Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search Redirections And 404 Pages


  • Please log in to reply
1 reply to this topic

#1 tyrael98

tyrael98

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:39 PM

Posted 06 May 2008 - 06:55 AM

Hi everyone!

This is a problem I'm been wrestling with for the 3rd day. I'm desperate!

What seems to be the problem is that there's some sort of a hijacker / malware / outer space virus hybrid that's trying to take me over.
First, I noticed that when I try to google or yahoo something, the first result on the first page is always redirected to a site http://encyclopedia.thefreedictionary.com/<whatever I was searching>/
(and at some times, I bump into a different site this way as well).
I can open cached versions of sites, and everything else seems to work except for this. This problem only appears on IE. Firefox's doing fine.

Also, when I tried to look for help on certain sites, they give me a 404 error (page cannot be displayed), most notibly windows update, or mayorgeeks.com. And this problem is browser independent, since firefox can't show them either. (I have to view this page on a different computer) For the same reason , I couldn't download Combofix , cause all the mirror sites I've been trying were one of these '404' sites. I tried to download it from another computer, and then copy it to me, but then the exe file wont do anything. No doubleclicks, no cmd command execution, no nothing. It just sits there.

I don't know if it has to do with anything, but I was having quite a fight lately with a virus called Diehard.d and his offspring Vundo. I'm still seing some (undeletable) legacy registries in regedit from the formers files.

Here's a list of programs I've tried to kill this son of a b.i.t.c.h. (obviously of no avail):

HijackThis
Scan Spyware
Ad-Aware
Spybot S&D
CCleaner
SUPERAntiSpyware
VundoFix
VirtumondoBegone
RogueRemover
SDFix
Security Task Manager
COMODO BOClean

(I'm having quite an arsenal on my computer. I even went so far to learn half of the regedit tree. Now I can even rewrite the registry for IE7's Search toolbar :thumbsup: ).

All the above either said I'm clean and safe, or deleted stuff that had little effect. Except for Scan Spyware, which still gives me a result labeled '204.agent', and said its the file c:\Windows\system32\clbdll.dll.
Problem is, there is no such thing in my system32 folder. And here's a little something wich simply gives me the creeps. Whenever I try to paste or write the line c:\Windows\system32\clbdll.dll into the notepad, it replaces it automaticly to c:\Windows\system32\cdosys.dll. WTF???
If i paste it to word, nothing. If I import the same line from notepad to word, It turns back to clbdll.dll. I don't think this is normal! Someone Please Help!!!

P.S. I post a HijackThis log if you require it, but I've already fixed lines I wasn't sure of, so I don't think you'll find anything there.

BC AdBot (Login to Remove)

 


#2 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:02:39 PM

Posted 06 May 2008 - 07:52 AM

Hello and welcome to bleeping


you've probably got a backdoor trojan with a rootkit hiding it

have you got your data backed up?

the only other selfhelp tools I would have added would have been malwarebyte's, ATF cleaner(cccleaner is fine) and maybe smitfraudfix and subs flashdisinfector and a usb drive

I would have disconnected from the internet early as the infection will reinstall components a lot quicker than you can remove them

I would have used safe mode a lot and probably run windows as a repair disk

these serious infections are best handled by an expert in the hijackthis forum

Edited by DaChew, 06 May 2008 - 07:54 AM.

Chewy

No. Try not. Do... or do not. There is no try.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users