Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DDS tool gives garbage - search results hijacked


  • This topic is locked This topic is locked
7 replies to this topic

#1 dumbdoc777

dumbdoc777

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 03 January 2009 - 07:56 PM

I tried to follow the instructions for making an initial post for a problem but when I run the DDS tool as requested all I get is garbage in notebook. so....

Problem - When I do a google search, I get ad sites for all the links.
I get redirected through 209.85.171.195 when I click on a link.
I have run Malwarebytes in normal mode and it says I have no infections at all.
I have run Malwarebytes in safe mode and it finds nothing
I have run Adaware - nothing
I have run spybot search and destroy - nothing
Help will be much appreciated.

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,989 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:01:50 AM

Posted 03 January 2009 - 09:37 PM

Hello dumbdoc777 and welcome to BC :thumbsup:

Because you were unable to produce the logs, I am shifting this topic to the Am I Infected forum where we can help you.

It would be helpful to know what your operating system is: Windows XP, Vista etc.

Orange Blossom :flowers:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 dumbdoc777

dumbdoc777
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 03 January 2009 - 10:38 PM

Thanks for the welcome Orange Blossum :thumbsup:
I am not sure the fast reply worked so sorry if this is duplicated.

Windows XP SP3
McAfee VirusScan Enterprise 8.0.0 (updated daily).

#4 dumbdoc777

dumbdoc777
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 03 January 2009 - 11:03 PM

Orange Blossum

While waiting I also ran SUPERAntiSpyware and it came back with no hits on anything?

I am definitely :thumbsup: :flowers: having fun now!

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,404 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:50 AM

Posted 04 January 2009 - 01:12 PM

Hello it is quite probable that rootkit is the cause so let's do a scan for that,

Please navigate to the download page of Avira AntiRootkit and click on Download to save it to your Destop.
  • You should now find a file called: antivir_rootkit.zip on your Desktop.
  • Extract the file to your Desktop (you may then delete the zip file).
  • You should now have a folder with Setup.exe and some other files within it on your Desktop.
  • Double-click Setup.exe.
  • Click Next.
  • Highlight the radio button to acceppt the license agreement and then click Next.
  • Then click Next and Install to finalise the installation process.
  • Click Finish (you may now also delete the folder with the extracted files from the zip archive)
You successfully installed Avira AntiRootkit!
  • Please now navigate to Start > All Programs > Avira RootKit Detection. Then select: Avira RootKit Detection
  • Click OK when a message window pops up
  • Click Start scan and let it run
  • Click View report and copy the entire contents into your next reply.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 dumbdoc777

dumbdoc777
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 04 January 2009 - 01:49 PM

Well...

Avira AntiRootkit Tool Scan said it found nothing!
Here is the log.


Avira AntiRootkit Tool - Beta (1.0.1.17)

========================================================================================================
- Scan started Sunday, January 04, 2009 - 11:25:20
========================================================================================================

--------------------------------------------------------------------------------------------------------
Configuration:
--------------------------------------------------------------------------------------------------------
- [X] Scan files
- [X] Scan registry
- [X] Scan processes
- [ ] Fast scan
- Working disk total size : 93.10 GB
- Working disk free size : 20.39 GB (21 %)
--------------------------------------------------------------------------------------------------------

Scan task finished. No hidden objects detected!

--------------------------------------------------------------------------------------------------------
Files: 0/233862
Registry items: 0/723210
Processes: 0/61
Scan time: 00:20:43
--------------------------------------------------------------------------------------------------------
Active processes:
- ukaqrhdv.exe (PID 2772) (Avira AntiRootkit Tool - Beta)
- iTunes.exe (PID 296)
- WINWORD.EXE (PID 3952)
- System (PID 4)
- smss.exe (PID 652)
- csrss.exe (PID 700)
- winlogon.exe (PID 724)
- services.exe (PID 768)
- lsass.exe (PID 780)
- svchost.exe (PID 952)
- svchost.exe (PID 1032)
- MsMpEng.exe (PID 1072)
- svchost.exe (PID 1124)
- EvtEng.exe (PID 1160)
- S24EvMon.exe (PID 1228)
- WLKEEPER.exe (PID 1244)
- svchost.exe (PID 1352)
- svchost.exe (PID 1444)
- spoolsv.exe (PID 1624)
- scardsvr.exe (PID 1664)
- msdtc.exe (PID 1008)
- AppleMobileDeviceService.exe (PID 1296)
- BAsfIpM.exe (PID 1320)
- inetinfo.exe (PID 1328)
- jqs.exe (PID 1496)
- FrameworkService.exe (PID 1520)
- VsTskMgr.exe (PID 1548)
- mdm.exe (PID 1572)
- naPrdMgr.exe (PID 1772)
- NicConfigSvc.exe (PID 1820)
- nvsvc32.exe (PID 1924)
- RegSrvc.exe (PID 268)
- svchost.exe (PID 544)
- wdfmgr.exe (PID 564)
- wmiprvse.exe (PID 2484)
- alg.exe (PID 2572)
- ZCfgSvc.exe (PID 3644)
- 1XConfig.exe (PID 3780)
- explorer.exe (PID 4036)
- Apoint.exe (PID 1976)
- rundll32.exe (PID 1236)
- iFrmewrk.exe (PID 2400)
- ApntEx.exe (PID 2504)
- tfswctrl.exe (PID 2880)
- shstat.exe (PID 2176)
- UpdaterUI.exe (PID 3656)
- TBMon.exe (PID 3756)
- svchost.exe (PID 172)
- acrotray.exe (PID 144)
- MSASCui.exe (PID 3908)
- rundll32.exe (PID 3936)
- iTunesHelper.exe (PID 336)
- jusched.exe (PID 1832)
- ctfmon.exe (PID 2104)
- iPodService.exe (PID 3572)
- Mcshield.exe (PID 2828)
- rundll32.exe (PID 772)
- firefox.exe (PID 880)
- cmmon32.exe (PID 3448)
- thunderbird.exe (PID 3536)
- avirarkd.exe (PID 1004)
========================================================================================================
- Scan finished Sunday, January 04, 2009 - 11:46:04
========================================================================================================

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,590 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:50 AM

Posted 04 January 2009 - 03:23 PM

Please download RSIT by random/random and save it to your Desktop.
Note: You will need to run this tool while connected to the Internet so it can download HijackThis if it is not located on your system. If you get a warning from your firewall or other security programs regarding Rist attempting to contact the Internet, please allow the connection.
  • Close all applications and windows so that you have nothing open and are at your Desktop.
  • Double-click on RSIT.exe to start the program.
  • If using Windows Vista, be sure to Run As Administrator.
  • Click Continue after reading the disclaimer screen.
  • Leave the drop down box set to default: "List/folders created or modified in the last 1 month (30 days).
  • When the scan is complete, a text file named log.txt will automatically open in Notepad.
  • Please start a new topic and post your log in the HijackThis Logs and Malware Removal forum, NOT here.
  • Be sure to mention that you tried to follow the Prep Guide but were unable to get DDS to run.
If RSIT did not work, then reply back here.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,989 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:01:50 AM

Posted 04 January 2009 - 06:33 PM

Hello dumbdoc777,

I'm glad to see that you were able to produce an RSIT log and have posted it here: http://www.bleepingcomputer.com/forums/t/192229/google-search-links-redirected-to-adds-dds-returns-garbage-text/

Now that you have a log is posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you, complicating the malware removal process and extending the time it takes to clean your computer.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the HJT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

If after 5 days you still have received no response, then post a link to your HJT log in the thread titled "Haven't Had A Reply In Five Days?".

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users