- Mar 8, 2013
- 22,627
Browser Redirect Virus still exists even after following all removal steps
- Thread starter Asma Khan
- Start date
Closed all browsers, still stuck at some point not running further.. This is how it looks
Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by Asma on Sun 11/20/2016 at 21:49:01.59.
Microsoft Windows 7 Home Basic 6.1.7600 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Asma\Desktop\zoek.exe [Scan all users] [Script inserted]
===== Runcheck 21:52:13.78 =====
--- Create Environment Variables 21:52:15.60
--- Create System Restore Point 21:52:28.51
--- Checking Input 21:53:25.32
--- AU AppData Check 21:54:09.23
--- Remove From Windows Installer 21:54:17.00
--- Registry HKLM Software Check 21:56:35.05
--- Quick Launch Shortcut Check 21:56:56.58
--- IE Startpage Check 21:57:03.97
--- Program Files DB Check 21:57:46.17
--- C:\Users\Asma\AppData\Roaming DB Check 21:58:43.48
--- C:\Users\Default\AppData\Roaming DB Check 21:58:43.48
--- C:\Users\Default User\AppData\Roaming DB Check 21:58:43.48
--- C:\Windows\SysNative\config\systemprofile\AppData\Roaming DB Check 21:58:43.48
--- C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming DB Check 21:58:43.48
--- C:\Windows\serviceprofiles\networkservice\AppData\Roaming DB Check 21:58:43.48
--- C:\Windows\serviceprofiles\Localservice\AppData\Roaming DB Check 21:58:43.48
--- C:\Users\Asma DB Check 22:01:24.62
--- C:\PROGRA~3 DB Check 22:01:46.44
--- C:\Users\Asma\AppData\Local DB Check 22:01:51.57
--- C:\Users\Default\AppData\Local DB Check 22:01:51.57
--- C:\Users\Default User\AppData\Local DB Check 22:01:51.57
--- C:\Windows\SysNative\config\systemprofile\AppData\Local DB Check 22:01:51.57
--- C:\Windows\sysWoW64\config\systemprofile\AppData\Local DB Check 22:01:51.57
--- C:\Windows\serviceprofiles\networkservice\AppData\Local DB Check 22:01:51.57
--- C:\Windows\serviceprofiles\Localservice\AppData\Local DB Check 22:01:51.57
--- C:\ProgramData\Microsoft\Windows\Start Menu\Programs DB Check 22:03:34.92
--- C:\Users\Asma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs DB Check 22:03:46.09
--- Tasks DB Check 22:03:53.35
--- Downloads DB Check 22:03:57.82
--- C:\Users\Asma\AppData\LocalLow DB Check 22:04:02.77
--- C:\Windows\SysNative\config\systemprofile\AppData\LocalLow DB Check 22:04:02.77
--- C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow DB Check 22:04:02.77
--- C:\Windows\serviceprofiles\networkservice\AppData\LocalLow DB Check 22:04:02.77
--- C:\Windows\serviceprofiles\Localservice\AppData\LocalLow DB Check 22:04:02.77
--- Tasks2 DB Check 22:04:58.45
--- Documents DB Check 22:05:32.45
--- C:\Users\Asma\AppData\Roaming\Mozilla\Firefox\Profiles\q2voel99.default DB Check 22:05:40.80
--- C:\Users\Public\Desktop DB Check 22:05:43.51
--- C:\Users\Asma\Desktop DB Check 22:05:50.86
--- Services DB Check 22:06:01.53
--- FF prefs.js DB Check 22:06:33.26
--- Emptyclsid 22:07:18.52
--- Del by CLSID 22:07:22.25
Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by Asma on Sun 11/20/2016 at 21:49:01.59.
Microsoft Windows 7 Home Basic 6.1.7600 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Asma\Desktop\zoek.exe [Scan all users] [Script inserted]
===== Runcheck 21:52:13.78 =====
--- Create Environment Variables 21:52:15.60
--- Create System Restore Point 21:52:28.51
--- Checking Input 21:53:25.32
--- AU AppData Check 21:54:09.23
--- Remove From Windows Installer 21:54:17.00
--- Registry HKLM Software Check 21:56:35.05
--- Quick Launch Shortcut Check 21:56:56.58
--- IE Startpage Check 21:57:03.97
--- Program Files DB Check 21:57:46.17
--- C:\Users\Asma\AppData\Roaming DB Check 21:58:43.48
--- C:\Users\Default\AppData\Roaming DB Check 21:58:43.48
--- C:\Users\Default User\AppData\Roaming DB Check 21:58:43.48
--- C:\Windows\SysNative\config\systemprofile\AppData\Roaming DB Check 21:58:43.48
--- C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming DB Check 21:58:43.48
--- C:\Windows\serviceprofiles\networkservice\AppData\Roaming DB Check 21:58:43.48
--- C:\Windows\serviceprofiles\Localservice\AppData\Roaming DB Check 21:58:43.48
--- C:\Users\Asma DB Check 22:01:24.62
--- C:\PROGRA~3 DB Check 22:01:46.44
--- C:\Users\Asma\AppData\Local DB Check 22:01:51.57
--- C:\Users\Default\AppData\Local DB Check 22:01:51.57
--- C:\Users\Default User\AppData\Local DB Check 22:01:51.57
--- C:\Windows\SysNative\config\systemprofile\AppData\Local DB Check 22:01:51.57
--- C:\Windows\sysWoW64\config\systemprofile\AppData\Local DB Check 22:01:51.57
--- C:\Windows\serviceprofiles\networkservice\AppData\Local DB Check 22:01:51.57
--- C:\Windows\serviceprofiles\Localservice\AppData\Local DB Check 22:01:51.57
--- C:\ProgramData\Microsoft\Windows\Start Menu\Programs DB Check 22:03:34.92
--- C:\Users\Asma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs DB Check 22:03:46.09
--- Tasks DB Check 22:03:53.35
--- Downloads DB Check 22:03:57.82
--- C:\Users\Asma\AppData\LocalLow DB Check 22:04:02.77
--- C:\Windows\SysNative\config\systemprofile\AppData\LocalLow DB Check 22:04:02.77
--- C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow DB Check 22:04:02.77
--- C:\Windows\serviceprofiles\networkservice\AppData\LocalLow DB Check 22:04:02.77
--- C:\Windows\serviceprofiles\Localservice\AppData\LocalLow DB Check 22:04:02.77
--- Tasks2 DB Check 22:04:58.45
--- Documents DB Check 22:05:32.45
--- C:\Users\Asma\AppData\Roaming\Mozilla\Firefox\Profiles\q2voel99.default DB Check 22:05:40.80
--- C:\Users\Public\Desktop DB Check 22:05:43.51
--- C:\Users\Asma\Desktop DB Check 22:05:50.86
--- Services DB Check 22:06:01.53
--- FF prefs.js DB Check 22:06:33.26
--- Emptyclsid 22:07:18.52
--- Del by CLSID 22:07:22.25
- Mar 8, 2013
- 22,627
Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.
- Right-click on
icon and select
Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File). - Make sure that Addition.txt option is checked.
- Press Scan button and wait.
- The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
- Mar 8, 2013
- 22,627
Download attached fixlist.txt file and save it to the Desktop:
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
- Right-click on
icon and select
Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File). - Press the Fix button just once and wait.
- If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
- When finishes FRST will generate a log on the Desktop, called Fixlog.txt.
Please attach it to your reply.
- Mar 8, 2013
- 22,627
- Mar 8, 2013
- 22,627
Since there are no more problems, we can declare this PC clean
Now, we can proceed with post-cleanup procedures. Let's remove my tools and create a new, non infected restore point concurrently deleting old ones.
Step 1. - Creation of system restore point and tools removal.
Download DelFix by Xplode and save it to your desktop.
Step 2. - Tips and tricks to keep your computer clean, safe and in a good shape.
Security tips - highly recommended reading:
Maintenance tips:
Additional software that I personally use and install on all my clients devices:
Stay safe,
TwinHeadedEagle
Now, we can proceed with post-cleanup procedures. Let's remove my tools and create a new, non infected restore point concurrently deleting old ones.
Step 1. - Creation of system restore point and tools removal.
Download DelFix by Xplode and save it to your desktop.
- Run the tool by right click on the
icon and Run as administrator option.
- Make sure that these ones are checked:
- Remove disinfection tools
- Purge system restore
- Reset system settings
- Push Run and wait until the tool completes his work.
- All tools we used should be gone. Tool will create an report for you (C:\DelFix.txt). I don't need it for review.
Step 2. - Tips and tricks to keep your computer clean, safe and in a good shape.
Security tips - highly recommended reading:
Maintenance tips:
Additional software that I personally use and install on all my clients devices:
- Zemana AntiMalware (paid version highly recommended) - to work as a supplement for your antivirus but with excellent remediation and protection
- Zemana AntiLogger - keep everything you type on keyboard out of sight of bad guys trying to steal your credantials
- Malwarebytes' Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities.
- McShield - to prevent infections spread by removable media.
- Unchecky - to prevent from installing additional foistware, implemented in legitimate installations.
- CryptoPrevent - tool for protection against Cryptolocker and similar ransomware infections.
- Adblock - to surf the web without annoying ads!
- Qualys BrowserCheck - cloud service that scans your browsers and plugins to see if they’re all up-to-date.
My help is free for everybody.
If you're happy with the help provided and/or wish to show your appreciaton, please consider a donation:
Thank you!
If you're happy with the help provided and/or wish to show your appreciaton, please consider a donation:
Thank you!
Stay safe,
TwinHeadedEagle
Hi,
The exact same issue appeared again yesterday. I tried all steps again but of no use now. This is the exact same thing. What should I do now?
The exact same issue appeared again yesterday. I tried all steps again but of no use now. This is the exact same thing. What should I do now?
- Mar 8, 2013
- 22,627
I have no idea. Your computer isn't infected.
Install uBlock extension and reinstall your browser as solution. If this doesn't help, I cannot help you.
Install uBlock extension and reinstall your browser as solution. If this doesn't help, I cannot help you.
Similar threads
