Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google searches in Firefox 3.0.10 and IE 8.0.6001 hijacked/redirected through overclick.cn


  • This topic is locked This topic is locked
2 replies to this topic

#1 Alsvid

Alsvid

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:35 PM

Posted 08 June 2009 - 03:23 PM

My OS is Windows XP SP3. I have ZoneAlarm Anti-virus.

In order to deal with this problem I have used Malwarebytes - no luck. (However, I have had a separate trojan which ran from my temp files today (seseextivj.exe, called Trojan-Dropper.Win32.Agent.asii by ZoneAlarm Anti-virus) which Malwarebytes seems to have dealt with). Both of these programs are updating normally - I have read of people having my problem and not being able to update or run security programs.
I am preventing anymore trojan downloads by running the noscript extension in Firefox, which means that redirected google searches do not load up unpleasant websites. I have replaced Adobe Acrobat with FoxIt reader, and turned off javascript in FoxIt.



Please note that this has happened for other forum users:
<hxxp://www.google.co.uk/search?hl=en&tbo=1&tbs=qdr:w&q=+site:www.bleepingcomputer.com+overclick>

Thanks for any help you can give,
Tom




DDS Log:

DDS (Ver_09-05-14.01) - NTFSx86
Run by John at 21:07:04.51 on 08/06/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.102 [GMT 1:00]

AV: ZoneAlarm Antivirus *On-access scanning enabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\John\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: bho2gr Class: {31ff080d-12a3-439a-a2ef-4ba95a3148e8} - c:\program files\getright\xx2gr.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\fdm\iefdmcks.dll
TB: Wanadoo: {8b68564d-53fd-4293-b80c-993a9f3988ee} - c:\progra~1\wanadoo\wsbar\WSBar.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [DVDSentry] c:\windows\system32\DSentry.exe
mRun: [SpeedTouch USB Diagnostics] "c:\program files\speedtouch usb\Dragdiag.exe" /icon
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: Download all with Free Download Manager - file://c:\program files\fdm\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\fdm\dlselected.htm
IE: Download with Free Download Manager - file://c:\program files\fdm\dllink.htm
IE: Download with GetRight - c:\program files\getright\GRdownload.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Open with GetRight Browser - c:\program files\getright\GRbrowse.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\windows\system32\msjava.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - hxxp://www.ipix.com/download/ipixx.cab
DPF: {15B782AF-55D8-11D1-B477-006097098764} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/authorware/awswaxd.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/0/5/7/05796dde-b2ba-4eef-8da4-f99c7e0c9b92/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc.cab
DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - hxxp://www.napster.co.uk/client/setup.exe
DPF: {58172624-85DD-4482-9E64-02ADCA637E96} - hxxp://www.kungfuchess.com/activex/web665.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1232391669125
DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} - hxxp://updates.lifescapeinc.com/installers/pinstall/pinstall.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1232391642812
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38037.5547800926
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
TCP: {2D69E2FD-1A58-45DD-A5A6-D1E8D7ED2204} = 193.36.79.101,193.36.79.100
TCP: {E1A1AC84-E3C8-488E-8550-571C2F93DE7F} = 193.36.79.100 80.10.246.1

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\john\applic~1\mozilla\firefox\profiles\oc2ysbgi.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll

============= SERVICES / DRIVERS ===============

R1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2009-4-1 150544]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-3-24 353672]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]

=============== Created Last 30 ================

2009-06-08 14:59 70,144 a------- c:\windows\system32\inform.dat
2009-06-08 14:59 16,164 a------- c:\windows\system32\fkas
2009-06-07 13:13 <DIR> --d----- c:\program files\FoxitReader30_enu
2009-06-06 20:54 <DIR> --d----- C:\NVIDIA
2009-06-06 20:37 664 a------- c:\windows\system32\d3d9caps.dat
2009-06-06 20:37 552 a------- c:\windows\system32\d3d8caps.dat
2009-06-06 20:36 <DIR> --d----- c:\program files\SystemRequirementsLab
2009-06-06 19:26 <DIR> --d----- c:\windows\nview
2009-06-06 17:43 <DIR> --d----- c:\docume~1\john\applic~1\Tilted Mill
2009-06-06 16:51 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-06-06 16:46 <DIR> --d----- C:\Fixing the Comp 6th June 09
2009-06-06 13:53 <DIR> --d----- C:\Rooter$
2009-06-06 13:28 <DIR> a-dshr-- C:\cmdcons
2009-06-06 13:26 161,792 a------- c:\windows\SWREG.exe
2009-06-06 13:26 154,624 a------- c:\windows\PEV.exe
2009-06-06 13:26 98,816 a------- c:\windows\sed.exe
2009-06-06 11:48 <DIR> --d----- c:\docume~1\john\applic~1\Malwarebytes
2009-06-06 11:48 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-06 11:48 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-06 11:48 <DIR> --d----- c:\program files\Malwarebytes
2009-06-06 11:48 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-06-05 17:38 <DIR> --d----- c:\docume~1\john\applic~1\SaintXi
2009-06-05 17:34 4,178,264 a------- c:\windows\system32\D3DX9_41.dll
2009-06-05 17:34 1,846,632 a------- c:\windows\system32\D3DCompiler_41.dll
2009-06-05 17:34 453,456 a------- c:\windows\system32\d3dx10_41.dll
2009-06-05 17:34 517,448 a------- c:\windows\system32\XAudio2_4.dll
2009-06-05 17:34 235,352 a------- c:\windows\system32\xactengine3_4.dll
2009-06-05 17:34 69,448 a------- c:\windows\system32\XAPOFX1_3.dll
2009-06-05 17:34 22,360 a------- c:\windows\system32\X3DAudio1_6.dll
2009-06-05 17:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DAEMON Tools Lite
2009-06-05 17:18 <DIR> --d-h--- c:\program files\DAEMON Tools Toolbar
2009-06-05 17:18 <DIR> --d----- c:\program files\DAEMON Tools Lite
2009-06-05 17:08 721,904 a------- c:\windows\system32\drivers\sptd.sys
2009-06-05 17:07 <DIR> --d----- c:\docume~1\john\applic~1\DAEMON Tools Lite
2009-06-04 19:14 <DIR> --d----- c:\docume~1\john\applic~1\USC
2009-06-01 18:02 <DIR> --dsh--- c:\documents and settings\john\IECompatCache
2009-05-30 11:36 <DIR> --dsh--- c:\documents and settings\john\PrivacIE
2009-05-30 11:19 <DIR> --dsh--- c:\documents and settings\john\IETldCache
2009-05-30 10:56 <DIR> --d----- c:\windows\ie8updates
2009-05-30 10:56 102,912 -------- c:\windows\system32\dllcache\iecompat.dll
2009-05-30 10:51 <DIR> -cd-h--- c:\windows\ie8
2009-05-30 10:36 401,408 -------- c:\windows\system32\dllcache\rpcss.dll
2009-05-30 10:36 284,160 -------- c:\windows\system32\dllcache\pdh.dll
2009-05-30 10:36 110,592 -------- c:\windows\system32\dllcache\services.exe
2009-05-30 10:36 35,328 -------- c:\windows\system32\dllcache\sc.exe
2009-05-30 10:36 473,600 -------- c:\windows\system32\dllcache\fastprox.dll
2009-05-30 10:36 453,120 -------- c:\windows\system32\dllcache\wmiprvsd.dll
2009-05-30 10:36 227,840 -------- c:\windows\system32\dllcache\wmiprvse.exe
2009-05-30 10:36 729,088 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-05-30 10:36 714,752 -------- c:\windows\system32\dllcache\ntdll.dll
2009-05-30 10:36 617,472 -------- c:\windows\system32\dllcache\advapi32.dll
2009-05-30 10:35 1,203,922 -------- c:\windows\system32\dllcache\sysmain.sdb
2009-05-30 10:35 215,552 -------- c:\windows\system32\dllcache\wordpad.exe
2009-05-30 10:35 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-05-29 09:42 <DIR> --d-h--- c:\program files\MSECache
2009-05-20 17:26 <DIR> --d----- c:\docume~1\john\applic~1\avidemux
2009-05-16 14:14 <DIR> --d----- c:\docume~1\alluse~1\applic~1\MythPeople

==================== Find3M ====================

2009-06-05 17:39 4,268,444 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-06-05 17:39 318,630,176 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-04-14 07:46 4,212 a---h--- c:\windows\system32\zllictbl.dat
2009-04-01 19:23 37,014,408 a------- C:\zaAvSetup_80_298_035_en.exe
2009-03-31 19:20 72,584 a------- c:\windows\zllsputility.exe
2009-03-31 19:20 1,221,512 a------- c:\windows\system32\zpeng25.dll
2009-03-23 20:44 2,855 a------- c:\windows\pif\setup.PIF
2009-03-21 15:06 989,696 -------- c:\windows\system32\dllcache\kernel32.dll
2006-10-11 16:47 33 a----r-- c:\documents and settings\all users\hash.dat
2006-04-28 09:26 24,192 a------- c:\documents and settings\john\usbsermptxp.sys
2006-04-28 09:26 22,768 a------- c:\documents and settings\john\usbsermpt.sys
2008-05-21 17:48 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008052120080522\index.dat

============= FINISH: 21:09:17.64 ===============

Attached Files


Edited by Orange Blossom, 11 February 2013 - 05:19 AM.
Deactivate link. ~ OB


BC AdBot (Login to Remove)

 


m

#2 Alsvid

Alsvid
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:35 PM

Posted 12 June 2009 - 09:44 AM

I am receiving help elsewhere. Apologies for posting on two sites, I became desperate in case the situation got worse (I've read of others who had a google redirect problem who also were stopped from using anti-malware software). I have since read the rules that this is forbidden, so I won't do it again.

#3 Guest_The weatherman_*

Guest_The weatherman_*

  • Guests
  • OFFLINE
  •  

Posted 12 June 2009 - 05:22 PM

Thanks for letting us know Alsvid, all the best with your problem.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users