Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browsers Hijacked - I Think ?


  • Please log in to reply
5 replies to this topic

#1 urbane.tiger

urbane.tiger

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:11 PM

Posted 04 May 2008 - 07:47 PM

Hi

Most of the time when I click on a link I get a blank tab, or nothing. If I enter a URL manually, e.g. http://www,google.com, I sometimes get what appears to be what I want. However sometimes I get nothing e.g. http://www.yahoo.com does nothing, but http://www.yahoo.com\mail brings up the Yahoo Mail login screen. There are no other symptoms - no popups (they're blocked), system performance is normal,

This happens in my primary browser - Firefox and my secondary browser - Internet Explorer, I have a tertiary browser (FF Portable) on a USB drive that I'm fairly certain is OK, but I'm loathe to plug it in less it suffers the same fate.

This morning, whilst looking for mailing list services, I stumbled upon something called Google Directory Services, unfortunately I have cleared my browser history so I cant supply the URLs around that time. I am fairly certain it was at this time that my system got infected, not necessarily by Google Directory Services itself, but something around that "time slot", but who knows the pathogen may have been incubating for days or even weeks.

I'm not convinced it's the browsers that are infected, it feels like something lower down in hierarchy, which would explain why FF & IE7 behave the same. I feel I should know how to fix this, it feels simple - but I don't. I was going to clear my cookies, but the fact that both browsers are behaving the same makes me think that that's not the source of the problem, because each browser maintains its own cookie jar - don't they? I guess the pathogen may have initially infected FF then looked for other browsers and infected them similarly. I might download Opera to see what happens.

I don't have your preferred system info tool, Deckard's System Scanner, and the link on this site gets hijacked to a blank page, if I need to run it then I'll need an alternate source - eg send it to me as an email attachment.

I have run Kapersky IS 7 (my primary security tool) Critical Area and Startup Object scans at maximum protection levels, I have also run Malwarebytes Anti-Malware (free) Quick Scan. No reports came from these scans. I have Alvira, not installed but waiting in the wings so to speak. I'm going to start a Maximum Protection Kapersky full system scan - that will take most of the day I suspect,

Briefly my system is Intel 6600 @ 2.4GHz, 3G RAM, 2 x 250G SATA disks etc.

* XP Home-SP3 (Microsoft Update reports that there are no high priority or application updates available)
* Firefox 2.0.0.14
* Internet Explorer (7.0.5739.13)
* Kapersky Internet Suite version 7.0.1.325 database 20090505 053919
* Internet connection is ADSL2+ (i.e. LAN connect)



Thanks in anticipation :thumbsup: :flowers:

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,924 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:11 AM

Posted 04 May 2008 - 08:32 PM

Hello, yes please run the Kas scan post the log if you would.
Also run this and return the log.

Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining
.
Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.

Now reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opers browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program
.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.

Please ask any needed questions,post log and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 urbane.tiger

urbane.tiger
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:11 PM

Posted 04 May 2008 - 10:26 PM

Did all that you suggested.

I now have the slowest booting computer in the solar system, maybe the galaxy or even the universe - I needed that like a hole in the head.

My system now takes over 6 minutes to boot from the F8 choices into Safe mode, when I went into safe mode to run ATF and Super it took the normal 10-20 seconds. If I boot normally it takes like FOREVER, at least 35 minutes, that's right minutes not seconds. Not only that but between the video reset and the Welcome screen (about 8 minutes) there's frigging bird song coming from the system speaker.

These behaviours were not manifest prior to following your advice, as I said in my original post, apart from the browser issues, there were no other symptoms. I am very confident I followed you instructions to the letter. You should probably know that I have about 40 years IT experience, although viruses, spyware etc are not my domain of expertise.

After the ATF cleanup, SuperAntiSpy reported no threats. I'm not going to post the log because I have no reason to believe that running ATF or SuperAntiSpy software again will not leave my system in an even more crippled state than it already is.

It should not surprise you that I would be extremely cautious in taking any further advice from you. I'm sure you are decent person and did not set out to deliberately wreck my system and your advise was offered in good faith. But what's happened is what's happened and I hope you'll understand that I'd rather someone else picked up the ball.

rgds TUT



Hello, yes please run the Kas scan post the log if you would.
Also run this and return the log.

Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining
.
Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.

Now reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opers browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program
.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.

Please ask any needed questions,post log and Let us know how the PC is running now.



#4 urbane.tiger

urbane.tiger
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:11 PM

Posted 04 May 2008 - 10:45 PM

Hi, me again

Sorry I forgot to mention that FF at least seems to be behaving OK, i.e. http://ww.yahoo.com takes me where I think it should, but I cant live in Safe on an 800 x 600 display, not sure that things like VS2008 will even work, let alone Expression Blend.

:thumbsup: :flowers: :trumpet: :inlove:

Did all that you suggested.

I now have the slowest booting computer in the solar system, maybe the galaxy or even the universe - I needed that like a hole in the head.

My system now takes over 6 minutes to boot from the F8 choices into Safe mode, when I went into safe mode to run ATF and Super it took the normal 10-20 seconds. If I boot normally it takes like FOREVER, at least 35 minutes, that's right minutes not seconds. Not only that but between the video reset and the Welcome screen (about 8 minutes) there's frigging bird song coming from the system speaker.

These behaviours were not manifest prior to following your advice, as I said in my original post, apart from the browser issues, there were no other symptoms. I am very confident I followed you instructions to the letter. You should probably know that I have about 40 years IT experience, although viruses, spyware etc are not my domain of expertise.

After the ATF cleanup, SuperAntiSpy reported no threats. I'm not going to post the log because I have no reason to believe that running ATF or SuperAntiSpy software again will not leave my system in an even more crippled state than it already is.

It should not surprise you that I would be extremely cautious in taking any further advice from you. I'm sure you are decent person and did not set out to deliberately wreck my system and your advise was offered in good faith. But what's happened is what's happened and I hope you'll understand that I'd rather someone else picked up the ball.

rgds TUT



Hello, yes please run the Kas scan post the log if you would.
Also run this and return the log.

Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining
.
Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.

Now reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opers browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program
.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.

Please ask any needed questions,post log and Let us know how the PC is running now.



#5 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:09:11 AM

Posted 04 May 2008 - 11:02 PM

I have about 40 years IT experience,


I would have already run windows xp sp3 as a repair disk and I don't really consider myself an IT expert

A badly broken computer is unpredictable when you start to try and clean it up

I was trying to clean up a really bad one and each time I removed one set of files another set showed up, I went thru a lot of scans and fixes and I got down to one last file that MBAM removed, that computer would not boot into safe or normal mode after that until I ran a repair disk. I thru in the towel and did a clean install

Edited by DaChew, 04 May 2008 - 11:14 PM.

Chewy

No. Try not. Do... or do not. There is no try.

#6 urbane.tiger

urbane.tiger
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:11 PM

Posted 05 May 2008 - 12:33 AM

Chewy, No doubt at all that I'll be reformatting C, C♯ or B♭ sometime over the next 24 hours.

My Recovery Disk is 6+ weeks old, being developer I have a volatile system, so disaster recovery for me isn't a matter of putting in the Recovery disk, pressing the button and logging onto BigBrother or YouTube.

I am quite happy to hold off doing the rebuild until tomorrow so that "the experts" can ask me to look at things so that they may avoid creating an ugly mess such as this in the future.

Contrary to popular opinion I'm not the most important person on the planet and life as we know it will not come to an end if my computer ain't fixed today. It'll still be broken tomorra, so there's no compelling reason to fix it today, its not going to fix itself and thus deprive me of the pleasure of fixing it tomorra.

Anyway it's not completely broken, works Ok in Safe mode.

Have a nice day and thanks for the feedback.

I have about 40 years IT experience,


I would have already run windows xp sp3 as a repair disk and I don't really consider myself an IT expert

A badly broken computer is unpredictable when you start to try and clean it up

I was trying to clean up a really bad one and each time I removed one set of files another set showed up, I went thru a lot of scans and fixes and I got down to one last file that MBAM removed, that computer would not boot into safe or normal mode after that until I ran a repair disk. I thru in the towel and did a clean install






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users