How JustAnswer Works:
  • Ask an Expert
    Experts are full of valuable knowledge and are ready to help with any question. Credentials confirmed by a Fortune 500 verification firm.
  • Get a Professional Answer
    Via email, text message, or notification as you wait on our site. Ask follow up questions if you need to.
  • 100% Satisfaction Guarantee
    Rate the answer you receive.
Ask lifesaver Your Own Question
lifesaver, Computer Software Engineer
Category: Computer
Satisfied Customers: 5962
Experience:  Engineering degree in Computer science,Microsoft Certified Professional.JA computer expert.
Type Your Computer Question Here...
lifesaver is online now
A new question is answered every 9 seconds

How do I get rid of a virus called JS/Redir?

This answer was rated:

How do I get rid of a virus called JR/Redir that keeps being detected in daily anti-virus scans?
I am using Windows XP, AVG Internet Security 9.0 and also had Ad-Aware on system. 
Location of virus is always similar, today's example:

C:\Documents and Settings\HP_Owner\Local Settings\Application Data\{11D3928E-8517-49F1-A845-7924C382021A}\chrome\content\overlay.xul

As I say, the daily scheduled scan always detects this but if I run a specific scan on C:\Documents and Settings nothing is found. Ad-Aware finds nothing. 
I upgraded from AVG Free Edition to try to deal with this problem which has been around for a few weeks now. AVG Tech Support asked for some diagnostic scans but after a couple unsuccessful attempts at producing the results they desired, AVG seems to have abandoned me. I need some advice please (and as I am not a techno type please write in plain language, thanks.)

Follow these steps to turn the system restore on C drive.

1. Click "Start", right-click "My Computer", and then click "Properties".
2. In the "System Properties" dialog box, click the "System Restore" tab.
3. Click on "C Drive" to select the "Turn off System Restore" check box.
4. Click "OK".

After system restore is tuned off run AVG scan and remove infections it detects.

Next download and run this free scanner called Malwarebytes' Anti Malware from Here

Remove infections it detects - Restart and let me know the results.

lifesaver and other Computer Specialists are ready to help you
Customer: replied 7 years ago.

24 hours after your help, I'm not sure whether virus problem is solved yet or not.

System Restore on C Drive, I found a box checked stating "system restore turned off on all drives." So System Restore was already turned off on C drive.

I ran AVG which detected JS/Redir virus.

Then downloaded/ran malware scanner which found virus ("C:\Documents and Settings\HP_Owner\Local Settings\Temp\d.exe (Trojan.Dropper) -> Quarantined and deleted successfully"). System restarted, then turned off for night.

Turning on in morning, ran AVG full scan - no virus detected

System ran a scheduled AVG full scan at 5pm - found JS/Redir virus ("C:\Documents and Settings\HP_Owner\Local Settings\Application Data\{C93C3468-7FFC-4ED3-80CE-374722FD8A2A}\chrome\content\overlay.xul";"Virus found JS/Redir";"Moved to Virus Vault")

Ran malware scanner immediately afterwards - no virus detected.


Download and run trozan remover.

Don't purchase. Use the 30 day trial. Let me know the results.

Customer: replied 7 years ago.

Results :

Installed Trojan Remover this morning and ran it(with AVG program disabled). Result: "No active malicious files were found and no changes were made."

At 5pm AVG program ran scheduled daily full scan : virus found "C:\Documents and Settings\HP_Owner\Local Settings\Application Data\{B675BC47-7B82-4794-BC57-377089FB14ED}\chrome\content\overlay.xul";"Virus found JS/Redir";"Moved to Virus Vault"

Then ran Trojan Remover again : "No active malicious files were found and no changes were made."

Then ran Anti-Malware scanner: "No malicious items detected."

Please run these two tools.


2>Combofix.Download link and guide

Let me know the results. Paste the log combo fix creates.

Customer: replied 7 years ago.

Attached is ComboFixLog


I have the ComboFix log ready but the text is too long to paste in this box. I need a way of attaching a file - customer service has not answered my query how to do so.

My 5pm AVG full scan (still running) indicates virus is still there.

Check the combo fix log under other deletions.







c:\windows\system32\Drivers\atapi.sys . . . is infected!

One of your drivers is infected too. Also when a virus is in recycler it keeps returning back.

Please recheck that your system restore is turned off. Also let me know your system model.

Customer: replied 7 years ago.

System Restore was turned on when I just checked it (was not when I previously checked). I have now checked the box which turns off System Restore on all drives (TELL ME IF THIS IS NOT RIGHT).

System model general info:

Hewlett-Packard Pavilion AMD athlon(tm)XP3200+ , 2.20 GHz, 448MB of RAM

(hp pavilion a720n)

Microsoft Windows XP Home Edition 2002 Service Pack 3

Your system info is correct.

Now check this link on how to determine if system restore is turned on or off.

Now I want you do all the cleaning with system restore turned off and in safe mode.

How to access safe mode?

Simply restart and keep pressing F8 key before windows starts loading. Run all those antivirus tools again.

Customer: replied 7 years ago.

Please clarify - when you say all those antivirus tools again, do you mean all four you have so far specified or just the last two? So far have used anti-malware, trojan remover, smitfraudfix, and combo fix. And all in safe mode?

Yes, all four are in safe mode.

Customer: replied 7 years ago.

I ran the four tools again in the same order under the conditions which you specified.

Here is the combofix report: ComboFixLog2

Does the virus still return back?

Customer: replied 7 years ago.

The last two scheduled AVG full scans have been clean, so it looks very hopeful. I guess if those scans continue to be clean then the virus has been removed. May I de-install any of the software used?

The cleaning process seems to have had one adverse result in that DVDs and CDs are no longer automatically detected and I no longer have a pop up box offering a choice of programs to play the disks. The DVD and CD drives do work and appear on the Device Manager menu but I have to go directly to the media files and open them in order to play a disk. If I can't work out how to put this right I will probably be back to this website to post a second question.

In the meantime I thank you very much for your time and advice.

Yes you can remove all other software used.

Just keep AVG.

If you’re using AVG paid version ignore my next message if you are using AVG 9 free edition get a new antivirus protection like bitdefender or Kapersky

Now regarding the CD drives. Are they detected under my computer?

Customer: replied 7 years ago.
Yes, they are both detected when I go to the device managers tab and there are no error codes when I check the device status. I can play disks but only if I open the files directly, computer does not automatically detect them anymore.
  • In Device Manager, expland DVD/CD-ROM drives, right-click the CD and DVD devices, and then click Uninstall.
  • When you are prompted to confirm that you want to remove the device, click OK.
  • Restart the computer.
  • After the computer restarts, the drivers will be automatically installed.

    See if it helps.