Hijacked is a good word!

Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

BleepingComputer.com > Security > HijackThis Logs and Virus/Trojan/Spyware/Malware Removal

Forum Guidelines

Read this topic before posting a log.

DO NOT post a ComboFix log unless requested to.

Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

2 Pages

1 2 >

Hijacked is a good word!, Google being redirected to different search sites

Options

IdMnstr View Member Profile	Jun 30 2009, 03:02 PM Post #1
Member Group: Members Posts: 44 Joined: 2-March 08 Member No.: 193,846	Referred here from: http://www.bleepingcomputer.com/forums/topic234952.html ~ OB Hi, I am having trouble with google being redirected to search sites. I will perform a google search. The results are shown to me as links. When I click on a link I am not sent to the site. I am first told I am "Being redirected, Please wait". The netxt thing I see is the search results from another search site, not google. I have been told I should post the logs from the DDS here. I have attached the files; DDS.txt and Attach.txt. Regards, Jim This post has been edited by Orange Blossom: Jun 30 2009, 08:36 PM Attached File(s) Attach.txt ( 13.71k ) Number of downloads: 1 DDS.txt ( 16.67k ) Number of downloads: 2

IdMnstr View Member Profile	Jul 3 2009, 03:13 PM Post #2
Member Group: Members Posts: 44 Joined: 2-March 08 Member No.: 193,846	Orange Blossom, Thank you for correcting my post. Regards, Jim

schrauber View Member Profile	Jul 4 2009, 02:51 AM Post #3
Mr.Mechanic Group: HJT Team Posts: 2,680 Joined: 3-May 08 From: Saarland,Germany Member No.: 206,858	Hello IdMnstr and welcome to Bleeping Computer We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far. Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware. If you have already posted a DDS log, please do so again, as your situation may have changed. Use the 'Add Reply' and add the new log to this thread. Thanks and again sorry for the delay. We need to see some information about what is happening in your machine. Please perform the following scan: Download DDS by sUBs from one of the following links. Save it to your desktop. DDS.scr DDS.pif Double click on the DDS icon, allow it to run. A small box will open, with an explaination about the tool. No input is needed, the scan is running. Notepad will open with the results. Follow the instructions that pop up for posting the results. Close the program window, and delete the program from your desktop. Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE -------------------- regards, schrauber If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you! If I have helped you then please consider donating to continue the fight against malware

IdMnstr View Member Profile	Jul 4 2009, 07:38 AM Post #4
Member Group: Members Posts: 44 Joined: 2-March 08 Member No.: 193,846	Hi, Thank you for responding but I am confused ... In order to answer your question; >>If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far. Please follow the link provided when my topic was moved; >>Referred here from: http://www.bleepingcomputer.com/forums/topic234952.html ~ OB Yes, I see the value of posting another DDS log and I will do so asap. What did the current logs tell you? Regards, Jim

IdMnstr View Member Profile	Jul 4 2009, 07:48 AM Post #5
Member Group: Members Posts: 44 Joined: 2-March 08 Member No.: 193,846	Hi, I am not sure I ran DDS correctly. Here are the steps I used; 1) Clicked on the above links to download DDS.scr and DDS.pif to my desktop. 2) Double clicked on DDS.scr and a window appeared for a minute with the same instructions. 3) This window was replaced with two other windows. 4) I saved the contents of each window to my desktop. 5) I posted the files I created here. Thanks again for your help on this. Attached File(s) DDS.txt ( 16.17k ) Number of downloads: 4 Attach.txt ( 11.5k ) Number of downloads: 5

farbar View Member Profile	Jul 7 2009, 05:18 AM Post #6
Bleeping Curious Group: HJT Team Posts: 6,870 Joined: 8-December 07 From: The Netherlands Member No.: 175,240	Hi IdMnstr, Welcome to BC HijackThis forum. I am farbar. I am going to assist you with your problem. Please refrain from making any changes to your system (updating Windows, installing applications, removing files, etc.) from now on as it might prolong handling your log and make the job for both of us more difficult. Please make sure you run ComboFix just once as I see the log of the first run. Download ComboFix from one of these locations: Link 1 Link 2 Link 3 * IMPORTANT !!! Save ComboFix.exe to your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Information on A/V control HERE) Double click on ComboFix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, it shall produce a log for you. Please include the C:\ComboFix.txt** in your next reply. -------------------- This is a voluntary free service. However, if you would like to donate click on

IdMnstr View Member Profile	Jul 7 2009, 02:54 PM Post #7
Member Group: Members Posts: 44 Joined: 2-March 08 Member No.: 193,846	Hi, I have downloaded and run ComboFix. A message prompt appeared that told me to turn off "Malware Catcher 2009". Here are the steps I took; 1) I selected the"X" on the windows thinking that ComboFix would stop running. It didn't and gave me another message to say that "Malware Catcher 2009" is still running. I did not select OK. 2) I ran "Malwarebytes' AntiMalware 1.38" to attempt to remove "Malware Catcher 2009". It did find something else and removed it but said nothing about "Maleware Catcher 2009". 3) I then slected OK on ComboFix and followed all the prompts. Thanks again for your help, Jim Attached File(s) log.txt ( 19.95k ) Number of downloads: 5

farbar View Member Profile	Jul 7 2009, 03:20 PM Post #8
Bleeping Curious Group: HJT Team Posts: 6,870 Joined: 8-December 07 From: The Netherlands Member No.: 175,240	Well done and thanks for the feedback. Ifyou get the same notification about Malware Catcher please just neglect it and proceed. Close any open browsers. Open notepad (start > All Programs > Accessories > Notepad) and copy/paste the text in the code box below into it: CODE SecCenter:: AV: Malware Catcher 2009 On-access scanning enabled (Updated) {A3C22749-8D7C-4349-8B0B-F5139A185A10} FW: Malware Catcher 2009 enabled {948C3E74-BA0A-4641-BD10-EE2B0E2E7590} Folder:: c:\program files\Coupons SkipFix:: Save this as CFScript.txt, in the same location as ComboFix.exe Referring to the picture above, drag CFScript into ComboFix.exe When finished, it shall produce a log for you ( "C:\ComboFix.txt"). Please copy and paste the log to your reply. Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall Open your Malwarebytes' Anti-Malware, first update it, run a "quick scan", let reboot if needed and copy/paste the log to your reply. Note: The logs are saved by default under the Logs tab. If the log did not automatically open you can obtain the latest log from there. Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Download and run Javara for Java update. Use the tool to remove old and redundant versions of the Java Runtime Environment. The latest version is Java 6 update 14. Please uninstall any version remaining versions if the tool could not uninstall them. Tell me if you still get redirected. -------------------- This is a voluntary free service. However, if you would like to donate click on

IdMnstr View Member Profile	Jul 7 2009, 04:17 PM Post #9
Member Group: Members Posts: 44 Joined: 2-March 08 Member No.: 193,846	Hi, Here are the latest log files. Regards, Jim Attached File(s) mbam_log_2009_07_07__16_45_11_.txt ( 833bytes ) Number of downloads: 1 log.txt ( 17.53k ) Number of downloads: 5

IdMnstr View Member Profile	Jul 7 2009, 04:20 PM Post #10
Member Group: Members Posts: 44 Joined: 2-March 08 Member No.: 193,846	Hi, Still being redirected. Regards, Jim

farbar View Member Profile	Jul 7 2009, 04:35 PM Post #11
Bleeping Curious Group: HJT Team Posts: 6,870 Joined: 8-December 07 From: The Netherlands Member No.: 175,240	Please download GooredFix from one of the locations below and save it to your Desktop Download Mirror #1 Download Mirror #2 Ensure all Firefox windows are closed. To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista). When prompted to run the scan, click Yes. GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt). Download regsearch.zip by Bobbi Flekman and Save it to your desktop. Extract it to your desktop. It will extract the zip file to a folder named regsearch. Open the folder and double click regsearch.exe to start the program. Type Catcher in the first row of upper window. Type Malware in the second row of upper window. Click "OK" and Registry Search will search the Registry and report what it finds. Copy and paste the result into your next reply. Go to start > Run copy/paste the following line in the run box and click OK. cmd /c dir /a "%UserProfile%\recent" > log.txt&log.txt& del log.txt A text file (log.txt) will be opened. Please post its content to your reply. Note: The search takes a while. If you get notifications of access violation click Ok as many times as it needed. -------------------- This is a voluntary free service. However, if you would like to donate click on

IdMnstr View Member Profile	Jul 7 2009, 05:23 PM Post #12
Member Group: Members Posts: 44 Joined: 2-March 08 Member No.: 193,846	Hi, Here are the requested log files. Still being redirected. Regards, Jim Attached File(s) GooredFix.txt ( 1.03k ) Number of downloads: 3 RegSearch.txt ( 8.87k ) Number of downloads: 1 log_new.txt ( 1.15k ) Number of downloads: 1

farbar View Member Profile	Jul 7 2009, 05:56 PM Post #13
Bleeping Curious Group: HJT Team Posts: 6,870 Joined: 8-December 07 From: The Netherlands Member No.: 175,240	Hi Jim, Please copy and paste the log instead of attaching. Thanks. Go to start > Run copy/paste the following line in the run box and click OK. cmd /c (ipconfig /all&nslookup google.com&ping -n 2 google.com&route print) >log.txt&log.txt&del log.txt A command window opens. Wait until a log.txt file opens. Please post the content to your reply. Tell me if you get redirected in Internet Explorer or Firefox of both. -------------------- This is a voluntary free service. However, if you would like to donate click on

IdMnstr View Member Profile	Jul 7 2009, 07:19 PM Post #14
Member Group: Members Posts: 44 Joined: 2-March 08 Member No.: 193,846	Hi, Here is the log you requested. Redirected in both. Thanks again, Jim ------------------------------------- Windows IP Configuration Host Name . . . . . . . . . . . . : IdMonster Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Unknown IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : Belkin Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : Belkin Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection Physical Address. . . . . . . . . : 00-0C-F1-86-AB-57 Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 192.168.2.3 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.2.1 DHCP Server . . . . . . . . . . . : 192.168.2.1 DNS Servers . . . . . . . . . . . : 192.168.2.1 Lease Obtained. . . . . . . . . . : Tuesday, July 07, 2009 2:06:54 PM Lease Expires . . . . . . . . . . : Monday, January 18, 2038 11:14:07 PM Server: UnKnown Address: 192.168.2.1 Name: google.com Addresses: 74.125.127.100, 74.125.67.100, 74.125.45.100 Pinging google.com [206.53.61.77] with 32 bytes of data: Reply from 206.53.61.77: bytes=32 time=41ms TTL=55 Reply from 206.53.61.77: bytes=32 time=41ms TTL=55 Ping statistics for 206.53.61.77: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 41ms, Maximum = 41ms, Average = 41ms =========================================================================== Interface List 0x1 ........................... MS TCP Loopback interface 0x2 ...00 0c f1 86 ab 57 ...... Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport =========================================================================== =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.3 1 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 169.254.0.0 255.255.0.0 192.168.2.3 192.168.2.3 20 192.168.2.0 255.255.255.0 192.168.2.3 192.168.2.3 20 192.168.2.3 255.255.255.255 127.0.0.1 127.0.0.1 20 192.168.2.255 255.255.255.255 192.168.2.3 192.168.2.3 20 224.0.0.0 240.0.0.0 192.168.2.3 192.168.2.3 20 255.255.255.255 255.255.255.255 192.168.2.3 192.168.2.3 1 Default Gateway: 192.168.2.1 =========================================================================== Persistent Routes: None

farbar View Member Profile	Jul 8 2009, 02:53 AM Post #15
Bleeping Curious Group: HJT Team Posts: 6,870 Joined: 8-December 07 From: The Netherlands Member No.: 175,240	We might have found it. This should confirm it: Go to start > Run copy/paste the following line in the run box and click OK after each line. notepad C:\windows\system32\drivers\etc\hosts A text file opens. Please post its content to your reply. -------------------- This is a voluntary free service. However, if you would like to donate click on

« Next Oldest · HijackThis Logs and Virus/Trojan/Spyware/Malware Removal · Next Newest »

2 Pages

1 2 >

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version

Time is now: 8th November 2009 - 06:57 AM

Advertise \| About Us \| Terms of Use \| Privacy Policy \| Contact Us \| Site Map \| Chat \| Tutorials \| Uninstall List
Discussion Forums \| The Computer Glossary \| Resources \| RSS Feeds \| Startups \| The File Database \| Virus Removal Guides