Solved Browser Redirect Virus still exists even after following all removal steps

A

Asma Khan

New Member
Thread author
Verified
Nov 17, 2016
19
2
4
Pakistan
I followed all the steps given here

till the end and got a lot of malware cleaned up except these
Code: 
1. [URL]http://adsmanager.net/a/[/URL]
2. [URL='http://go.padsdel.com/afu.php?id=530403']Redirect[/URL]
3. [URL='http://tvplusnewtab.com/lp8?type=media&pub_id=3281&srcid=9225325b-0778-4b3a-80bd-ad6f5b882333&sub_id=w7SM8HG6GNUP6E6113B9FPNK']Browser not supported[/URL]
4. [URL]http://muzikfury.thewhizmarketing.com/?chid=113&oid=619&crid=5204&subid=235839213165&pubid=530403[/URL]

which keep coming up (and other similar redirects) in all my browsers Chrome, IE, Firefox .

The same virus could not let me open up

Farbar Recovery Scan Tool Download

that's why I could not provide FRST.txt file.

I am attaching the logs from RKill and Adwcleaner.
 

Attachments

Last edited by a moderator:
This isn't happening with all websites, mostly it happens with all dictionary sites, job sites, newspaper sites, even the sites for downloading malware removal tools, I only know about these sites yet. Yes It's with all browsers Chrome, IE, Firefox.
 
  • Like
Reactions: Dirk41
51a612a8b27e2-Zoek.png
Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on
    51a612a8b27e2-Zoek.png
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    Code: 
    createsrpoint;
autoclean;
emptyclsid;
emptyalltemp;
ipconfig /flushdns >>"%temp%\log.txt";b
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Upload it in your next reply.
 
  • Like
Reactions: Dirk41
51a612a8b27e2-Zoek.png
Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on
    51a612a8b27e2-Zoek.png
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    Code: 
    createsrpoint;
autoclean;
emptyclsid;
emptyalltemp;
ipconfig /flushdns >>"%temp%\log.txt";b
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Upload it in your next reply.
 
It's been 1 n a half hour the script has not stopped running yet.


Zoek.exe v5.0.0.1 Updated 19-September-2016
Tool run by Asma on Sat 11/19/2016 at 18:24:36.40.
Microsoft Windows 7 Home Basic 6.1.7600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Asma\Desktop\zoek.exe [Scan all users] [Script inserted]

===== Runcheck 18:27:01.70 =====

--- Create Environment Variables 18:27:02.98
--- Create System Restore Point 18:27:10.14
--- Checking Input 18:27:25.11
--- AU AppData Check 18:28:06.44
--- Remove From Windows Installer 18:28:10.03
--- Empty Folders Check 18:30:17.04
--- Registry HKLM Software Check 18:30:17.05
--- Quick Launch Shortcut Check 18:30:39.73
--- IE Startpage Check 18:30:50.54
--- Program Files DB Check 18:31:25.57
--- C:\Users\Asma\AppData\Roaming DB Check 18:32:22.09
--- C:\Users\Default\AppData\Roaming DB Check 18:32:22.09
--- C:\Users\Default User\AppData\Roaming DB Check 18:32:22.09
--- C:\Windows\SysNative\config\systemprofile\AppData\Roaming DB Check 18:32:22.09
--- C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming DB Check 18:32:22.09
--- C:\Windows\serviceprofiles\networkservice\AppData\Roaming DB Check 18:32:22.09
--- C:\Windows\serviceprofiles\Localservice\AppData\Roaming DB Check 18:32:22.09
--- C:\Users\Asma DB Check 18:35:09.33
--- C:\PROGRA~3 DB Check 18:35:30.82
--- C:\Users\Asma\AppData\Local DB Check 18:35:47.26
--- C:\Users\Default\AppData\Local DB Check 18:35:47.26
--- C:\Users\Default User\AppData\Local DB Check 18:35:47.26
--- C:\Windows\SysNative\config\systemprofile\AppData\Local DB Check 18:35:47.26
--- C:\Windows\sysWoW64\config\systemprofile\AppData\Local DB Check 18:35:47.26
--- C:\Windows\serviceprofiles\networkservice\AppData\Local DB Check 18:35:47.26
--- C:\Windows\serviceprofiles\Localservice\AppData\Local DB Check 18:35:47.26
--- C:\ProgramData\Microsoft\Windows\Start Menu\Programs DB Check 18:37:41.63
--- C:\Users\Asma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs DB Check 18:37:54.16
--- Tasks DB Check 18:38:02.10
--- Downloads DB Check 18:38:07.43
--- C:\Users\Asma\AppData\LocalLow DB Check 18:38:12.48
--- C:\Windows\SysNative\config\systemprofile\AppData\LocalLow DB Check 18:38:12.48
--- C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow DB Check 18:38:12.48
--- C:\Windows\serviceprofiles\networkservice\AppData\LocalLow DB Check 18:38:12.48
--- C:\Windows\serviceprofiles\Localservice\AppData\LocalLow DB Check 18:38:12.48
--- Tasks2 DB Check 18:39:11.32
--- Documents DB Check 18:39:50.57
--- C:\Users\Asma\AppData\Roaming\Mozilla\Firefox\Profiles\q2voel99.default DB Check 18:39:59.70
--- C:\Users\Public\Desktop DB Check 18:40:02.68
--- C:\Users\Asma\Desktop DB Check 18:40:10.56
--- Services DB Check 18:40:21.96
--- FF prefs.js DB Check 18:40:55.05

It isn't showing anything new after this. Should I wait or force quit?
 

You may also like...