Help - Search - Members - Calendar
Full Version: [resolved] Does Bitdefender Clean Google Redirect Virus Automatically?
Bitdefender Forum > English > Malware & Sample Submission > Malware Area
truva
My computer has Google redirect virus. Does BitDefender clean Google redirect virus automatically? Or do we need to do it manually?
Tytanis
QUOTE (truva @ Jul 19 2012, 04:53 PM) *
My computer has Google redirect virus. Does BitDefender clean Google redirect virus automatically? Or do we need to do it manually?


Are you using FireFox?

If so, please check to see if XULCache was installed, this was a Google Redirector that I caught a few months ago.

With FireFox open, press Ctrl-Shift-A and see if XULCache is in your Extensions. If it is, disable it.
truva
I am using FireFox but I don't have XULCache.
Christian
Hello smile.gif

Please tell me what version of Bitdefender are you using? I need this so I ca post here further instructions.

Have a great weekend!
truva
QUOTE (Christian @ Jul 21 2012, 07:44 AM) *
Hello smile.gif

Please tell me what version of Bitdefender are you using? I need this so I ca post here further instructions.

Have a great weekend!



Hello,

My Bit Defender version is Internet Security 2012 on win7/64 bit OS Service Pack 1. Asus laptop 4GB RAM/ Core2 Quad.

Google image search redirect me to some p0rn pages.

And there is no link safety information on google search page. However the information is present on this forum page for example. I think it affects google search page only.

Thank you very much.
Christian
Hello smile.gif

If you are using Mozilla Firefox or Google Chrome, please uninstall all the extensions and reboot your PC.

Install your favorite extensions/add-on from the official store:

https://chrome.google.com/webstore/category/extensions

https://addons.mozilla.org/en-US/firefox/

Reboot and follow these instructions:

[how to GENERATE A BDSYS LOG]
. Save and extract the BDSYS tool to a location of your choice:

http://www.bitdefender.com/files/Knowledge.../BDSysLog_i.exe

. Make sure you close all active applications and then run "BDSysLog_i.exe"; If you receive a firewall alert,select to Allow the application to connect;
. Click the "Create log" button to start generating the log; A progress bar is indicating that the tool is creating the report;
. When the small window appears with the message "Log saved" then the report is complete and a new file named "bdsyslog.zip" has appeared on your Desktop;
. Upload that file on

http://www.sendspace.com

or

http://www.mediafire.com

and send me a PM with the download link.

If you were already asked to generate the log file, disregard the message above and just post the ticket ID.

IMPORTANT:

.During this process the Real Time Protection in Bitdefender must be temporarily disabled;
.If you receive a Bitdefender Firewall alert to inform you that BDSysLog_i.exe tries to connect to the internet,then you need to select Allow;

[how to DISABLE THE ANTIVIRUS PROTECTION in Bitdefender 2012]
In order to disable the antivirus protection, please open Bitdefender and click the "Settings" button in the upper side part of the interface"; In the new window go to "Antivirus" > "Shield" tab and click on "ON" under On-access scanning. Select the time interval that suites your troubleshooting needs and click "OK". The On-access scanning should be enabled back after finishing the troubleshooting procedure.

We will get back to you as soon as the analysis is complete.

Have a nice day!
Christian
Hello smile.gif

I have sent the logs to the labs and I will get back to you with an answer.

Thank you!
Christian
Hello smile.gif

We couldn't find anything suspicious in the logs.

Please reset your hosts file to default:

http://support.microsoft.com/kb/972034

Also, make sure that you don't have a proxy set for your current internet connection:

http://www.plus.net/support/software/browsers/proxies.shtml

Let me know if everything is OK after the first restart.

Take care.
truva
Hello,

There is no IP mapping to host names in my host file like MicroSoft's default file. These days no IP forwarding to p0rn pages has happened though. I don't know why.

However there is no link safety information in google search pages. You can see in picture-1. The information exist in Yahoo search pages (picture-2) . Actually all the web pages has link safety information except google search pages.


Thank you very much.


Click to view attachment Click to view attachment
Christian
Hello smile.gif

Under Settings->Privacy do you have Scan SSL turned on?

In order to be able to properly identify the causes for the reported situation and find a solution we will need to investigate a bit deeper.

Please follow the steps below and send us the result:

a ) Go to this page
http://technet.microsoft.com/en-us/sysinte...s/bb963902.aspx and download the autoruns file.
b ) Extract the contents of the downloaded file and run the 'autoruns.exe' file;
c ) Wait for the list to be filled with all the processes and then make sure that you have the Everything tab selected in the upper part;
d ) Click on the Disk icon right under File and chose any location folder on your computer;
e ) Save the file with a specific name (your name, computer name, a random name, which one you want) and then send me a PM with it.

If the file is too big to attach it, upload it on

http://www.sendspace.com

or

http://www.mediafire.com

and send me a PM with the download link.

We will analyze the information you sent and then reply with a possible solution in the shortest time.

Have a nice day.
truva
Yes it worked. The link safety information is back. However I did not close it. I haven't known that there was such an option until now. Maybe virus did it. Because of this reason I will send the further information you asked.

Thank you very much.
Christian
Hello smile.gif

What can you tell me about this toolbar?

TTNET Arac Cubugu IE Toolbar Engine c:\program files (x86)\ttnet arac cubugu\tbcore3.dll

Also, do you use something from SupportSoft, Inc. c:\program files (x86)\ncnetworksdm\bin\tgsrvc.exe ?

If not, we recommend you to remove both and reboot the PC.

Thank you!
truva
QUOTE (Christian @ Jul 26 2012, 06:14 PM) *
What can you tell me about this toolbar?

TTNET Arac Cubugu IE Toolbar Engine c:\program files (x86)\ttnet arac cubugu\tbcore3.dll


It is my previous internet service provider. I forgot to remove the d@mn thing since I dont use IE much. Now, I have removed it.


QUOTE (Christian @ Jul 26 2012, 06:14 PM) *
Also, do you use something from SupportSoft, Inc. c:\program files (x86)\ncnetworksdm\bin\tgsrvc.exe ?

If not, we recommend you to remove both and reboot the PC.


I don't know about SupportSoft. I have removed it too.


Thank you very much.
truva
QUOTE (Christian @ Jul 26 2012, 06:14 PM) *
Hello smile.gif

What can you tell me about this toolbar?

TTNET Arac Cubugu IE Toolbar Engine c:\program files (x86)\ttnet arac cubugu\tbcore3.dll

Also, do you use something from SupportSoft, Inc. c:\program files (x86)\ncnetworksdm\bin\tgsrvc.exe ?

If not, we recommend you to remove both and reboot the PC.

Thank you!



So you think the virus was nested in c:\program files (x86)\ncnetworksdm\bin\tgsrvc.exe ?


Christian
Hello smile.gif

Possibly, do you still encounter any issues?

Thank you!
truva
QUOTE (Christian @ Jul 27 2012, 12:39 PM) *
Hello smile.gif

Possibly, do you still encounter any issues?

Thank you!



Okey, but is it so simple to uninstall a virus? Bitdefender didn't detect it and its scan option was changed by virus. Can I trust the machine or should I consider formatting it?
Christian
Hello smile.gif

Yes, you can trusted. We didn't find anything suspicious in the logs.

Actually, the active part was removed by Bitdefender, we only needed to clean the leftovers.

Let me know if you still encounter any issues.

Have a great weekend!
truva
QUOTE (Christian @ Jul 28 2012, 10:58 AM) *
Hello smile.gif

Yes, you can trusted. We didn't find anything suspicious in the logs.

Actually, the active part was removed by Bitdefender, we only needed to clean the leftovers.

Let me know if you still encounter any issues.

Have a great weekend!



I didn't know that. Thank you very much for the information.

Take care.
truva
Meanwhile, I am not encountering any issues. Just wanted to be sure.

Thank you very much.
Christian
Hi smile.gif

Thank you very much for your feedback!

I declare this case resolved.

Should you need any further assistance, please do not hesitate to contact us.

Have a great day!
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2014 Invision Power Services, Inc.