Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Search Directs Me To Adverts


  • This topic is locked This topic is locked
33 replies to this topic

#1 Chapstaff

Chapstaff

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Northamptonshire UK
  • Local time:09:03 PM

Posted 09 July 2008 - 11:07 AM

I have Windows XP, & use Firefox for emailing.

Recently when I do an internet search I don't get the page I'm looking for. It directs me to loads of adverts unrelated to my search. :trumpet: I altered something in the pc a few weeks back & it's since then, but I can't remember what I altered or why.....or how to put it back :thumbsup:

Any help would be appreciated, especially from someone very patient as I know nothing :flowers:

Thank you


Mod Edit: Topic moved from Windows XP to more appropriate forum~ TMacK

Edited by TMacK, 09 July 2008 - 11:14 AM.

PC Compaq Presario;Type/Speed AMD Athlon 64 3400+1.81GHZ;Memory512MB;M.board later;HardDrive160GB;VidCardSIS651_661FX;OpSyst XPSP2;Firefox O.E;AVG free

Caroline

BC AdBot (Login to Remove)

 


#2 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 09 July 2008 - 11:31 AM

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

#3 Chapstaff

Chapstaff
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Northamptonshire UK

Posted 12 July 2008 - 02:54 AM

Thanks very much. I'm doing it this afternoon.
PC Compaq Presario;Type/Speed AMD Athlon 64 3400+1.81GHZ;Memory512MB;M.board later;HardDrive160GB;VidCardSIS651_661FX;OpSyst XPSP2;Firefox O.E;AVG free

Caroline

#4 Chapstaff

Chapstaff
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Northamptonshire UK
  • Local time:09:03 PM

Posted 12 July 2008 - 12:08 PM

Right - I've done it. You say copy/paste the contents of that report in my next reply. Here it is:

Malwarebytes' Anti-Malware 1.20
Database version: 941
Windows 5.1.2600 Service Pack 2

17:54:25 12/07/2008
mbam-log-7-12-2008 (17-54-25).txt

Scan type: Quick Scan
Objects scanned: 146934
Time elapsed: 40 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 11
Files Infected: 20

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{538b5372-8c69-4aa3-8e52-7541cf58b814}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.106 85.255.112.85 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{538b5372-8c69-4aa3-8e52-7541cf58b814}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.106 85.255.112.85 -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\PopSwatr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\PopSwatr\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images\101x135 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\MyWebSearch\bar\History\search (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History\search2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\prevcfg.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\settings.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\settings.dat.bak (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\settings.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\settings.htm.bak (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\PopSwatr\History\allowed (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\PopSwatr\History\notallow (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images\008E5198.urr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images\0127A731.urr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images\033446F7.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images\f3wallpp.bmp (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images\Thumbs.db (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images\wrkparam.lst (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images\101x135\01DA45C1.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images\101x135\02F8659F.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images\101x135\02FFBAA2.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully.
PC Compaq Presario;Type/Speed AMD Athlon 64 3400+1.81GHZ;Memory512MB;M.board later;HardDrive160GB;VidCardSIS651_661FX;OpSyst XPSP2;Firefox O.E;AVG free

Caroline

#5 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 12 July 2008 - 12:51 PM

Start MBAM again, and do a new scan. Copy/paste the logfile again.
Do you still have problems?

#6 Chapstaff

Chapstaff
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Northamptonshire UK
  • Local time:09:03 PM

Posted 12 July 2008 - 12:56 PM

Start MBAM again, and do a new scan. Copy/paste the logfile again.
Do you still have problems?

Yes - nothing has changed. Thanks for your help. I'll scan again.
PC Compaq Presario;Type/Speed AMD Athlon 64 3400+1.81GHZ;Memory512MB;M.board later;HardDrive160GB;VidCardSIS651_661FX;OpSyst XPSP2;Firefox O.E;AVG free

Caroline

#7 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 12 July 2008 - 12:59 PM

So you still have problems?

Yes, please post a new logfile of MBAM.

Reboot your PC after posting that new log. Tell me then about any problems you have kept.

Edited by superbird, 12 July 2008 - 01:00 PM.


#8 Chapstaff

Chapstaff
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Northamptonshire UK

Posted 12 July 2008 - 03:17 PM

Malwarebytes' Anti-Malware 1.20
Database version: 941
Windows 5.1.2600 Service Pack 2

20:46:10 12/07/2008
mbam-log-7-12-2008 (20-46-10).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|)
Objects scanned: 238428
Time elapsed: 1 hour(s), 28 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{538b5372-8c69-4aa3-8e52-7541cf58b814}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.106 85.255.112.85 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{538b5372-8c69-4aa3-8e52-7541cf58b814}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.106 85.255.112.85 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Still getting directed to ads I'm afraid. Could it have something to do with something I altered? (see my first post) I have Outlook Express by the way, Firefox browser. Said it wrong in that first post
PC Compaq Presario;Type/Speed AMD Athlon 64 3400+1.81GHZ;Memory512MB;M.board later;HardDrive160GB;VidCardSIS651_661FX;OpSyst XPSP2;Firefox O.E;AVG free

Caroline

#9 Chapstaff

Chapstaff
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Northamptonshire UK
  • Local time:09:03 PM

Posted 12 July 2008 - 06:14 PM

I've managed a couple of screenshots. When I typed 'd for dog' (a forum I use) I got this page:

Posted Image


Another time I tried & got this page:

Posted Image



Then I tried googling 'Jackie Lawson' (web cards) & got this........oops!

Posted Image

I can't backspace out of these pages with the green arrow top left. Also I got something come up on screen in that last screenshot telling me I was infected & to scan with version 9 of something & it wouldn't let me click 'back' to get out of the page so I had to click on 'No' to say I didn't want to scan, but it started doing it anyway & said I had a Trojan horse virus, so I closed the page with the cross at top right of screen as I don't think it was anything genuine.
PC Compaq Presario;Type/Speed AMD Athlon 64 3400+1.81GHZ;Memory512MB;M.board later;HardDrive160GB;VidCardSIS651_661FX;OpSyst XPSP2;Firefox O.E;AVG free

Caroline

#10 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 13 July 2008 - 03:52 AM

1. Please use the Internet Explorer browser (or FireFox with IETab), and do an online scan with Kaspersky Online Scanner

Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

Click Yes, when prompted to install its ActiveX component.
(Note.. for Internet Explorer 7 users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)
The program launches and downloads the latest definition files.
  • Once the files are downloaded click on Next
  • Click on Scan Settings and configure as follows:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:Scan Archives
      Scan Mail Bases
  • Click OK and, under select a target to scan, select My Computer
When the scan is done, in the Scan is completed window (below), any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.
Posted Image
Posted Image
To obtain the report:
Click on: Save Report As (above - red blinking arrow)
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar
In Save as type, click the drop arrow and select: Text file [*.txt]
Then, click: Save
Please post the Kaspersky Online Scanner Report in your reply.

2. Download zoek.exe: http://home.hetnet.nl/~stefsmeenk/zoek.exe
Start zoek.exe
Post the logfile that opens in your next reply. :thumbsup:

Edited by superbird, 13 July 2008 - 03:55 AM.


#11 Chapstaff

Chapstaff
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Northamptonshire UK

Posted 13 July 2008 - 04:07 AM

Thanks for the help. :thumbsup: Don't you ever have a day off? :flowers:

I'll get my son to help me later.

I got this on screen on my husband's account in my PC earlier. :trumpet: I couldn't click on red crosses to close, or close the page. Had to ctrl alt del to get out. It started scanning automatically. ......I take it this is a baddie??

Posted Image
PC Compaq Presario;Type/Speed AMD Athlon 64 3400+1.81GHZ;Memory512MB;M.board later;HardDrive160GB;VidCardSIS651_661FX;OpSyst XPSP2;Firefox O.E;AVG free

Caroline

#12 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 13 July 2008 - 04:44 AM

Hi,

Please do what I said (two steps) in my previous post: http://www.bleepingcomputer.com/forums/ind...st&p=880282
I need that two logfiles. :thumbsup:

#13 Chapstaff

Chapstaff
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Northamptonshire UK
  • Local time:09:03 PM

Posted 13 July 2008 - 05:12 AM

I've had a go at doing it myself. It's 30 mins in to scanning my PC (half way) & has found a few things already.

I'll post the report as soon as. Cheers :thumbsup:
PC Compaq Presario;Type/Speed AMD Athlon 64 3400+1.81GHZ;Memory512MB;M.board later;HardDrive160GB;VidCardSIS651_661FX;OpSyst XPSP2;Firefox O.E;AVG free

Caroline

#14 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 13 July 2008 - 05:15 AM

Ok :thumbsup:

#15 Chapstaff

Chapstaff
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Northamptonshire UK
  • Local time:09:03 PM

Posted 13 July 2008 - 10:13 AM

KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, July 13, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, July 13, 2008 10:04:32
Records in database: 947934
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
Scan statistics
Files scanned 196954
Threat name 2
Infected objects 1
Suspicious objects 17
Duration of the scan 03:08:27

File name Threat name Threats count
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\2B2V2DIB\wbk52.tmp Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\2B2V2DIB\wbkD4.tmp Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\45Y7SPMZ\wbk196.tmp Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\8FBVY4LT\wbk2B7.tmp Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\8FBVY4LT\wbk57.tmp Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\8FBVY4LT\wbk5B.tmp Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\8FBVY4LT\wbk6C.tmp Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\8FBVY4LT\wbkEB.tmp Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\ITFK1SZE\wbk4E.tmp Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\KLE70L2J\wbk6E.tmp Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\KLE70L2J\wbk82.tmp Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\O3CVQ6GQ\wbk344.tmp Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\O3CVQ6GQ\wbk4F6.tmp Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\ODU3KTY7\wbk14.tmp Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\ODU3KTY7\wbk219.tmp Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\ODU3KTY7\wbkB.tmp Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\OHYJC1A3\wbk1C1.tmp Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Documents and Settings\Ken 's Account\Local Settings\Temporary Internet Files\Content.IE5\6JCFV4XC\AV2009Install_880277[1].exe Infected: Trojan-Downloader.Win32.FraudLoad.gen 1
The selected area was scanned.
PC Compaq Presario;Type/Speed AMD Athlon 64 3400+1.81GHZ;Memory512MB;M.board later;HardDrive160GB;VidCardSIS651_661FX;OpSyst XPSP2;Firefox O.E;AVG free

Caroline




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users