BestTechie Forums: How to fix Google Redirects - BestTechie Forums

Jump to content

Recommended Software

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

How to fix Google Redirects aka Win32/Olmarik, Rootkit.Win32.TDSS.u, Win32/Alureon.F, Tidserv!

#1 User is offline   Rorschach112 Icon

  • HJT Team
  • Icon
  • Group: Managers
  • Posts: 421
  • Joined: 18-February 08

Posted 02 February 2010 - 07:00 PM


How to fix Google Redirects, aka Win32/Olmarik, Rootkit.Win32.TDSS.u, Win32/Alureon.F, Backdoor.Tidserv!.inf

This infection hijacks your browsers to divert search engines to malware sites. Another symptom is getting the error message "DCOM server protocol launcher server terminated". It is important that you do not try fix this infection manually, or to let your anti-virus program do it, as it can result in an unbootable machine if removed badly. This guide is designed to remove the infection easily and effectively, with no side-effects.


Lets get onto removing the infection now.



Step 1 : Safety precautions


Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference.


Backup Your Registry with ERUNT
  • Please use the following link and scroll down to ERUNT and download it.
    http://aumha.org/freeware/freeware.php
  • For version with the Installer:
    Use the setup program to install ERUNT on your computer
  • For the zipped version:
    Unzip all the files into a folder of your choice.
Click Erunt.exe to backup your registry to the folder of your choice.

Note: to restore your registry, go to the folder and start ERDNT.exe



Download SysRestorePoint to your desktop and unzip it to it's own folder.
  • Double click SysRestorePoint.exe so that we can make a new system restore point.
  • A box will pop up after it has made a new point, usually after a few seconds. Close that window and exit the program.



Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean




Step 2 : The fix


Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • It doesn't take long to run, once it is finished move onto the next step




Download TDSSKiller and save it to your Desktop.

  • Make sure all other windows are closed and to let it run uninterrupted.
  • Extract the file and run it.
  • Reboot your machine and see if the infection is gone



The infection should hopefully be removed after these steps. If this is not the case, please go to the Virus Removal forum here and follow the steps in this thread here


If this guide fixes your machine, then please read my guide on how to prevent malware and about safe computing here


Regards
By the power of truth, I, while living, have conquered the universe.

~Scratch~

My help is always free, but if you want to donate to help me continue my fight against malware then click here Posted Image
Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users