Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected by Browser-Security.microsoft.com hijacker?


  • Please log in to reply
5 replies to this topic

#1 openfaced

openfaced

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:10:48 AM

Posted 23 June 2009 - 01:45 PM

In the past I was infected with Virtumonde as well as Spyware Protect scam. I used hijack this and your combofix and things seemed to be working fine for the last few months.

However, now my internet has been slow, sometimes downloads don't move past 0% or crawl at less than 50 bytes per second (I obviously unplugged and restarted my modem). Also some programs have failed to open, spyware/malware updates won't download, and right click functions are sluggish.

I ran the following and here is what they found:

AVG antivirus and it found nothing
Malwarebytes found nothing
Spybot Search & Destroy found nothing
Registry Booster found its usual problems but fixed them all
Adaware 2008 found the following Critical Object: Redirected Host File Entry: IP Address 91.207.117.244: Host Name: Browser-security.microsoft.com

Adaware was unable to remove or quarantine the object.

So I looked how to manually remove it but couldn't find any of the files they say to remove on my computer. Could you please help me find out what I am infected with and how to go about removing it?

Thank you so much for your help.

BC AdBot (Login to Remove)

 


#2 Zllio

Zllio

  • Members
  • 1,107 posts
  • OFFLINE
  •  
  • Local time:10:48 AM

Posted 26 June 2009 - 11:08 AM

Hi openfaced,

There's an older tool which is not used anymore, but it might remove this particular entry for you. Let's give it a try:



Download CWShredder here to its own folder.
Open CWShredder.exe and click the Check For Update button.
After downloading any necessary updated, please close the program.

Now reboot into Safe Mode. (Copy or note the instructions before you go into Safe Mode).
This can be done tapping the F8 key repeatedly (gently) as soon as you start your computer
You will be brought to a menu where you can choose to boot into safe mode.

Now run CWShredder again, by doubling clicking on the program.
Click "Fix" and then "Next", let it fix everything it asks about.
After the tool has finished, reboot your computer into normal windows.


Then please do the following:


Please download ATF Cleaner by Atribune & save it to your desktop.

  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".



Let me know how this went?
Zllio


#3 openfaced

openfaced
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:10:48 AM

Posted 27 June 2009 - 05:43 PM

Thank you for replying and helping with my issue.

I downloaded and ran both scans, following your instructions. The CWShredder found nothing, and the ATF Cleaner cleaned up several things. However, I ran Adaware again and still found the same error.

Any other suggestions?

I appreciate your help

#4 Zllio

Zllio

  • Members
  • 1,107 posts
  • OFFLINE
  •  
  • Local time:10:48 AM

Posted 28 June 2009 - 02:01 AM

Hi openfaced,

I believe that your vundo infection may never have been completely removed and that there is probably a rootkit behind it. Vundo or Virtumonde often leaves behind a very few files which have to be removed manually. I recommend that you go through the instructions in the Preparation Guide and post the requested logs in the HijackThis forum.

Alternatively, we can try running a few more scans here to try and get more exact information, but the tools which work best to remove this infection cannot be used in this particular forum where you're posting to me now.

Before you start with the preparation guide, try these two scans:GMER

F-Secure Blacklight
If you run these, please post the information here so I can see if they found anything.

Zllio

#5 openfaced

openfaced
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:10:48 AM

Posted 28 June 2009 - 04:03 PM

I ran the GMER (it took a very long time) and it didn't appear to find anything. When it was finished I hit "OK" which I assumed would bring me to a summary of what it found, but it closed the program! So I'm afraid I can't post the results. I've decided to skip the F-Secure Blacklight, since most scans are not finding anything. I am going to prepare the Hijack This documentation and post it in the other forum.

Thank you very much for your assistance, I really appreciate your help.

#6 Zllio

Zllio

  • Members
  • 1,107 posts
  • OFFLINE
  •  
  • Local time:10:48 AM

Posted 28 June 2009 - 04:06 PM

You're welcome openfaced!

I think that's the best idea. You'll need some patience until they can help you, but I think it will help to have more detailed information.

Good luck.


Zllio




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users