"220.127.116.11" virus has hijacked Google homepage
Posted 09 March 2012 - 06:05 PM
In short, it seems a virus has "hijacked" my Google.com within Fire Fox, as well as disabling Captchas and various other features on other websites. When I do a google search, legit results are delived, but every link is a redirect of some sort. Also, general PC performance is reduced to varying degrees.
For reference, this topic is all I could about this problem.
I guess I'll give a more detailed rundown. FYI I'm making this post from my laptop which is NOT infected with this virus. This virus infects my desktop.
Desktop Computer Specs:
Win XP Home Edition (5.1, Build 2600)
AMD Athlon 64 Processor @ 1.8 Ghz
1 gig of ram
GeForce 7800GS AGP w/ 256mb ram
I certainly have Service pack 2, not entirely sure about SP3
Two nights ago I'm using my computer, all is well, and I must have visited some website only for a split second (as i cannot remember anything out of the ordinary) and my computer just slows to an absolute crawl. I am forced to shut down. Next day, computer seems to be running better, but it starts lagging too much, so I run a full chkdsk (with repair bad sectors) at start-up on my main drive -- drive is totally clean. I update Malwarebytes anti-malware, and perform a quick scan, which takes about 5x longer than normal. Zero objects infected, no issues found.
I open Firefox / Google to do a search, and I'm getting redirected... a bit of relief as at least i know it's a virus and not a problem with any of my hardware or software. But since I'm getting constantly redirected, I realize this virus is unlike the last redirect virus that infected my machine for a few weeks last year. Here's what I've discovered:
-when loading Google.com, status bar indicates a connection to the IP of 18.104.22.168. Obviously, this is not normal. Also, when I hover over the "Sign in" link at the top right, an abnormal link appears -- https://accounts.google.com/ServiceLogin?hl=en&continue=http://22.214.171.124. What the hell is that second IP? Also, please dont visit these links... i dont want anyone else to get this.
-When doing a search, normal results appear (wikipedia, etc.) but every link is worthless redirect.
-Captchas seem to be universally disabled. For example, I could not register for BleepingComputer on the infected computer because the qustion / answer verification captcha was instead an ad for Pizza Hut. Captchas are also just non-existant on other sites, like depositfiles.com -- when i try to download something, the usual captcha just doesnt show up there the 60 second delay. I'm not sure about general Java / Flash when browsing, the computer runs almost too sluggishly to really experiment with that stuff.
Yesterday, I try to do a system restore within the normal XP environment. It simply will not perform the restore. I shut down and go to bed.
This morning, I start in safe-mode and do the restore to about a week earlier. System restarts, all is well -- computer runs at normal speed, the real Google page is back, captcas are present, I think I'm home free. But after about 15 minutes, i notice a missing captcha on a website. Virus has reinstalled itself, computer back to running at a crawl.
As I type this, I'm doing a full-scan on drive C: in an up-to-date malwarebytes anti-malware, which is sure will not find any problems. I also plan on running Crap Cleaner after this is done, with a registry cleanup... not sure if that's a mistake, but it's never hurt me in the past.
Please help Bleeping, this virus is from hell. Thank you!!
BC AdBot (Login to Remove)
Posted 09 March 2012 - 06:33 PM
Note that those instructions call for the malware logs to be posted in a forum that is not this one. This forum does not have the expertise to deal with malware situations.
Posted 09 March 2012 - 07:07 PM
should I repost this thread in the appropriate forum, or leave it here? Perhaps a Mod will move it...?
Posted 09 March 2012 - 07:24 PM
Just read your posting and I may be able to help you. On the one thats not infected, go to [Web Page Redacted] Go to the "PARTNERS" page and download "VipreRescue" Put it on your memory stick. Transfer the downloaded file to the one that is infected. Run it. scan my take 15 minutes to hours. When it finishes, reboot and go
Yeah, no thanks
Edit: Quoted post deleted by staff member, web page quoted redacted. ~ Animal
Posted 09 March 2012 - 07:42 PM
Once your new topic is properly posted, I will close this topic.
Posted 11 March 2012 - 02:37 AM
Posted 11 March 2012 - 10:33 AM
Now that you have properly posted a malware log topic, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.
From this point on, the MRT Team should be the only members that you take advice from, until they have verified your log as clean.
Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.
It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.
If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.
To avoid confusion, I am closing this topic.
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users