Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirect and pop-ups


  • This topic is locked This topic is locked
8 replies to this topic

#1 GaryCheung

GaryCheung

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:01:10 PM

Posted 30 December 2008 - 05:55 PM

Hi

Running Vista 32

I am new to this forum and not an experienced pc user, but didn't know where to start to post this so this seemed the most suitable place to post it. I need help to remove this irritating piece of Malware. Before I signed up to this forum I've read several posts on the same type of problem I have which google redirects you to a website called 'copy-book.com', nowadays it redirects me to a page called 'ecata.info'. Pop-ups are also frequent on both Firefox and Internet Explorer. I've already downloaded software such as Super Antispyware and Malwarebytes' Anti-malware, I have Norton Antivirus F-secure Blacklight, but it is still occuring? Flushed my dns cache..still there. Also got Hijack This ready but I'm not prepared to use it unless I'm told to by a professional. Please if you could help me at all I would be really grateful so I can learn how to not make the same mistake again.

Thank You, Gary.

Edited by GaryCheung, 30 December 2008 - 06:18 PM.


BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • BC Advisor
  • 12,877 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:10 AM

Posted 31 December 2008 - 10:27 AM

Another user solved his problem and posted his solution in the link below.
http://www.bleepingcomputer.com/forums/ind...st&p=885665

Scroll down from that post and read Quietman7's response and caution.

Would like to ask if you have actually run a scan with either SAS or MBAM and if you did would post the logs if they removed anything other cookies. Thanks.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#3 GaryCheung

GaryCheung
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:01:10 PM

Posted 01 January 2009 - 02:33 PM

Hello Buddy215 thank you for the response. I've ran MBAM several times. Here is a log. Thanks.



Malwarebytes' Anti-Malware 1.31
Database version: 1456
Windows 6.0.6000

01/01/2009 19:33:15
mbam-log-2009-01-01 (19-33-15).txt

Scan type: Quick Scan
Objects scanned: 50712
Time elapsed: 3 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#4 buddy215

buddy215

  • BC Advisor
  • 12,877 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:10 AM

Posted 01 January 2009 - 03:33 PM

Did you read the post that I linked to? What worked there was this:
Quote: "Open "Network Connections" in the Control Panel
Right-click your particular Internet connection (in my case Tiscali Broadband)
Select "Properties"
Select the "Networking" tab, then select "Properties" again

For me (and hopefully others too), this brings up the DNS Server details, NOW ... this is where my problem was.

The "Use the following DNS server addresses" box was checked, and there were two addresses filled in, a preferred one and an alternate one.

All I had to do was uncheck that box and check the "Obtain DNS server addresses automatically" box, and after restarting my browser the problem was fixed !!!" END QUOTE

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#5 GaryCheung

GaryCheung
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:01:10 PM

Posted 01 January 2009 - 05:01 PM

I followed the steps successfully but became confused as I reached the 'DNS server details' part. I opened it and it was already on "Obtain DNS server addresses automatically". The "Use the following DNS server addresses" was unchecked and no addresses were under that heading. What should I do?

#6 buddy215

buddy215

  • BC Advisor
  • 12,877 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:10 AM

Posted 01 January 2009 - 05:35 PM

Try flushing the dns.

To flush and reset a client resolver cache using the ipconfig command

1. Open Command Prompt.
2. Type:
ipconfig /flushdns

To open a command prompt, click Start, point to All programs, point to Accessories, and then click Command prompt.

Do you have a program such as Spybot SandD that controls the Host File? The reason I am asking is because if the above instructions doesn't end the redirects the next step I will recommend is to reset the Host File and need to know if it is locked or not.

EDIT: Added Info

Download HostsXpert and then follow the below steps.

http://majorgeeks.com/downloadget.php?id=4...e475d32de456022
* Unzip HostsXpert.zip
* It will create a folder named HostsXpert in whatever folder you extract it to.
* Run HostsXpert.exe by double clicking on it.
* click the Make Writeable? button.
* click Restore Microsoft's Hosts File and then click OK.
* Click the X to exit the program

Edited by buddy215, 01 January 2009 - 05:51 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#7 GaryCheung

GaryCheung
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:01:10 PM

Posted 01 January 2009 - 05:58 PM

I flushed the dns cache. It doesn't solve the problem. I don't have any of those programs so I think I can reset the host file.


EDIT:Update

Ive done all the above.

Edited by GaryCheung, 01 January 2009 - 06:04 PM.


#8 buddy215

buddy215

  • BC Advisor
  • 12,877 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:10 AM

Posted 01 January 2009 - 06:43 PM

The last thing I can think to do is to unplug your router/modem from the wall outlet and let sit without power for a minute before plugging back in. You should go back thru the directions in the link in my first post. You may be missing a step. Maybe.

If that doesn't stop the problem then my next suggestion is to post a Hijack This Log in the Hijack This Forum. DO NOT Post the log in this forum.
Directions for posting HJT log in link below.
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#9 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,801 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:08:10 AM

Posted 02 January 2009 - 01:23 PM

Hello GaryCheung,

I see that you now have a log posted here: http://www.bleepingcomputer.com/forums/t/191420/google-redirection-to-various-sites-popups/ Now that it is posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the HJT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

If after 5 days you still have received no response, then post a link to your HJT log in the thread titled "Haven't Had A Reply In Five Days?".

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users