Google Redirecting to sites like aainteriors.com,vitalcheck.net

Ok,so I just reformatted my hard drive due to FlatOut 1 and 2 not working and crashing whenever I press Ctrl,so after the reformat I went to Realtek to get my sound drivers,somehow the site was down and 9down happened to have the lastest version,when i visited the page i got 2 pop-ups and that's when i think this B.S started to begin..does anyone have reports of 9down swiftly giving viruses?Wasnt reported as bad with AVG,shouldv'e gotten Web Of Trust also..


So,trying to look for a solution it redirects the pages with a possible solution,probably set at a predertermined interval of time since it doesn't happen all of the time,trying to go to Newgrounds does it,and redirects to pages that could be search engines that are harmless with there name,and ones that could possibly be pr0n.

One of these websites were reported an Attack Site by AVG Free 8.5,I've tried using BitDefender's online scanner,MalwareBytes' Anti-Malware,but haven't tried Spybot yet,probably should (how do i make it stop giving me all these registry changes for spybot delete.002124 or something like that and cmd popping up on startup and doing nothing)

So anyways I don't know what this could be...I think i got it from 9down but im not sure if it was a result of a disk I had from my other OS' data that could've got a virus on it.

Should I just put every site I see in the HOSTS file?(There's probably more)

Or could someone help me delete it?


EDIT:Sorry,could someone put this in the Am I Infected board?

Edited by ChaotixDemon, 21 June 2009 - 05:40 PM.

Welcome to BC

Let's take care of the possible infected drive first
Was it in a portable hard drive enclosure or a thumb drive?
Download Flash Drive Disinfector. Hold down the shift key while attaching the portable drive

Flash_Disinfector.exe by sUBs and save it to your desktop.

• Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
• The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
• Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
• Wait until it has finished scanning and then exit the program.
• Reboot your computer when done.

Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.
-------------------------------------

After that, do a mbam scan



The process of cleaning your computer may require you to temporarily disable some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

• Make sure you are connected to the Internet.
• Double-click on mbam-setup.exe to install the application.
• When the installation begins, follow the prompts and do not make any changes to default settings.
• When installation has finished, make sure you leave both of these checked:
  • Update Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware
• Then click Finish.

MBAM will automatically start and you will be asked to update the program before performing a scan.

• If an update is found, the program will automatically update itself.
• Press the OK button to close that box and continue.
• If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.

On the Scanner tab:

• Make sure the "Perform Quick Scan" option is selected.
• Then click on the Scan button.
• If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
• The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
• When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
• Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen:

• Click on the Show Results button to see a list of any malware that was found.
• Make sure that everything is checked, and click Remove Selected.
• When removal is completed, a log report will open in Notepad.
• The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the contents of that report in your next reply and exit MBAM.

Note:
-- If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Note 2:
-- MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes (like Spybot's Teatimer), they may interfere with the fix or alert you after scanning with MBAM. Please disable such programs until disinfection is complete or permit them to allow the changes. To disable these programs, please view this topic: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

I dont have any portable drives,I have a CD i burned with nero with some game saves and other things in it that couldve possibly been infected by a virus in my old install of XP,but this redirecting thing never happened before i reformatted so its probably something new

Ok well,the quick scan completed in 2 mins (is that normal?)

Malwarebytes' Anti-Malware 1.38
Database version: 2319
Windows 5.1.2600 Service Pack 3

6/21/2009 5:00:45 PM
mbam-log-2009-06-21 (17-00-45).txt

Scan type: Quick Scan
Objects scanned: 81149
Time elapsed: 2 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Oh and one thing,ive been using shinysearch to make google look cooler,that could be what is doing this or just nothing at all?I dont know

Edited by ChaotixDemon, 21 June 2009 - 07:01 PM.

Hi chaotixdemon,

Sorry your thread got lost a bit here. It sounds like you have a redirect and that it's an annoyance but not yet doing anything severe to prevent you from using your computer or your internet. Because of that, I would recommend that you go through the procedures in the Preparation Guide, (some of which you've already done) which will allow you to post in the HijackThis forum. You may have to wait up to two weeks for a response there, but since you are able to use your computer, it would not hurt to post there. The only thing they ask is that you not make any changes to your computer once you've applied to them for help, i.e. adding or removing new programs.

Before you even think of doing the Preparation Guide, however, please do the following:


edit: Just noticed you only did the quick scan with MalwareBytes - please rerun it and have it do the full scan! Have it fix whatever it finds and if it finds anything, post the new log here. Then do the following:



Step 1: ATF Cleaner

If you're running XP, please run ATF cleaner according to the following instructions. If you're using Vista, right-click on the icon and select "run as Administrator".

Please download ATF Cleaner by Atribune & save it to your desktop.

• Double-click ATF-Cleaner.exe to run the program.
• Under Main "Select Files to Delete" choose: Select All.
• Click the Empty Selected button.
• If you use Firefox browser click Firefox at the top and choose: Select All
• Click the Empty Selected button.
  If you would like to keep your saved passwords, please click No at the prompt.
• If you use Opera browser click Opera at the top and choose: Select All
• Click the Empty Selected button.
  If you would like to keep your saved passwords, please click No at the prompt.
• Click Exit on the Main menu to close the program.

Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

Step 2: Download HostsXpert

This program will restore your MS hosts file to the default state. This, together with the next step, may help temporarily, but without solving the cause of the problem, it's unlikely to prevent the redirects from starting up. Nevertheless, it would be a good step to take until someone can look at the files on your computer and see what is causing the problem. After you download HostsXpert, please do the following:

Unzip HostsXpert to your desktop

Open up the HostsXpert program.* Make sure that the "make hosts writable?" button in the upper left corner is enabled.
* Click back up Host files
* then click "Restore MS Hosts File"
* close program

Step 3: Spybot S&D and SpywareBlaster

Spybot and SpywareBlaster both have features which will make your computer safer against hijacks. I recommend installing Spybot, allowing it to update and then run the scan and let it fix anything it finds. After that, click on the Immunize button (blue and white shield) and have it immunize your system.

You can download the current version of Spybot at the following link. When you do, uncheck Teatimer when you install it, or this will prevent you from making changes to fix your computer. If you already have Spybot installed, I recommend unchecking Teatimer. You can get to this setting by opening Spybot and going to the Mode button at the top. In the dropdown, select Advanced. The main window will change to show an option in the lower left called Tools. Click on that. Then click on the red and white Resident shield and in the middle of the page, make sure the option for Teatimer is unchecked. Here's the link for the tutorial for Spybot which also has the download link in it:

Using Spybot - Search & Destroy to remove Spyware from Your Computer
A tutorial for SpywareBlaster can be found in the following link. Spyware Blaster is a lightweight background tool which is highly useful in offering passive protection. It prevents the installation of ActiveX-based spyware and other potentially unwanted programs, blocks spying / tracking via cookies and restricts the actions of potentially unwanted or dangerous websites. It's a great piece of software.

How to use SpywareBlaster

Step 4: Let me know how this went?

Zllio

Edited by Zllio, 27 June 2009 - 04:59 AM.