Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirect/unable to access registry


  • Please log in to reply
2 replies to this topic

#1 kritter47

kritter47

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:35 AM

Posted 15 May 2009 - 01:21 AM

Hey guys.

I know just enough about my computer (a Dell Inspiron 710m running Windows XP) to get in trouble, but I'm pretty sure I have a serious issue going on.

The first issue I noticed about two weeks ago was that when I clicked on search results in Firefox or IE, about one in seven times I would get redirected to some sort of advertising/spam page. When I backed up and clicked the link again, it would go to the original page.

Then two days ago, my TrendMicro PC-Cillian 12 announced it had not updated in a week, and I could not manually get it to update. I called the folks at TM about it, and they told me they no longer supported my program and I would have to upgrade to Internet Security 16.7. I could not use the easy install, so I had to manually remove PC-Cillian 12 and install the new program.

It was at this point that I realized I could not access my registry. When I type in regedit in the start menu, the screen goes blank except for my background then slowly reloads the start menu bar, programs and icons minus any windows (i.e., Control Panel, My Documents, et al.) that were open at the time. I also tried to access regedt32 with the same results.

When I got Internet Security 16 working, I realized it would not update or scan. If I click on one button, it grays out like it's working but never takes the next step. When I try to click the other, it asks me to wait until the first is done before either updating or scanning, whichever is not running at the time. It will sit like that indefinitely until I restart my computer. I called TM about this, and they are convinced I have something else on my computer (Ad-Aware, SpyBot), but I took all those off during the installation process.

Also, since installing, I am unable to access certain pages in Firefox (but not IE). I cannot access, for instance, Yahoo or YouTube but I can access Google and Google search. I can't back up into the page or reach it by typing the address in the bar. If I try to, I can see the progress at the bottom, but then it says done and leaves me with the page I was previously on with that page's address in the address bar. I was unable to work in Gmail on it's normal settings, but when I went to html only, I could read and send mail again.

I downloaded and ran SUPERAntiSpyware, professional trial version, and discovered/quarantined/killed a few ad-bots but nothing serious. I also ran SpyBot and ad-aware when the redirection problems first happened and had no success

I am fairly certain this is all related to the same issue. I do have a HijackThis file and a System Log, so if this would be more appropriate for that forum, I can transfer the information over there.

Any suggestions?

Edited by kritter47, 15 May 2009 - 02:54 AM.


BC AdBot (Login to Remove)

 


#2 kritter47

kritter47
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:35 AM

Posted 15 May 2009 - 12:25 PM

I'm updating because I have new information.

I was able to run a virus scan in safe mode (did not try with networking, so I have not updated the definition files), and the scan found and deleted two instances of PAK_Generic.001, one in a file called TrueInstall.exe and the other in one of the AppleMobileDevice files.

Somehow I suspect there is a larger issue, though, as my basic research on PAK_Generic says a.) by itself, it's a low-risk, low-annoyance virus and b.) it can sometimes be associated with some sort of Trojan called Vundo.

#3 kritter47

kritter47
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:35 AM

Posted 15 May 2009 - 10:37 PM

More updates of things I'm trying to do myself, mostly following advice of other threads.

I installed and ran Malwarebytes first in safe mode, then in regular mode. In safe mode, if found some adware but no viruses and removed them. In regular XP and a full scan, it found nothing.

I still cannot update TrendMicro, nor can I run a Kapersky Scanner. In my TrendMicro files, it says it discovered the 7U[1].exe virus tonight and quarantened an AdBot (Adware_BHOT_Mirar) on Wednesday.

I remain unable to access the registry and unable to access several pages on Firefox (but not IE).

Edit: Was finally able to run Kapersky in safe mode - I have Trojan.Win32.Small.bxz in the file C:\WINDOWS\nqeqwp.kky

Any clues on removal? From reading around, everything was pointing to the ComboFix program that you guys don't recommend, and I don't trust myself to do something like that without someone helping me through it step-by-step.

And boy, I wish I could update the title to show that I've got half a clue now.

Edited by kritter47, 16 May 2009 - 12:58 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users