Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirects-bleepingcomputer blocked


  • Please log in to reply
15 replies to this topic

#1 Jerry2037

Jerry2037

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:05 AM

Posted 20 April 2009 - 11:29 AM

Windows XP Pro MCE SP3, all updates as of 2-3 weeks ago
Firefox 3.0.8 is prefered browser IE6 is backup browser, same problems in both
MS auto updates are turned on
turned off norton 2-3 weeks ago, installed mcafee on the same day, auto scan, auto updates are on, ran manual scan this AM, nothing detected
Using igoogle for home page, bleepingomputer is saved as ai igoogle favorite
try going to bleepingcomputer.com, url says bleepingcomputer.com, page load says done, all I get is a white screen
same results if i type address in
try google search, get redirected to random pages, browser back arrow gets me to desired page
Frequent crashes for "Generic Host Process for Win32 Services", clicking through MS repair screens gets me to message that basically says I have that file, repair cannot be made

have notebook with basically same setup, it works ok so far

BC AdBot (Login to Remove)

 


#2 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 20 April 2009 - 11:33 AM

Hi,

Welcome here. :thumbsup:
Let's take a look.

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

#3 Jerry2037

Jerry2037
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  

Posted 20 April 2009 - 12:18 PM

Superbird,
The link you posted took me to "cyberdefender" on the cnet site, not malwarebytes. Anyway i put it on a memory stick and installed it in my desk top. i had to tell mcafee to allow. it started running the scan as soon as it was installed and before I got to check for the options you described. i stopped the scan and reviewed the tabs but it looks like a different program than you described. it claims it found some malware but it keeps crashing.
Next step?
jerry

#4 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 20 April 2009 - 12:25 PM

This is the direct downloadlink: http://dw.com.com/redir?edId=3&siteId=...t%3Ddl-10804572

Follow the steps I gave you already. :thumbsup:

#5 Jerry2037

Jerry2037
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:05 AM

Posted 20 April 2009 - 12:27 PM

superbird
ops, my bad
I went back to the cnet page and found a very confusing layout. i downloaded the wrong file. trying again.
jerry

#6 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 20 April 2009 - 12:39 PM

That's all right. :thumbsup:

#7 Jerry2037

Jerry2037
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  

Posted 20 April 2009 - 12:56 PM

superbird
i couldn't update the program. crashed three times trying. ran scan anyway, log file follows:

Malwarebytes' Anti-Malware 1.36
Database version: 1945
Windows 5.1.2600 Service Pack 3

4/20/2009 1:49:54 PM
mbam-log-2009-04-20 (13-49-54).txt

Scan type: Quick Scan
Objects scanned: 89090
Time elapsed: 7 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\cdmyidd.securitytoolbar (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{cd24eb02-9831-4838-99d0-726d411b1328} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f20da564-9254-49fe-a678-cc3cef172252} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\cdmyidd.securitytoolbar.1 (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\CyberDefender\cdmyidd.dll (Trojan.BHO) -> Quarantined and deleted successfully.

shall i restart now or wait for reply?

jerry

#8 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 20 April 2009 - 12:59 PM

You can restart your pc. :thumbsup:

After that, do a new full scan with MBAM, and post the log. :flowers:

#9 Jerry2037

Jerry2037
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:05 AM

Posted 20 April 2009 - 01:02 PM

superbird
i will also remove cyberdefender now
jerry

#10 Jerry2037

Jerry2037
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  

Posted 20 April 2009 - 03:50 PM

superbird,
below are results of full scan. the redirects seem to be fixed but bleepingcomputer.com is still blocked.
also, tried to update malwarebyte, got box said "looking for malwarebyte.org" but computer just seemed to hang. went to task manager, three applications running: firefox, hp update agent, and malwarebytes. cpu usage was 53%. canceled update cpu usage went to 1%, restarted malwarebytes cpu usage went up to 53%. i can get to malwarebytes.org with firefox.
jerry

Malwarebytes' Anti-Malware 1.36
Database version: 1945
Windows 5.1.2600 Service Pack 3

4/20/2009 4:26:18 PM
mbam-log-2009-04-20 (16-26-18).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 255036
Time elapsed: 1 hour(s), 13 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

jerry

#11 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 21 April 2009 - 04:35 AM

Hi Jerry,

Yes it's fine you have deleted CyberDefender.
I need some reports. Do the following:

1. Do part 1 of 2 of S!Ri's SmitfraudFix
Please download SmitfraudFix

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

2. Please go to Kaspersky website and perform an online antivirus scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.
If you need a tutorial, see here

#12 Jerry2037

Jerry2037
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:05 AM

Posted 21 April 2009 - 03:59 PM

superbird,
just got back to this. i usually let this pc hibernate at night, but shut it off last night. today i turn it on and see my cpu is 100%. power down (must hold in on/off button) and turn back on, it takes about 30 seconds for cpu to go from 2 to 100%. same with internet cable disconnected.
downloaded and am running smitfraudfix. looks like dos box says:
"scanning process...
scanning hosts..."
nothing seems to be happening after about 10 minutes.
task manager says i have 3 apps running:
updates from hp agent
K:\ (this is the memory stick i downloaded smitfraudfix to, can it run from there or must i run it from c: drive?)
C:\windows\system32\cmd.exe
jerry

#13 Jerry2037

Jerry2037
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  

Posted 21 April 2009 - 04:43 PM

superbird,
moved smitfraudfix to c: drive, restarted it but all i get now is a blinking cursor.
interestingly, redirects are back on the desktop pc, but i can now get to bleepingcomputer.com
jerry

#14 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 22 April 2009 - 08:23 AM

Hi,

Do step 2 then. I need that report the most. :thumbsup:

#15 Jerry2037

Jerry2037
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:05 AM

Posted 22 April 2009 - 04:48 PM

Superbird,
Kaspersky won't run either.
Made me download and install an update to Java. It completed the Information part of the test, I clicked "Accept" next thing I get a dialog box that says "Starting the Java Applet has failed! Please go online to run this program" I clicked OK.
I now have a Kaspersky Update box, stuck on "Downloading and installing the program (0%)" for the last 45 min. Did I read somewhere that some malware could block access to security sites?
I really appreciate your efforts but I'm about to try format c:/ (when I find my boot disk) even though it will take me days to reinstall all my programs and get preferences back the the way I had them.
I have a few picture & CAD files that aren't backed up. I want to put them all on a memory stick and scan the stick w/ McAfee before putting them on a healthy machine. Is there any risk to my doing that?
Thanks,
Jerry




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users