247fixes PC Help Forum: How To Fix Google Redirects - 247fixes PC Help Forum

Jump to content

Welcome to 247fixes PC Help Forum

Welcome to 247fixes PC Help Forum, like most online communities you must register to view or post in our community, but don't worry this is a simple free process that requires minimal information. Take advantage of it immediately, Register Now or Sign In.

  • Start new topics and reply to others
  • Subscribe to topics and forums to get automatic updates
  • Add events to our community calendar
  • Get your own profile and make new friends
  • Customize your experience here
Guest Message © 2010 DevFuse
Page 1 of 1

How To Fix Google Redirects aka Win32/Olmarik, Rootkit.Win32.TDSS.u, Win32/Alureon.F, Tidserv! Rate Topic: -----

#1 User is offline   Rorschach112 

  • Scratch
  • Icon
  • Group: Administrator
  • Posts: 1719
  • Joined: 30-April 08

Posted 03 February 2010 - 12:04 AM

How to fix Google Redirects, aka Win32/Olmarik, Rootkit.Win32.TDSS.u, Win32/Alureon.F, Backdoor.Tidserv!.inf

This infection hijacks your browsers to divert search engines to malware sites. Another symptom is getting the error message "DCOM server protocol launcher server terminated". It is important that you do not try fix this infection manually, or to let your anti-virus program do it, as it can result in an unbootable machine if removed badly. This guide is designed to remove the infection easily and effectively, with no side-effects.


Lets get onto removing the infection now.



Step 1 : Safety precautions


Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference.


Backup Your Registry with ERUNT
  • Please use the following link and scroll down to ERUNT and download it.
    http://aumha.org/freeware/freeware.php
  • For version with the Installer:
    Use the setup program to install ERUNT on your computer
  • For the zipped version:
    Unzip all the files into a folder of your choice.
Click Erunt.exe to backup your registry to the folder of your choice.

Note: to restore your registry, go to the folder and start ERDNT.exe



Please download OTM
  • Save it to your desktop.
  • Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and [B]pressing CTRL + C[/B] (or, after highlighting, right-click and choose Copy):

    :Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[EMPTYFLASH]
[Reboot]


  • Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.

  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and [B]pressing CTRL + C[/B] (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM and reboot your PC.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Step 2 : The fix



Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • It doesn't take long to run, once it is finished move onto the next step



Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerMain.png


  • If an infected file is detected, the default action will be Cure, click on Continue.


    http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerMal-1.png


  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerSuspicious-1.png


  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerCompleted.png



The infection should hopefully be removed after these steps. If this is not the case, please go to the Virus Removal forum here and follow the steps in this thread here


If this guide fixes your machine, then please read my guide on how to prevent malware and about safe computing here


Regards

247Fixes Team
0

#2 User is offline   ripple75000 

  • Newbie Member
  • Pip
  • Group: Member
  • Posts: 5
  • Joined: 12-April 10

Posted 26 April 2010 - 04:10 PM

THanks! I do believe this FINALLY removed the google redirect! It was extremely nasty and would allow the XP DEFENDER PRO virus back..I manually removed that and followed the instructions above and I think it finally did. THANKS
0

#3 User is offline   petal pusher 

  • Newbie Member
  • Pip
  • Group: Member
  • Posts: 1
  • Joined: 10-May 10

Posted 10 May 2010 - 02:53 AM

Thank you! Thank you! Thank you!!

I have been trying everything for weeks now. This worked!!
0
Page 1 of 1

Fast Reply

  

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users