Redirect virus still giving me problems after following the steps in the removal guide

[Lucy1]

Hello,

I think I am having problems with the redirect virus.
After scanning with my AV (nod32 Smart Security 7) nothing can be found but I used malwarebytes and some trojan was removed. This was last week. I thought the problem was gone but now I am experiencing more issues.

Yesterday, my antivirus started showing some security pop up windows telling me an address has been blocked. After doing a search I came across your removal guide for the specific address I was being redirected :
http://malwaretips.com/blogs/ib-adnxs-popup-virus/#browser

I followed ALL the steps and the virus appeared to be removed. I am running Chrome and Adblock. I've been having some problems loading the pages I am searching for.

The virus was affecting me in several ways:

1. Sometimes, when I clicked a link a new ad tab will open in a secondary window.
2. Random text or ad windows will pop up on my screen.
3. I installed an AdBlock in the browsers (Chrome and Firefox) what have helped to prevent the pop up of windows. However, I have noticed this is still happening:

And my internet and computer are still too slow. I have no idea what else to do or how to proceed.
Thanks for any help and tell me if I need to provide any additional info.
Any help will be greatly appreciated.

 

[TwinHeadedEagle]

Hi,

Follow this topic and attach requested reports

http://malwaretips.com/threads/malware-removal-assistance-how-to-get-help.20334/

 

[Lucy1]

Sorry, I just saw the post.
I am downloading now Farbar and aswMBR since i have installed adwCleaner.
Let me run them and copy the reports.

 

[TwinHeadedEagle]

No problem, take your time and attach reports...

 

[Lucy1]

I am done with the downloads and scan.
Here are the reports:

P.s.: After checking malwarebytes pro, the file removed (previously) was a PUPHacktoolH
and it was located in an old version of my windows. Apparently, the windows has been re-installed over a previous one. I can see the folders of old window in my computer. Should I delete them?

 

[TwinHeadedEagle]

I see nothing bad in reports, but let's make another check:

Please download GMER, AntiRootkit tool from the link below and save it to your Desktop:

Gmer download link
[size=small]Note: file will be random named[/size]

Double-clicking to run GMER.

• Wait for initial scan to finish - if there is any query, click No;
• Click Scan button and wait until the full scan is complete;
• Click Save ... - save the report to the Desktop (named Gmer );

> Attach here Gmer logreports.



Then...



1. Please download ComboFix by sUBs from here and save it to your Desktop.
If you are unsure how ComboFix works please read this guidehttp://www.bleepingcomputer.com/combofix/how-to-use-combofix carefully.
Note: ComboFix must be downloaded to your Desktop.

--------------------------------------------------------------------
2. Temporarily disable your AntiVirus program.
If you are unsure how to do this please read http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.htmlthis or this Instruction.


Note: Do not forget to turn on this option after the cleaning.

--------------------------------------------------------------------
3. Run ComboFix. Click on I Agree!

ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
ComboFix will display DISCLAIMER OF WARRANTY ON SOFTWARE.
Click Yes to allow ComboFix to continue.
If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.
Note:Do not mouse-click Combofix's window while it is running.
If you see a message like "Illegal operation attempted on a registry key that has been marked for deletion" just restart computer once more.

--------------------------------------------------------------------
4. When the tool is finished, it will produce a log report for you. (typical location: C:\ComboFix.txt )
Attach log reports ( ComboFix.txt) back to topic.

 

[Lucy1]

I had no issues with these tools. Combofix didn't ask me to install anything. It just went all the steps.

Here are Gmer and ComboFix reports...

 

[TwinHeadedEagle]

PC is clean, do you still have some problems?

 

[Lucy1]

I think I don't!!!
I have been browsing using my chrome after running ComboFix, checking that the pages that are waiting to be loaded are the ones I am browsing and so far Internet is working fine! no lags or anything. Thank you very much for the support!!

Any recommendations to avoid this to happen again?.
Also, should I keep all programs installed or remove them?

Again, thank you very much ^^v

 

[Lucy1]

Well...
=====================

UPDATE!!!

Malwarebytes is giving me pop ups notifications about several blocked IPs while visiting pages that I always visit.


Is this normal?...

 

[TwinHeadedEagle]

What pages did you visit?

 

[Lucy1]

Well, that I recall facebook, twitter, here (the forums), youtube, online news. That's all I remember.
I was actually checking my facebook when notification was displayed. This is the only abnormality I have experienced since you helped me before, since everything else (lags and loading of pages) seems to be ok. May be it was nothing important.
Again, thank you for the help.

 

[TwinHeadedEagle]

This is probably False Positive warning, you can right click MalwareBytes icon in the tray, and then choose Add to ignore list...


We need to remove used tools:


Please download DelFix by "Xplode" to your Desktop.

Run the tool and check the following boxes below;

• Remove disinfection tools
• Create registry backup
• Purge System Restore

Now click on "Run" button. Wait for the programme completes his work.
All the tools we used should be gone.
Tool will create and open an log report (DelFix.txt)
Note: The report will also be stored on C:\DelFix.txt

> I don't need DelFix log report.



Uninstall Adobe Reader and download latest version. Cheers

 

[Lucy1]

Alright. I will do. Thanks.
I'll follow instructions now if you think there is no big deal with these notifications.
Again, Thank you for your time and help.

 

[Lucy1]

Hi again,

Well, sorry to keep bugging now.
I have my Anti Virus giving reports of an attack to the TCP port for different IPs.
I feel I am trying to fix something and I get/have more problems in my computer. T_T
Also, not long ago I got an attack of poisoning the ARP cache and some identical IPs.

What to do?

Please help

 

[TwinHeadedEagle]

Can you attach screenshot of that detection?

 

[Lucy1]

Yes of course.
The TCP port attack I noticed was yesterday.
Here I am attaching the capture.

Also, I updated the Adobe as you suggested.

About the redirect virus, as long as I have ad-block activated I don't get notifications. Whenever I turn it off, Eset SS gives me the notification of a site being blocked. For the rest, computer is working fine.

Thank you again for your time.

***********
EDIT:
I searched the IPs for the poisoning of the ARP cache. Apparently they belong to my service provider >_> ... I guess, it is a false notification?

 

[TwinHeadedEagle]

It is still there:


Please download zoek.zip or zoek.rar by smeenk (

) from here or here and save it to your Desktop.
Unpack the archive...

• Close any open browsers
• Temporarily disable your AntiVirus program. (If necessary)
  If you are unsure how to do this please read this or this Instruction.
  
• Double click on zoek.exe to run the tool .
  Please wait while the tool does not start...
  
• Copy the text present inside the code box below and paste it into the large window in the zoek tool:
  
  

  createsrpoint; 
  StandardSearch; 
  emptyfolderscheck; 
  installer-list; 
  installedprogs; 
  uninstall-list;

• Click on
  
  button.
  Please wait until a logreport will open (this can be after reboot)
  
• Save notepad to your Desktop and attach here zoek-results.log
  Note: It will also create a log in the C:\ directory named "zoek-results.log"

 

[Lucy1]

Will this clean the computer?

I will run the tool and get back at you.

 

[TwinHeadedEagle]

We will try