Welch Company
San Francisco, CA
S U M M A R Y
DIARY: December 27, 2010 09:48 AM Monday;
Rod Welch
Google search redirect virus Trend Micro sends additional instructions.
1...Summary/Objective
2...Virus Google Search Redirection Trend Micro Did Not Find Cause
3...Trend Micro Additional Instructions Investigate Google Search Problem
........Memory Error System Report Error C16 on Shut Down
........Google Search Redirection Not Solved by Trend Micro Procedure
..............
Click here to comment!
CONTACTS
0201 - Trend Micro, Inc.
020101 - Ms. Elena (Len) Quitoriano; Customer Support Representative
020103 - Consumer Support Team
SUBJECTS
Trend Micro Hijackthis C16 Scan Diagnostic Log Failed Correct Google
3603 -
3603 - ..
3604 - Summary/Objective
3605 -
360501 - Follow up ref SDS 9 0000. ref SDS 8 0000.
360502 -
360503 -
360504 -
360506 - ..
3606 -
3607 -
3608 - Progress
3609 -
360901 - Virus Google Search Redirection Trend Micro Did Not Find Cause
360902 - Trend Micro Additional Instructions Investigate Google Search Problem
360903 -
360904 - Follow up ref SDS 9 716S, ref SDS 8 716S.
360905 -
360906 - Background on current efforts reported on 101223 1314, ref SDS 8 716S,
360907 - and resulting in Trend Micro assigning new case number 1-1-395893663.
360908 - ref SDS 8 CJ7H
360910 - ..
360911 - Received letter from Allan at Trend Micro saying...
360912 -
360913 - 1. Subject: RE: Re: [SR1-1-395893663] s
360914 - Date: 27 Dec 2010 03:58:38 (PST)
360921 - ..
360922 - 2. Thank you for sending us the log [...Allan attaches the letter
360923 - submitted to Trend Micro on 101223 1314. ref SDS 8 4Q4T, which
360924 - was a re-submission of log file created following instructions
360925 - and using software program "hijackthis.exe" received from Trend
360926 - Micro, reported on 101217, 101217 1210, ref SDS 7 CE4O...]. We
360927 - are done analyzing it and did not find malicious programs in
360928 - your computer.
360930 - ..
360931 - 3. Please follow the [...28...] recommendations below so as to
360932 - resolve the issue:
360934 - ..
360935 - 1. Reset Internet Explorer Settings:
360936 -
360937 - [...below on 101227 1134 notified Trend Micro that
360938 - Google Search redirection problem does not occur on
360939 - Internet Explorer (IE), only Netscape, ref SDS 0
360940 - NU5P; Window XP system on c16 reported memory could
360941 - not be read error on shut down, ref SDS 0 NU7Q; and
360942 - that implementing 28 detailed technical instructions
360943 - received from Trend Micro, did not correct failure of
360944 - Pccillin to prevent Google Search redirection virus
360945 - using Firefox browser. ref SDS 0 NU8S
360947 - ..
360948 - 1. Open Internet Explorer.
360949 - 2. Click on Tools on the menu bar.
360950 - 3. Click on Internet Options.
360951 - 4. A new window will appear. Click on Programs tab.
360952 - 5. Click on Reset Web Settings button.
360953 - 6. Click on Apply.
360954 - 7. Click on Ok.
360956 - ..
360957 - 2. Set Proxy Settings to Automatic
360958 -
360959 - 1. Open Internet Explorer.
360960 - 2. Click on Tools on the menu bar.
360961 - 3. Click on Internet Options.
360962 - 4. A new window will appear. Click on Connections tab.
360963 - 5. Click on LAN Settings button.
360964 - 6. Ensure that "Automatically Detect Settings" is the only box selected.
360965 - 7. Click on Ok.
360967 - ..
360968 - 3. Delete entries in the Hosts file
360969 -
360970 - 1. Click on the Orb button that has a Windows Logo on it.
360971 - 2. Click on Computer.
360972 - 3. Double click on the Windows folder.
360973 - 4. Double click on the system32 folder.
360974 - 5. Double click on the drivers folder.
360975 - 6. Double click on the etc folder.
360976 - 7. Double click on hosts.
360977 - 8. Choose to open it with Notepad.
360978 - 9. Click on Ok.
360979 - 10. Delete all entries after "127.0.0.1 localhost".
360980 - 11. Click on File.
360981 - 12. Click on Save.
360982 - 13. Close the notepad window.
360983 - 14. Restart your computer for the changes to take effect.
360985 - ..
360986 - 4. Please check if the issue still persists. If by chance the
360987 - solution did not work, please reply back to this email and
360988 - provide more information so that we can proceed with the next
360989 - troubleshooting steps.
360991 - ..
360992 - 5. Note: We would appreciate a response from you within 24 to 48
360993 - hours from the date you receive this email. After the given
360994 - time frame, your case will be presumed resolved and closed.
360995 - You will also receive a feedback from us confirming the status
360996 - of your case. Should you still have concerns regarding your
360997 - issue, please simply reply to this email.
360999 - ..
361000 - 6. To ensure timely response on your cases, please check your
361001 - "spam" folders too. If this email is tagged as spam, please
361002 - mark this message as "not spam" email.
361004 - ..
361005 - 7. Have a great day!
361007 - ..
361008 - 8. Regards,
361010 - ..
361011 - 9. Allan Rey Mendoza
361012 - Consumer Support Team
361013 - Trendlabs HQ, Trend Micro Incorporated
361015 - ..
361016 - 10. In order for us to have a history of our correspondence, please do not delete the subject and the contents of this email.
361017 - ===========================================================================
361018 - For future inquiries, you may visit our support page using the link below:
361019 - http://esupport.trendmicro.com/support/consumer/consumerhome.do
361020 - ===========================================================================
361021 -
361022 -
361024 - ..
3611 -
3612 -
3613 - 0954
3614 -
361401 - Applid Google new instructions to investigate cause of Google search
361402 - redirection virus.
361403 -
361404 -
361406 - ..
3615 -
3616 -
3617 - 1041
3618 -
361801 - Letter to Trend Micro reports applying new instructions failed to
361802 - resolve Google Search redirection.
361804 - ..
361805 - 1. Subject: Re: [SR1-1-395893663] s
361806 - Date: Mon, 27 Dec 2010 11:34:42 -0800
361813 - ..
361814 - 2. Thanks for your letter dated today, 101227 0358, and received
361815 - this morning. [...shown in the record above. ref SDS 0 3G5F...]
361817 - ..
361818 - 3. Please note the problem of Google redirection only seems to
361819 - occur on c16 using Netscape browser (Firefox).
361820 -
361821 - [On 101229 0621 letter from Trend Micro asks to confirm
361822 - Google Search redirection virus problem only occours with
361823 - Firefox on c16. ref SDS 10 3G5F
361825 - ..
361826 - [On 101229 0621 notify Trend Micro that Google Search
361827 - redirection virus problem only occurring with Firefox.
361828 - ref SDS 10 HW7G
361830 - ..
361831 - 4. None-the-less applied your guidance in Trend Micro's letter
361832 - today. [...reported above requesting customer perform 28 steps
361833 - to correct failure of Pccillin protecting against Google Search
361834 - redirection virus, ref SDS 0 9H3P...]. Here are results...
361836 - ..
361837 - 1. Clicking "Reset Web Settings" button in Programs tab for IE
361838 - Internet Options did not return an "Apply" choice, it said
361839 - "Do you want to reset your web settings to the original IE
361840 - defaults?"
361842 - ..
361843 - Don't want original IE settings, but for experiment
361844 - selected - "Yes" and then "OK."
361846 - ..
361847 - 2. Set Proxy Settings to automatic, as instructed.
361849 - ..
361850 - 3. Could not find "Orb" button to delete entries in Hosts
361851 - file. Noticed further instructions say to open system32
361852 - in Windows, so found...
361853 -
361854 - i:\windows\system32\drivers\ect\hosts
361856 - ..
361857 - Found in hosts there are no entries after 127.0.0.1
361859 - ..
361860 - Memory Error System Report Error C16 on Shut Down
361861 -
361862 - 5. After making changes to IE that could be made, booted c16 and
361863 - got error message...
361864 -
361865 - The instruction at "0x7750c8ed" referenced memory at
361866 - "0x000ad988." The memory could not be read.
361868 - ..
361869 - Click okay to terminate program?"
361870 -
361871 - [On 101230 1158 c16 reported another memory error on
361872 - system shutdown. ref SDS 11 G336
361874 - ..
361875 - 6. C16 then continued reboot process. C16 desktop came up
361876 - normally. Booted computer again, and got same message; c16
361877 - desktop again came up normally. Booted c16 a third time and on
361878 - this cycle did not get memory error message possibly indicating
361879 - the problem cleared itself. However, on the next shutdown, got
361880 - the same memory error message.
361881 -
361883 - ..
361884 - Google Search Redirection Not Solved by Trend Micro Procedure
361885 -
361886 - 7. After getting c16 to shut down normally, tested Google search
361887 - in Netscape using Google searched for...
361888 -
361889 - "HP Pavilion Elite HPE 490t"
361891 - ..
361892 - This is my new desktop, c17.
361894 - ..
361895 - 8. Got a list that included...
361896 -
361897 - HP Pavilion Elite HPE 490t series HP Official Store
361898 - Buy direct from HP with FREE Shipping... etc.
361900 - ..
361901 - 9. Selecting this choice in the Google results should open...
361902 -
361903 - http://www.shopping.hp.com/webapp/series/category/desktops/HPE490t_series/3/computer_store
361904 -
361905 - ...which is HP Home & Home Office. This result occurs on c17,
361906 - the new computer. However, on c16 clicking on the same option
361907 - opens...
361908 -
361909 - http://www22.verizon.com/residential/bundles/overview
361910 -
361911 - ...which is "Great Bundle Options" a Verizon site, not HP. At
361912 - this location on c16, clicking back button the thing is frozen;
361913 - so someone is really trying to sell something. I can click
361914 - History menu and then select the Google results page.
361916 - ..
361917 - 10. This record indicates changes to c16 directed today by Trend
361918 - Micro on IE [...per above, ref SDS 0 9H3P...], did not correct
361919 - Google redirection problems with Netscape Firefox.
361921 - ..
361922 - 11. Please let me know further steps.
361923 -
361924 - [On 101229 0621 letter from Trend Micro asks to confirm
361925 - Google Search redirection virus problem only occours with
361926 - Firefox on c16. ref SDS 10 3G5F
361928 - ..
361929 - [On 101229 0621 notify Trend Micro that Google Search
361930 - redirection virus problem only occurring with Firefox.
361931 - ref SDS 10 HW7G
361933 - ..
361934 - [On 101229 0621 at 1743 letter from Trend Micro requests
361935 - additional steps for customer to diagnose virus causing
361936 - Google Search redirection. ref SDS 10 4S8G
361938 - ..
361939 - [On 101229 0621 at 1817 (PST) letter responds to Trend
361940 - Micro reporting performance of additional instructions, and
361941 - there is no evident correction to Google Search redirection
361942 - virus problem, and this problem is unique to c16 Windows XP
361943 - mode, in that Google search works correctly on c16 in
361944 - Windows 7 32-bit, and 64-bit, and on c17 on all 3 modes.
361945 - ref SDS 10 7H7O
361947 - ..
361948 - 12. Sincerely,
361949 -
361954 -
361955 -
361956 -
361957 -
361958 -
361959 -
361960 -
361961 -
361962 -
3620 -
Distribution. . . . See "CONTACTS"