get the chance to do this earlier... was working till 10pm

I did the MSCONFIG thing but no sign of C:\windows\config\csrss.exe
in the start up menu ?

I'm just running the Norton Removal Tool now

All is well with Google Search (so far)

Is there anything else I should do?

Would you suggest leaving any of the following programmes on or should I get rid now?

• Glary Utilities
• CCleaner
• Spybot Search & Destroy
• Malwarebytes
• Hijack this

Thanks

MrsChips

Hi everyone... Me again... with Good News (I Think) !!

I think i've sorted the C:\windows\config\csrss.exe start up problem.

I googled "Windows cant find csrss.exe" and it came up with a Techie Type Forum that suggested trying the Registry Editor from the Run menu (REGEDIT.exe). From there I searched for the csrss.exe file and deleted it. I know it was the right one because it said "Shell - Explorer" which I think is what came up in the Hijack Log ?

I've since re-started my PC and Hey Presto.... No more annoying Windows Message.

I think you lot have turned me into a Techie!!:eek:

P.S. Also removed Norton using the Tool suggested

So it looks like I'm clean and Virus Free, Thanks so much for all your help with this Guys, I really appreciate it.

Should I leave all those Programmes on or remove them now??

GunJack

chips - leave them on there...they will only run when you want them to, so no system drain also, won't need to download again if you have another problem p.s. which anti-virus did you end up with in the end ?? If it was AVG you may wish to consider switching to avast! or avira...better detections and less system resources to run...HTH..

MrsChips

p.s. which anti-virus did you end up with in the end ?? If it was AVG you may wish to consider switching to avast! or avira...better detections and less system resources to run...HTH..

Thanks Gunjack - I've got AVG Anti Virus, I've seen a few people mention Avast and Avira so i'll replace it for one of those I think.

AVG picked up another Virus this morning - The Log says it was a Trojan in System Volume Control? Everything seems to be OK at the moment, but cant quite understand where they are coming in from?

Thanks again for your help, I'm sure i'll be back again one day to pick your brains!!