Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

WindowsClick redirect victim


  • Please log in to reply
12 replies to this topic

#1 weenus

weenus

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:51 AM

Posted 13 February 2009 - 06:57 AM

I'm guessing some sort of new offensive happened today because I'm seeing a lot of new victims lately. I had noticed Firefox (the most recent version) running a bit... suspiciously about a week ago, so I switched fulltime to Chrome. Things were running perfectly fine, and then tonight, I had sat down right after dinner, opened Chrome, and noticed a strange window popped up, I closed it, and being a somewhat advaced PC user, began watching my task manager for anything strange and out of the ordinary. I immediately noticed a GoogleUpdate.exe error (the windows program crash error saying Google Installer has crashed). I uninstalled Chrome and attempted to reinstall, which had the same results. I reinstalled Firefox and noticed the WindowsClick redirect all over the place. Suddenly my Spybot stopped working, I click on it to no result, and I have had trouble installing any of the programs that I saw mentioned on this forum, either the programs will crash, or they don't work at all. At this specific moment, after booting into safe mode and running Lavasoft Adaware as well as Avast Anti-Virus (both recent installs), I can't run MBAM, HijackThis, or SuperAntiVirus, none of them are working at all.

I'm beginning to panic, as I work from home on my PC, (primarily on the weekend, which is fast approaching) and I don't have access to a CD or DVD rom to reformat. What are my options? Is there anything I can even do consider the fact that I can't even run HijackThis?

Edit: Edit: took out my HJT log as I saw it's frowned upon to do that ahead of time, sorry, just panicing a bit.

Edited by weenus, 13 February 2009 - 07:36 AM.


BC AdBot (Login to Remove)

 


#2 weenus

weenus
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:51 AM

Posted 13 February 2009 - 10:38 AM

Any ideas?

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:51 AM

Posted 13 February 2009 - 11:27 AM

Have you tried these steps to get MBam to run?
Some types of malware will disable MBAM and other security tools. If MBAM will not install, try renaming it. Right-click on the mbam-setup.exe file and change the .exe extension to .bat, .com, .pif, or .scr and then double-click on it to run.

If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files, right-click on mbam.exe and change the .exe as noted above. Then double-click on it to run..


***
Another work around is by not using the mouse to install it, Just use the arrow keys, tab, and enter keys.



If you cannot use the Internet,you will need access to another computer that has a connection.
From there save mbam-setup.exe to a flash,usb,jump drive or CD. Now transfer it to the infected machine, then install and run the program.
If you cannot transfer to or install on the infected machine, try running the setup (installation) file directly from the flash drive or CD by double-clicking on mbam-setup.exe so it will install on the hard drive.

Manually Downloading Updates:
Manually download them from HERE and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 weenus

weenus
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:51 AM

Posted 13 February 2009 - 11:46 AM

I actually was able to install and update MBAM, (renaming a few files) and was able to run it. It found a number of files in my windows system folders called uacs or something along those lines, which I removed upon reboot. I'm currently in the process of running MBAM again, 1 hour in, 133000 files scanned and nothing infected yet. I was able to reinstall Chrome, meaning what ever was vice gripping the Google Update program is at least gone, so it looks like I'm making some progress with MBAM so far.

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:51 AM

Posted 13 February 2009 - 01:50 PM

Ok good,please post a log too.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 weenus

weenus
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:51 AM

Posted 13 February 2009 - 08:01 PM

Malwarebytes' Anti-Malware 1.34
Database version: 1760
Windows 5.1.2600 Service Pack 3

2/13/2009 5:00:49 PM
mbam-log-2009-02-13 (17-00-49).txt

Scan type: Quick Scan
Objects scanned: 64992
Time elapsed: 4 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:51 AM

Posted 13 February 2009 - 09:18 PM

How are the other issues now?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 weenus

weenus
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:51 AM

Posted 13 February 2009 - 10:28 PM

Everything seems to be running fine, I'm having some issues with some game software, but I sincerely believe that has to do with the games and not the recent issues. I haven't noticed it redirect me at all, and I've been running MBAM every half hour just to keep everything clear and it's been flawless ever since. The last thing I noticed was three dings when I was running Avast about 8 hours ago, nothing since. I think I lucked out and get ahold of it with MBAM right at the right moment.

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:51 AM

Posted 13 February 2009 - 10:38 PM

It's possible that some files affecting your game were altered. You may just want un and re install them if it persists.
If all else is good then....
Now you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 weenus

weenus
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:51 AM

Posted 14 February 2009 - 12:54 AM

Done and done. I just want to thank you immensely for all of your help, even though from the looks of it, there have been worse cases lately that have required more of your attention than mine, I still appreciate all of the help you guys provide. It's nice to know that people are out there to right the wrongs of the scumbags who feel the need to be so destructive. May all of your Valentine's Day's be fruitful!

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:51 AM

Posted 14 February 2009 - 09:36 AM

You're welcome,sometimes it feels good to clean one out quick too. Please take a moment to read quietman7's excellent prevention tips in post 17 here
Tips to protect yourself against malware and reduce the potential for re-infection:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 Theperson45

Theperson45

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:51 AM

Posted 15 February 2009 - 08:10 AM

Have you tried...

I also have to thank you for this advice. I had what I think was the same infection as weenus, at least the symptoms he mentioned were happening to my computer too.

Last night, I downloaded a compressed folder of something thinking it was something else, but then it became clear when the decompressing didn't go the same way that WinRar normally does it. Afterwards (after closing the free porn popup which came up immediately after decompressing [It's nice of them to let me know there is problem right away]) there were a bunch of new links to cheap online pharmacies and casinos in my start menu, and Internet Explorer and Firefox were both showing web pages in the wrong shape (Strange formatting and some images missing), and constantly getting redirected to "windowsclick.com/somethingsomethingsomething" or just a blank page or a "page failed to load" screen. Windows Update would freeze too.

Also, I couldn't read this thread, or (it seemed) any other page which had "windowsclick" in the description in the Google search result. I couldn't load the windows update web page or run spybot or mbam. Although Apple's Safari browser was working fine and I was able to read this thread and rename mbam.exe to mbam.bat, do the scan and successfully remove a lot of files named with "UAC..." among others.

It's all good now, and I just felt like writing to thank you because I wouldn't have thought of that solution, even though it might not have seemed like a difficult problem to you. I am grateful.

#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:51 AM

Posted 15 February 2009 - 01:20 PM

You are also welcome!! In the future you may be able to stop some of those infections(the popup window type) bt clicking CTRL+ALT+DEL, then close the process by highlighting it and selecting End Task.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users