Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirection to Antivirus Pro Scan Page


  • This topic is locked This topic is locked
12 replies to this topic

#1 Justa

Justa

  • Members
  • 222 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:10:00 PM

Posted 29 November 2008 - 06:02 PM

I recently was in a technical forum and saw an interesting reference link posted. Both the forum and the poster are very credible. The link was to a YouTube video which played normally. I saw another related video and clicked on it and then Firefox froze up and I had to close it down. When I reopened Firefox I did a Google search for the forum, clicked on the Google link I was redirected to Anti Virus Pro Scan 2009 fortunately script blocking prevented the page from loading. Normally I just type the name in the URL bar to bring up the page. Other Google searches and clicking on link load without redirection.

I have run a normal mode full scan with SuperAntiSpyware, safe mode full scans with Malwarebytes and Antivir. All have been negative.

I still get a redirection from a Google search for the forum and clicking on the forum link. I do run WOT with Firefox the forum has a safe green rating, and right clicking on the link to display properties shows the legit link but a redirection to Antivirus Pro Scan continues to occur. If I manually put the forum link in the URL bar I get routed to the correct site every time.

I am running Antivir and Comodo firewall actively, on demand Malwarebytes and SuperAntiSpyware. I had run full scans a few days before the problem and always update before scanning. I also have SpywareBlaster installed and current. I am running XP Home SP3 32 bit version.

I don’t know what to do next. If anyone understands what the heck is going on I would greatly appreciate the help.

Thanks!

Edited by Orange Blossom, 29 November 2008 - 09:26 PM.
Moving from AV forum to Am I Infected. ~ OB


BC AdBot (Login to Remove)

 


#2 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 30 November 2008 - 07:09 AM

Hi Justa,

Please download ServiceLookup: http://blackbird.8tt.org/antimalware/Servi...rviceLookup.zip
Run it on the infected PC. A logfile will open.
E-mail the contents of that logfile to the e-mailaddress I sent you by PM. :thumbsup:

#3 Justa

Justa
  • Topic Starter

  • Members
  • 222 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas

Posted 30 November 2008 - 08:29 AM

Thanks Superbird!

ServiceLookup text file has been sent.

Justa

#4 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 30 November 2008 - 08:31 AM

Hi,

1. Reboot your computer in Safe Mode
  • Restart your computer.
  • When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
  • Select the option for Safe Mode using the arrow keys.
  • Then press enter on your keyboard to boot into Safe Mode.
2. Start Internet Explorer. Go to: Tools Menu -> Internet Options -> Connections Tab -> Lan Settings.
Here, uncheck: "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

If you have FireFox as browser, do this too: Start FireFox. Go to: Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection.
Here, uncheck: "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

3. Go to "My Computer" (located in Menu Start and on your Desktop)
Delete the following folders, if exist:

C:\Program Files\TinyProxy
C:\Program Files\ProtectService


And delete the following files:

C:\Windows\fmark2.dat
C:\Windows\kenny**.exe
( ** stands for a random number)

4. Now, restart your computer, but now in Normal Mode.

5. Create a new logfile with ServiceLookup, and e-mail it to me. :thumbsup:

#5 Justa

Justa
  • Topic Starter

  • Members
  • 222 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:10:00 PM

Posted 30 November 2008 - 09:03 AM

Done!

Both Internet Explorer and Firefox did not have use proxy server checked. The folders "TinyProxy" and "ProtectServices" did not exist and they files "fmark2.dat" and "kenny*.exe" also did not exist.

I have been using Firefox with FoxyProxy with Patterns selected. Could the use of FoxProxy be associated with this problem?

Thanks

#6 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 30 November 2008 - 09:05 AM

Hi,

The files/folders weren't hidden too?
Also, perform step 5 please. :thumbsup:

#7 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 30 November 2008 - 09:22 AM

Hi,

Got your e-mail. I asked some colleagues for advise. I'll get back to you quickly. :thumbsup:

#8 Justa

Justa
  • Topic Starter

  • Members
  • 222 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas

Posted 30 November 2008 - 09:26 AM

Superbird,

I rebooted to safe mode and verified that the files and folders were not hidden. They do not exist.

Thanks,

Justa

#9 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 30 November 2008 - 11:36 AM

Hi,

I'm going to redirect you to the HijackThissection of this forum. This, because it's a deeper infection.
Read this page and follow it's steps: http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

Good luck. :thumbsup:

#10 Justa

Justa
  • Topic Starter

  • Members
  • 222 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:10:00 PM

Posted 30 November 2008 - 02:01 PM

Thanks Superbird,

I will follow the instructions in the link prior to posting a "HiJack This" log.

I believe the background information provided in this thread could be useful to someone helping me with the "HiJack This" log.

Should this thread be move to "HiJack This" now as I do not want to post a "HiJack This" log in the wrong place or should a link to this thread be included in the "HiPack This" post?

#11 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 30 November 2008 - 02:04 PM

Hi,

You can include a link in your post in the HijackThis section. If you follow the instructions, it will be allright. :thumbsup:

#12 Justa

Justa
  • Topic Starter

  • Members
  • 222 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas

Posted 30 November 2008 - 02:13 PM

I would like to thank you for your help today Superbird. I see you generously spend a lot of time helping others here. It is most appreciated.

Justa

#13 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 30 November 2008 - 02:14 PM

You're welcome and good luck. :thumbsup:

I will inform a moderator to close this topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users