Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"213.174.137.82" virus has hijacked Google homepage


  • This topic is locked This topic is locked
6 replies to this topic

#1 chaossock

chaossock

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:24 AM

Posted 09 March 2012 - 06:05 PM

Hello Bleeping! I've lurked for a while, and this is my first post. Fortunately/unfortunately, this is quite an absurd virus to 1st time post with, so I thank anyone in advance with any help.

In short, it seems a virus has "hijacked" my Google.com within Fire Fox, as well as disabling Captchas and various other features on other websites. When I do a google search, legit results are delived, but every link is a redirect of some sort. Also, general PC performance is reduced to varying degrees.


For reference, this topic is all I could about this problem.


I guess I'll give a more detailed rundown. FYI I'm making this post from my laptop which is NOT infected with this virus. This virus infects my desktop.

Desktop Computer Specs:
Win XP Home Edition (5.1, Build 2600)
AMD Athlon 64 Processor @ 1.8 Ghz
1 gig of ram
GeForce 7800GS AGP w/ 256mb ram
I certainly have Service pack 2, not entirely sure about SP3

The Story:
Two nights ago I'm using my computer, all is well, and I must have visited some website only for a split second (as i cannot remember anything out of the ordinary) and my computer just slows to an absolute crawl. I am forced to shut down. Next day, computer seems to be running better, but it starts lagging too much, so I run a full chkdsk (with repair bad sectors) at start-up on my main drive -- drive is totally clean. I update Malwarebytes anti-malware, and perform a quick scan, which takes about 5x longer than normal. Zero objects infected, no issues found.

I open Firefox / Google to do a search, and I'm getting redirected... a bit of relief as at least i know it's a virus and not a problem with any of my hardware or software. But since I'm getting constantly redirected, I realize this virus is unlike the last redirect virus that infected my machine for a few weeks last year. Here's what I've discovered:

-www.Google.com seems to have been hijacked by this virus. It's not the real google page, but a replication of it. It lacks auto-fill feature when doing searches, and it lacks the normal links at the bottom of the Google home page (like Business Solutions, Privacy Policy, etc.) It also lacks the frequent "Doodles" that google likes to put up. It just seems off, and it is.

-when loading Google.com, status bar indicates a connection to the IP of 213.174.137.82. Obviously, this is not normal. Also, when I hover over the "Sign in" link at the top right, an abnormal link appears -- https://accounts.google.com/ServiceLogin?hl=en&continue=http://209.85.145.103. What the hell is that second IP? Also, please dont visit these links... i dont want anyone else to get this.

-When doing a search, normal results appear (wikipedia, etc.) but every link is worthless redirect.

-Captchas seem to be universally disabled. For example, I could not register for BleepingComputer on the infected computer because the qustion / answer verification captcha was instead an ad for Pizza Hut. Captchas are also just non-existant on other sites, like depositfiles.com -- when i try to download something, the usual captcha just doesnt show up there the 60 second delay. I'm not sure about general Java / Flash when browsing, the computer runs almost too sluggishly to really experiment with that stuff.

Yesterday, I try to do a system restore within the normal XP environment. It simply will not perform the restore. I shut down and go to bed.

This morning, I start in safe-mode and do the restore to about a week earlier. System restarts, all is well -- computer runs at normal speed, the real Google page is back, captcas are present, I think I'm home free. But after about 15 minutes, i notice a missing captcha on a website. Virus has reinstalled itself, computer back to running at a crawl.

As I type this, I'm doing a full-scan on drive C: in an up-to-date malwarebytes anti-malware, which is sure will not find any problems. I also plan on running Crap Cleaner after this is done, with a registry cleanup... not sure if that's a mistake, but it's never hurt me in the past.

Please help Bleeping, this virus is from hell. Thank you!!

BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 43,443 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:04:24 AM

Posted 09 March 2012 - 06:33 PM

Please follow the instructions at Preparation Guide, Before Using Malware Removal Tools and Requesting Help - http://www.bleepingcomputer.com/forums/topic34773.html .

Note that those instructions call for the malware logs to be posted in a forum that is not this one. This forum does not have the expertise to deal with malware situations.

Louis

#3 chaossock

chaossock
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:24 AM

Posted 09 March 2012 - 07:07 PM

Thanks louis -- i will go through these steps

should I repost this thread in the appropriate forum, or leave it here? Perhaps a Mod will move it...?

Thanks again

#4 chaossock

chaossock
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:24 AM

Posted 09 March 2012 - 07:24 PM

Hi,
Just read your posting and I may be able to help you. On the one thats not infected, go to [Web Page Redacted] Go to the "PARTNERS" page and download "VipreRescue" Put it on your memory stick. Transfer the downloaded file to the one that is infected. Run it. scan my take 15 minutes to hours. When it finishes, reboot and go


Yeah, no thanks

Edit: Quoted post deleted by staff member, web page quoted redacted. ~ Animal

#5 hamluis

hamluis

    Moderator


  • Moderator
  • 43,443 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:04:24 AM

Posted 09 March 2012 - 07:42 PM

No need to repost this topic, just follow the instructions for submitting malware logs in the appropriate forum linked to in the Preparation Guide.

Once your new topic is properly posted, I will close this topic.

Louis

#6 chaossock

chaossock
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:24 AM

Posted 11 March 2012 - 02:37 AM

I've posted this in the appropriate forum, a Mod can close this topic. Thanks.

#7 hamluis

hamluis

    Moderator


  • Moderator
  • 43,443 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:04:24 AM

Posted 11 March 2012 - 10:33 AM

Reference: http://www.bleepingcomputer.com/forums/topic445802.html/page__p__2627595#entry2627595

Now that you have properly posted a malware log topic, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on, the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic.

Louis




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users