Computer

Ask a Computer Question, Get an Answer ASAP!

How do I get rid of a virus called JS/Redir that keeps being

Answered by:lifesaver
Computer Software Engineer
Positive Feedback: 93.9 %
Accepted Answers: 4282

in Computer

Recent Feedback

Positive

great help...thanx

Customer Question

How do I get rid of a virus called JS/Redir that keeps being detected in daily anti-virus scans?

I am using Windows XP , AVG Internet Security 9.0 and also have Ad-Aware on system.

Location of virus is always similar, today's example:
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\{11D3928E-8517-49F1-A845-7924C382021A}\chrome\content\overlay.xul

As I say, the daily scheduled scan always detects this but if I run a specific scan on C:\Documents and Settings nothing is found. Ad-Aware finds nothing.

I upgraded from AVG Free Edition to try to deal with this problem which has been around for a few weeks now. AVG Tech Support asked for some diagnostic scans but after a couple of unsuccessful attempts at producing the results they desired, AVG seems to have abandoned me. I need some advice please (and as I am not a techno type please write in plain language, thanks)!

Optional Information:
Computer OS: Windows XP
Browser: IE

Already Tried:
Browser IE/Yahoo AVG sent me "avgproci_EN.zip" file to be run in conjunction with an autoruns facility found at www.microsoft.com/technet/systernals/Security/Autoruns.mspx Process was supposed to result in a "result.7z" file but the result I got was a "result" zip file. AVG has not replied to my last emails.

Submitted: 1230 days and 15 hours ago.

Category: Computer

Value: $18

Status: CLOSED

Accepted Answer

Expert: lifesaver replied 1230 days and 15 hours ago.

HiCustomer

FOllow these steps to turn system restore on C drive.

Click Start, right-click My Computer, and then click Properties.
In the System Properties dialog box, click the System Restore tab.
Click on C drive to select the Turn off System Restore check box.
Click OK.

After system restore is turned off run AVg scan and remove infections it detects.

Next Download and run this free scanner called Malwarebytes' Anti-Malware from Here

Remove infections it detects

Restart and let me know the results.

Expert Type	Computer Software Engineer
Category:	Computer
Pos. Feedback:	93.9 %
Accepts:	4282
Answered:	11/22/2009

Experience: Engineering degree in Computer science,Microsoft Certified Professional.JA computer expert.

Ask this Expert a Question >

Customer replied 1229 days and 14 hours ago.

Hi PC Mechanic,

24 hours after your help, I'm not sure whether virus problem is solved yet or not.

Regards XXXXX XXXXX System Restore on C Drive, I found a box checked stating "system restore turned off on all drives." So System Restore was already turned off on C drive.

I ran AVG which detected JS/Redir virus.

Then downloaded/ran malware scanner which found virus ("C:\Documents and Settings\HP_Owner\Local Settings\Temp\d.exe (Trojan.Dropper) -> Quarantined and deleted successfully"). System restarted, then turned off for night.

Turning on in morning., ran AVG full scan - no virus detected

System ran a scheduled AVG full scan at 5pm - found JS/Redir virus ("C:\Documents and Settings\HP_Owner\Local Settings\Application Data\{C93C3468-7FFC-4ED3-80CE-374722FD8A2A}\chrome\content\overlay.xul";"Virus found JS/Redir";"Moved to Virus Vault")

Ran malware scanner immediately afterwards - no virus detected.

????

Expert: lifesaver replied 1229 days and 13 hours ago.

Ok.

Download and run trozan remover.

http://www.simplysup.com/

Don't purchase.use the 30 day trial.Let me know th results/

Customer replied 1228 days and 16 hours ago.

Results :

Installed Trojan Remover this morning and ran it(with AVG program disabled). Result: "No active malicious files were found and no changes were made."

At 5pm AVG program ran scheduled daily full scan : virus found "C:\Documents and Settings\HP_Owner\Local Settings\Application Data\{B675BC47-7B82-4794-BC57-377089FB14ED}\chrome\content\overlay.xul";"Virus found JS/Redir";"Moved to Virus Vault"

Then ran Trojan Remover again : "No active malicious files were found and no changes were made."

Then ran Anti-Malware scanner: "No malicious items detected."

I will pay extra after this reply because I appreciate you are doing this for a fee.

Expert: lifesaver replied 1228 days and 16 hours ago.

Please run these two tools.

1>smitfraudfix

http://www.precisesecurity.com/tools-resources/adware-tools/smitfraudfix/

2>Combofix.Download link and guide

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

LEt me know the results.PASte the log combofix creates.

Customer replied 1227 days and 21 hours ago.

Attached is ComboFixLog

________________________________________________________

I have the ComboFix log ready but the text is too long to paste in this box. I need a way of attaching a file - customer service has not answered my query how to do so.

Earlier I posted a bonus but I can't tell whether this has gone to the right place.

My 5pm AVG full scan (still running) indicates virus is still there.

40142.0498105671

Expert: lifesaver replied 1227 days and 20 hours ago.

Check the combofix log under other deletions.

c:\recycler\S-1-5-21-3221663354-876491971-3091539594-1003

c:\windows\awuvasamoqix.dll

c:\windows\MailSwitch.ocx

c:\windows\system32\ps2.bat

c:\windows\system32\tmp.reg

D:\Autorun.inf

c:\windows\system32\Drivers\atapi.sys . . . is infected!!

One of your drivers is infected too..Also when a virus is in recycler it keeps returniong back.

Please recheck that your system restore is turned off.Also let me know your system model..

Customer replied 1227 days and 17 hours ago.

System Restore was turned on when I just checked it (was not when I previously checked). I have now checked the box which turns off System Restore on all drives (TELL ME IF THIS IS NOT RIGHT).

System model general info:

Hewlett-Packard Pavilion AMD athlon(tm)XP3200+ , 2.20 GHz, 448MB of RAM

(hp pavilion a720n)

Microsoft Windows XP Home Edition 2002 Service Pack 3

Expert: lifesaver replied 1227 days and 17 hours ago.

Your system info is correct.

Now check this link on how to determine if system restore is turned on or off.

http://www.f-secure.com/v-descs/sfc_dis1.shtml

Now i want you do all the cleaning with system restore turned off and in safe mode.

How to access safe mode?

Simply restart and keep pressing F8 key before windows starts loading.Run all those antivirus tools again.

Customer replied 1227 days and 16 hours ago.

Please clarify -when you say all those antivirus tools again, do you mean all four you have so far specified or just the last two ? So far have used anti-malware, trojan remover,smitfraudfix and combofix. And all in safe mode?

Expert: lifesaver replied 1227 days and 16 hours ago.

Yes all the four in safe mode..

Customer replied 1227 days and 3 hours ago.

I ran the four tools again in the same order under the conditions which you specified.

Here is the combofix report: ComboFixLog2

Expert: lifesaver replied 1226 days and 6 hours ago.

Ok.

Does the virus still return back?

Customer replied 1225 days and 17 hours ago.

The last two scheduled AVG full scans have been clean, so it looks very hopeful. I guess if those scans continue to be clean then the virus has been removed. May I de-install any of the software used?

The cleaning process seems to have had one adverse result in that DVDs and CDs are no longer autmatically detected and I no longer have a pop up box offering a choice of programs to play the disks. The dvd and CD drives do work and appear on the Device Manager menu but I have to go directly to the media files and open them in order to play a disk. If I can't work out how to put this right I will probably be back to this website to post a second question.

In the meantime I thank you very much for your time and advice and wish you a Happy Thanksgiving (if you are in the USA that is!)

Expert: lifesaver replied 1225 days and 17 hours ago.

Yes you can remove all other softwaes used.

Just keep AVG.

If youa re using AVG paid version ignore my next message.Else if youa re using AVG 9 free edition get a new antivirus porotection like bitdefender or Kapersky

http://anti-virus-software-review.toptenreviews.com/

Now regarding the Cd drives.Are they detected under My computer?

Customer replied 1225 days and 16 hours ago.

Yes, they are both detected when I go to the device managers tab and there are no error codes when I check the device status. I can play disks but only if I open the files directly, computer does not automatically detect them anymore.

Expert: lifesaver replied 1225 days and 16 hours ago.

In Device Manager, expland DVD/CD-ROM drives, right-click the CD and DVD devices, and then click Uninstall.

When you are prompted to confirm that you want to remove the device, click OK.

Restart the computer.

After the computer restarts, the drivers will be automatically installed.

See if it helps.

25 Tech Support Specialists are Online Right Now

Computer Questions	Date Submitted
The last few days when using the computer to look up real estate,	3/28/2013
Using Incredimail to Export Data and Settings from old computer	3/28/2013
I scan quite a few magazine articles into my computer and store	3/28/2013
Brother DCP-167C Printer. Cannot get scanner to work. I	3/28/2013
I currently have a computer with an Asus M2A-VM Micro ATX motherboard	3/28/2013
unable to open pdf's in Browser	3/28/2013
Incoming phone calls get routed to my computer but my phone	3/28/2013
I cannot get my computer to recognize my scanner/printer.	3/28/2013
I have a new Toshiba P850 with Windows 8. When I typed some	3/28/2013
I am trying to use Nero 12 to transfer video from a Canon Video	3/28/2013