Link redirect problem

Forum Rules

When posting your problem, do not run and post a ComboFix log. ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer. Any posts containing CF Logs will be ignored.

To receive help, you should instead provide a detailed description of your problem, detailed word-for-word error messages that you are receiving, screenshots of strange behaviour, and your operating system. This information is much more useful to our helpers than a ComboFix log.

If you have not received help after three days, please post a link to your topic HERE.

2 Pages
1
2
→

You cannot start a new topic
This topic is locked

Link redirect problem Internet links will redirect

#1 iumf

Member

Group: Members
Posts: 19
Joined: 05-May 11

Posted 05 May 2011 - 10:07 PM

Hello,

I recently was infected with a fake antivirus program. I followed the guides on bleepingcomputer and the fake antivirus does not show up anymore. I have scanned my computer with Malwarebytes Anti-Malware and SuperAntiSpyware and they are unable to detect anything. (rkill does not close any programs and tdsskiller does not detect anything).

However, whenever I click search engine results the links will sometimes redirect me to another website. Please advise me on how to address this problem. Thank you very much for your help.

#2 cryptodan

Bleepin Madman

Group: BC Advisor
Posts: 18,383
Joined: 08-September 08
Gender:Male
Location:Catonsville, Md

Posted 05 May 2011 - 10:26 PM

What browser are you using? So we can get onto the right course of troubleshooting.

My work schedule is as follows: Mon and Tues 1800 to 0600, Friday - Sunday 1800EST to 0600, and Wednesday to Thursday 1800est to 0600. So if I do not respond right away I am at work.
----------------
If I am helping you, then Please Send Me a Message!with your thread link in it. This is only if I haven't replied back to you within 24 to 48 hours.
----------------
My Main Site || My Backup Site || steam://friends/add/cryptodan Add me to your Steam Friends.

#3 iumf

Member

Group: Members
Posts: 19
Joined: 05-May 11

Posted 05 May 2011 - 10:44 PM

I use Firefox

#4 cryptodan

Bleepin Madman

Group: BC Advisor
Posts: 18,383
Joined: 08-September 08
Gender:Male
Location:Catonsville, Md

Posted 05 May 2011 - 10:48 PM

In Firefox 3.6 go to Tools then Options then the Advanced tab and under networking go to Settings and see if there are any proxies.

In the New Firefox go to The Firefox button in the upper left hand corner then options then options and the Advanced portion then Network and Settings.

#5 iumf

Member

Group: Members
Posts: 19
Joined: 05-May 11

Posted 05 May 2011 - 10:58 PM

it is currently on "use system proxy settings" I am using the newest version of FF.

This post has been edited by iumf: 05 May 2011 - 10:59 PM

#6 cryptodan

Bleepin Madman

Group: BC Advisor
Posts: 18,383
Joined: 08-September 08
Gender:Male
Location:Catonsville, Md

Posted 05 May 2011 - 11:02 PM

Can you select no proxy? What about the other boxes and Internet Explorer?

#7 iumf

Member

Group: Members
Posts: 19
Joined: 05-May 11

Posted 05 May 2011 - 11:06 PM

Yes, I am able to select no proxies. I am not sure how to change the IE options because I never use IE.

#8 cryptodan

Bleepin Madman

Group: BC Advisor
Posts: 18,383
Joined: 08-September 08
Gender:Male
Location:Catonsville, Md

Posted 05 May 2011 - 11:07 PM

go to Control Panel then Internet Options and go to the Connection Tab then LAN Settings. Nothing should be checked.

#9 iumf

Member

Group: Members
Posts: 19
Joined: 05-May 11

Posted 05 May 2011 - 11:08 PM

It has "Automatically detect settings" Should I uncheck this?

#10 cryptodan

Bleepin Madman

Group: BC Advisor
Posts: 18,383
Joined: 08-September 08
Gender:Male
Location:Catonsville, Md

Posted 05 May 2011 - 11:12 PM

Uncheck it.

Now GMER

Quote

GMER does not work in 64bit Mode!!!!!!

Please download GMER from one of the following locations and save it to your desktop:

Main Mirror
This version will download a randomly named file (Recommended)
Zipped Mirror
This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

Disconnect from the Internet and close all running programs.
Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)
If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.
Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning.

#11 iumf

Member

Group: Members
Posts: 19
Joined: 05-May 11

Posted 05 May 2011 - 11:41 PM

Here is the GMER log:

GMER 1.0.15.15627 - http://www.gmer.net
Rootkit scan 2011-05-05 21:39:16
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.PB2O
Running: i5iny806.exe; Driver: C:\Users\Nguyen\AppData\Local\Temp\kxliqpob.sys

---- System - GMER 1.0.15 ----

SSDT 85337138 ZwAlertResumeThread
SSDT 853371B8 ZwAlertThread
SSDT 853249F8 ZwAllocateVirtualMemory
SSDT 852CCEB8 ZwConnectPort
SSDT 852B8048 ZwCreateMutant
SSDT 853248B8 ZwCreateThread
SSDT 853376E0 ZwFreeVirtualMemory
SSDT 852B8138 ZwImpersonateAnonymousToken
SSDT 8546C0C8 ZwImpersonateThread
SSDT 852BC110 ZwMapViewOfSection
SSDT 85467578 ZwOpenEvent
SSDT 852FF420 ZwOpenProcessToken
SSDT 85469610 ZwOpenThreadToken
SSDT \??\C:\windows\system32\drivers\wpsdrvnt.sys ZwProtectVirtualMemory [0x89DDD880]
SSDT 8546B648 ZwResumeThread
SSDT 85340D88 ZwSetContextThread
SSDT 852FF5F0 ZwSetInformationProcess
SSDT 852BC2F8 ZwSetInformationThread
SSDT 85467498 ZwSuspendProcess
SSDT 852AC168 ZwSuspendThread
SSDT 852EDC28 ZwTerminateProcess
SSDT 852BF950 ZwTerminateThread
SSDT 85350320 ZwUnmapViewOfSection
SSDT 852DD1E8 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 81A8C589 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 81AB1092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 224 81AB8834 8 Bytes [38, 71, 33, 85, B8, 71, 33, ...]
.text ntkrnlpa.exe!RtlSidHashLookup + 23C 81AB884C 4 Bytes [F8, 49, 32, 85]
.text ntkrnlpa.exe!RtlSidHashLookup + 2DC 81AB88EC 4 Bytes [B8, CE, 2C, 85]
.text ntkrnlpa.exe!RtlSidHashLookup + 318 81AB8928 1 Byte [48]
.text ntkrnlpa.exe!RtlSidHashLookup + 318 81AB8928 4 Bytes [48, 80, 2B, 85] {DEC EAX; SUB BYTE [EBX], 0x85}
.text ...

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\00000058 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

---- EOF - GMER 1.0.15 ----