Posted 10 August 2009 - 03:39 PM
My name is John, and as my login states, I am a part time IT dude at the company I work at. I know enough to be dangerous but I could use some help from time to time, like now.
I have a newer computer that just started acting weird. It is an XP Pro SP3, quad core, 4gb, IE7. I started to get mixed results when surfing the web and I think I am being redirected to other sites. This has worsened over the past week and every once in a while I get a small popup windows that says:
Windows Internet Security
Your browser is under the threat of infection. Windows requires your permission to install online protection tool.Your browser is run in unsafe mode. Running the protection mode will help you to keep your computer safe. Staying at the suspicious website in unsafe mode may lead to the loss of personal data and computer breakage. To run the web browser in protected mode Windows requires installing the certified antivirus scanner software and online protection tool.
name: Online Protection Tool
publisher: Microsoft Windows
The above is in a Windows like window, with an orange header, and contains an orange sheild with ! in the middle.
My computer is running Mcafee total protection service, and I never saw this before, so I am not sure if it is part of it. If it was, I would think that McAfee would have their name in it, or use their shield logo, which it isnt.
Also, sometimes I actually see the word "redirecting" on the explorer tab. When I go to a new website from a search page, it shows "redirect" in the tab of IE, and then sometimes a huge page saying "waiting" with a clear see through arrow going around in circles, then it redirects me to something totally off the wall. So far, it hasn't been x rated, usually it is to Ebay, or a video in Utube, or some other regular dumb site.
So, I started to look around.
I didn't notice anything different in the start up files that shouldn't be there.
I performed my usual tasks of cleaming up the system, all to no avail.
I ran a virus scan, found nothing.
I installed and ran Adaware, it only found a few cookies, nothing else.
I tried running windows update, and it wouldnt access the site, a known issue I have seen with other malware and viruses.
I ran HJT and in it I found a few items under O1, and 4 items under O17. The ones under O1 seemed incorrect and useless, and the ones under O17 had the wrong DNS server numbers on it. I deleted the O1's and the O17. I thought for sure that would help. I rebooted, and I had to readd my DNS server numbers, and once I did it seemed to work, for a while. I was now able to access windwos update.
I ran HJT again, and this time only 2 O17's showed up, but they were the correct DNS numbers. I periodically ran the report and shortly I founf a third O17 show up, but it stll had the proper DNS numbers.
I tried to download SPYBOY S&D but it would redirect me elsewhere.
I downloaded the install file to another computer, and installed it on the problem one. It installed fine, but wouldn't run.
I rebooted and had issues going into windows, then I shut it down, rebooted into safemode, and had issues going into safemode. It never completely went into either, so I shut it down and rebooted into last known and it came up, but I had to add my DNS numbers again.
I uninstalled the Spybot, and reinstalled. The reason I did this is because when I first installed spybot, I checked the selection to install updates, which I never did before, and I thought that messed things up. Anyway, I reinstalled, and I still cant get spybot to run.
I can now at least get to windows update, but I cant seem to get rid of whatever it is.