Solved Browser Redirect Virus still exists even after following all removal steps

Asma Khan · Nov 17, 2016

I followed all the steps given here

till the end and got a lot of malware cleaned up except these

Code:

1. [URL]http://adsmanager.net/a/[/URL]
2. [URL='http://go.padsdel.com/afu.php?id=530403']Redirect[/URL]
3. [URL='http://tvplusnewtab.com/lp8?type=media&pub_id=3281&srcid=9225325b-0778-4b3a-80bd-ad6f5b882333&sub_id=w7SM8HG6GNUP6E6113B9FPNK']Browser not supported[/URL]
4. [URL]http://muzikfury.thewhizmarketing.com/?chid=113&oid=619&crid=5204&subid=235839213165&pubid=530403[/URL]

which keep coming up (and other similar redirects) in all my browsers Chrome, IE, Firefox .

The same virus could not let me open up

Farbar Recovery Scan Tool Download

that's why I could not provide FRST.txt file.

I am attaching the logs from RKill and Adwcleaner.

TwinHeadedEagle · Nov 17, 2016

Hello,

I need FRST reports. Can you transfer it from other PC?

Asma Khan · Nov 18, 2016

I dont have any other PC. Let me seeif I can manage with the same PC.

Asma Khan · Nov 18, 2016

Hi,

Please find attached the required files.

TwinHeadedEagle · Nov 18, 2016

I don't see signs of infection on your computer.

Asma Khan · Nov 18, 2016

There has to be something coz the URL's I've sent are all malware

TwinHeadedEagle · Nov 18, 2016

So this is happening no matter which website your visit and in every browser?

Asma Khan · Nov 18, 2016

This isn't happening with all websites, mostly it happens with all dictionary sites, job sites, newspaper sites, even the sites for downloading malware removal tools, I only know about these sites yet. Yes It's with all browsers Chrome, IE, Firefox.

TwinHeadedEagle · Nov 18, 2016

Try Adblock Plus and then report back:

Adblock Plus - Surf the web without annoying ads!

Asma Khan · Nov 18, 2016

Asma Khan · Nov 18, 2016

Issue not resolved. These are multiple redirects not to a single a website.

TwinHeadedEagle · Nov 18, 2016

Do you have home router?

Asma Khan · Nov 18, 2016

No, I don't have.

TwinHeadedEagle · Nov 19, 2016

Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

Right-click on

icon and select

Run as Administrator to start the tool.
Wait patiently until the main console will appear, it may take a minute or two.

In the main box please paste in the following script:

Code:

createsrpoint;
autoclean;
emptyclsid;
emptyalltemp;
ipconfig /flushdns >>"%temp%\log.txt";b

Make sure that Scan All Users option is checked.
Push Run Script and wait patiently. The scan may take a couple of minutes.
When the scan completes, a zoek-results logfile should open in notepad.
If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Upload it in your next reply.

TwinHeadedEagle · Nov 19, 2016

Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

Right-click on

icon and select

Run as Administrator to start the tool.
Wait patiently until the main console will appear, it may take a minute or two.

In the main box please paste in the following script:

Code:

createsrpoint;
autoclean;
emptyclsid;
emptyalltemp;
ipconfig /flushdns >>"%temp%\log.txt";b

Make sure that Scan All Users option is checked.
Push Run Script and wait patiently. The scan may take a couple of minutes.
When the scan completes, a zoek-results logfile should open in notepad.
If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Upload it in your next reply.

Asma Khan · Nov 19, 2016

The script is running but taking too much time. Waiting for it to complete.

Asma Khan · Nov 19, 2016

It's been 1 n a half hour the script has not stopped running yet.

Zoek.exe v5.0.0.1 Updated 19-September-2016
Tool run by Asma on Sat 11/19/2016 at 18:24:36.40.
Microsoft Windows 7 Home Basic 6.1.7600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Asma\Desktop\zoek.exe [Scan all users] [Script inserted]

===== Runcheck 18:27:01.70 =====

--- Create Environment Variables 18:27:02.98
--- Create System Restore Point 18:27:10.14
--- Checking Input 18:27:25.11
--- AU AppData Check 18:28:06.44
--- Remove From Windows Installer 18:28:10.03
--- Empty Folders Check 18:30:17.04
--- Registry HKLM Software Check 18:30:17.05
--- Quick Launch Shortcut Check 18:30:39.73
--- IE Startpage Check 18:30:50.54
--- Program Files DB Check 18:31:25.57
--- C:\Users\Asma\AppData\Roaming DB Check 18:32:22.09
--- C:\Users\Default\AppData\Roaming DB Check 18:32:22.09
--- C:\Users\Default User\AppData\Roaming DB Check 18:32:22.09
--- C:\Windows\SysNative\config\systemprofile\AppData\Roaming DB Check 18:32:22.09
--- C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming DB Check 18:32:22.09
--- C:\Windows\serviceprofiles\networkservice\AppData\Roaming DB Check 18:32:22.09
--- C:\Windows\serviceprofiles\Localservice\AppData\Roaming DB Check 18:32:22.09
--- C:\Users\Asma DB Check 18:35:09.33
--- C:\PROGRA~3 DB Check 18:35:30.82
--- C:\Users\Asma\AppData\Local DB Check 18:35:47.26
--- C:\Users\Default\AppData\Local DB Check 18:35:47.26
--- C:\Users\Default User\AppData\Local DB Check 18:35:47.26
--- C:\Windows\SysNative\config\systemprofile\AppData\Local DB Check 18:35:47.26
--- C:\Windows\sysWoW64\config\systemprofile\AppData\Local DB Check 18:35:47.26
--- C:\Windows\serviceprofiles\networkservice\AppData\Local DB Check 18:35:47.26
--- C:\Windows\serviceprofiles\Localservice\AppData\Local DB Check 18:35:47.26
--- C:\ProgramData\Microsoft\Windows\Start Menu\Programs DB Check 18:37:41.63
--- C:\Users\Asma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs DB Check 18:37:54.16
--- Tasks DB Check 18:38:02.10
--- Downloads DB Check 18:38:07.43
--- C:\Users\Asma\AppData\LocalLow DB Check 18:38:12.48
--- C:\Windows\SysNative\config\systemprofile\AppData\LocalLow DB Check 18:38:12.48
--- C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow DB Check 18:38:12.48
--- C:\Windows\serviceprofiles\networkservice\AppData\LocalLow DB Check 18:38:12.48
--- C:\Windows\serviceprofiles\Localservice\AppData\LocalLow DB Check 18:38:12.48
--- Tasks2 DB Check 18:39:11.32
--- Documents DB Check 18:39:50.57
--- C:\Users\Asma\AppData\Roaming\Mozilla\Firefox\Profiles\q2voel99.default DB Check 18:39:59.70
--- C:\Users\Public\Desktop DB Check 18:40:02.68
--- C:\Users\Asma\Desktop DB Check 18:40:10.56
--- Services DB Check 18:40:21.96
--- FF prefs.js DB Check 18:40:55.05

It isn't showing anything new after this. Should I wait or force quit?

Asma Khan · Nov 19, 2016

I'm trying to stop the script now, its auto running even after closing the window.

TwinHeadedEagle · Nov 20, 2016

Have you closed your browsers before running Zoek?

Asma Khan · Nov 20, 2016

Sorry, I didn't as the script said It'll close all browsers automatically but it didn't. Should I run it again?

Solved Browser Redirect Virus still exists even after following all removal steps

New Member

Attachments

Level 41

New Member

New Member

Attachments

Level 41

New Member

Level 41

New Member

Level 41

New Member

New Member

Level 41

New Member

Level 41

Level 41

New Member

New Member

New Member

Level 41

New Member

Similar threads