Solved help with a redirecting virus

[Frida Villeg]

Please help me this virus is so frustrating because I can't even download tools to get rid of it because it blocks all pages that have virus or antivirus on them (they ALL casually can't connect to the proxy server) while other sites work and then get redirected. I'm currently on a tablet because I can't open this site on the computer.

 

[TwinHeadedEagle]

Hi,

Before we begin, I want you to have this in mind:

• At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
• Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
• Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
• Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  
• All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
• If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
• I visit forum several times at day, making sure to respond to everyone's topic as fast as possible. But bear in mind that I have private life like everyone and I cannot be here 24/7. So please be patient with me. Also, some infections require less, and some more time to be removed completely, so bear this in mind and be patient.
• Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. If you solved your problem yourself, set aside two minutes to let me know.
  
• Please attach all report using
  
  button below. Doing this, you make it easier for me to analyze and fix your problem.

You will need to download required tools on your other PC and transfer it via pendrive on infected one.


Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

[Frida Villeg]

thanks a lot for answering, these are the files (also, now a lot of sites aren't working regardless of the content)

 

[TwinHeadedEagle]

WARNING: I noticed you have more than one antivirus installed.

Never install more than one Antivirus! Rather than giving you extra protection, it will decrease the reliability of it seriously! The reason for this is that if both products have their automatic (Real-Time) protection switched on, your system may lock up due to both software products attempting to access the same file at the same time. Also because more than one Antivirus installed are not compatible with each other, it can cause system performance problems and a serious system slowdown.

Please uninstall either Kaspersky or PSafe.



First, go to Control Panel and uninstall following (skip lines that cannot be uninstalled):
- Baidu PC Faster
- Java 7 Update 51

Latest versions of Java --> http://www.java.com/en/

***** NEXT *****​

Download attached fixlist.txt on the same location as FRST (otherwise the fix won't work)
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

Open FRST, and click Fix. Attach me that report after it is finished.

 

[Frida Villeg]

I could uninstall Java 7 Update 51 but didn't have the permissions to uninstall Baidu PC Faster.
I tried to uninstall PSafe but it's not on the control panel (to be honest the only reason I have it is because I don't know how to uninstall it). Should I uninstall it before the Fix or is it ok?

 

[TwinHeadedEagle]

What happens when you try to uninstall Baidu and PSafe?

 

[Frida Villeg]

When trying to uninstall Baidu it says:
"Error uninstalling Baidu PC Faster. It's possible that it's
already uninstalled.
Do you want to remove Baidu PC Faster of your list of programs and characteristics?"
Then if I click yes it says:
"You don't have enough access level to remove Baidu PC Faster of the list of Programs and characteristics. Contact your system administrator."
And PSafe doesn't even appear in the Programs section in the Control Panel.

 

[TwinHeadedEagle]

Ok, proceed with Fixlist.

Then run FRST again, check Addition.txt, press Scan and attach both reports.

 

[Frida Villeg]

Here they are:

 

[TwinHeadedEagle]

How about Fixlog.txt?

 

[Frida Villeg]

Oh god sorry, here it is:

 

[TwinHeadedEagle]

Download attached fixlist.txt on the same location as FRST (otherwise the fix won't work)
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

Open FRST, and click Fix. Attach me that report after it is finished.



Tell me how is your computer after this?

 

[Frida Villeg]

Oh my god thank you so much , my computer is working now,it finally let me enter this site!

 

[TwinHeadedEagle]

Any other problem?

 

[Frida Villeg]

No, it's all working perfectly thank you very much again!!

 

[TwinHeadedEagle]

For future protection I can recommend you:
- Adblock --> https://adblockplus.org/en/chrome
- Unchecky --> http://unchecky.com/



• The following will implement some post-cleanup procedures:

=> Please download DelFix by Xplode to your Desktop.

Run the tool and check the following boxes below;

Remove disinfection tools

Create registry backup

Purge System Restore
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:\DelFix.txt)

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.

 

[Frida Villeg]

Thanks a lot, I had never heard about Unchecky before, already installed it and did the post-cleanup procedures