Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Web page wont go to the site i want instead it jumps to a different site


  • This topic is locked This topic is locked
19 replies to this topic

#1 koohii

koohii

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:07:41 AM

Posted 29 August 2009 - 05:25 PM

This been happening for quite a few months now, now every single time i go on firefox and type in the search bar to where i want to go, it jumps to some advertising site

For example.... i type in free tv and then i click on the free tv website it doesnt go to that site and jumps to some weird site and then my AVG anti virus pops up and said that i have a threat so now once im on the site and click on the back arrow it jumps to a random site too

so i was wondering how do i fix this? do i have a virus?

i had scan my computer with Spybot-search and destroy, AVG anti-virus and Malwarebytes' anti malware and nothing comes up

Please help :thumbsup:

Edited by koohii, 29 August 2009 - 05:27 PM.


BC AdBot (Login to Remove)

 


#2 confusedwithvaio

confusedwithvaio

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Baffleville
  • Local time:12:41 PM

Posted 29 August 2009 - 05:29 PM

I had this and my spyware detector thingie could not help at all, but I found found it completly by mistake randomly

I was on add or remove programs, which I can't remember how I got to, and on the list there was a piece of software called something like "Firefox browser redirect" so I deleted it and stopped having the problem straight away.

I hope that this helps, usually I am not too good with computers, but was quite pleased when I stumbled across this :thumbsup:

#3 koohii

koohii
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:07:41 AM

Posted 29 August 2009 - 05:41 PM

Firefox browser redirect wasnt in my add or remove programs
but thank you for helping

Edited by koohii, 29 August 2009 - 05:41 PM.


#4 confusedwithvaio

confusedwithvaio

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Baffleville
  • Local time:12:41 PM

Posted 29 August 2009 - 05:45 PM

Sorry I can't help more, I have just been looking in the "am I infected? If so wat do I do?" forum and there seem to be quite a few people with the same problem as you and the one I used to have and they are getting a load of replies from some guy called computer pro. If I can't help maybe he can :thumbsup:

good luck

#5 bb0bbby

bb0bbby

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cbus, OH
  • Local time:07:41 AM

Posted 31 August 2009 - 10:48 AM

Do a search for arswp. it is a chinese program that i found is the only thing that will successfully sweep my pc. you should be able to google it & use the google translator. be careful using any pages that have it in english due to viruses.
Persistence is the twin sister of excellence. One is a matter of quality; the other a matter of time.

#6 koohii

koohii
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:07:41 AM

Posted 01 September 2009 - 11:22 PM

uhm..can you explain to me how you did it?
because i found a chinese site when i had type in arswp
http://www.arswp.com/
but it had alot of stuff on there so im not sure
and then i found this site
http://www.skycn.com/soft/32124.html
what is it suppose to be called if i translate the page?

#7 bb0bbby

bb0bbby

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cbus, OH
  • Local time:07:41 AM

Posted 02 September 2009 - 10:38 AM

try this: arswp

it should d/l from this link. then do a full scan after you install it. then start in safe mode & scan it in safe mode. then once more after a restart in regular mode.
Persistence is the twin sister of excellence. One is a matter of quality; the other a matter of time.

#8 koohii

koohii
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:07:41 AM

Posted 05 September 2009 - 07:04 PM

it didnt work =(

#9 bb0bbby

bb0bbby

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cbus, OH
  • Local time:07:41 AM

Posted 05 September 2009 - 10:25 PM

sorry, it was the only thing that allowed my pc to return to the way it was before...

hope you find something.

good luck !

:thumbsup:
Persistence is the twin sister of excellence. One is a matter of quality; the other a matter of time.

#10 pacorocksyour

pacorocksyour

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:41 AM

Posted 08 September 2009 - 07:48 PM

you can always download a copy of malwarebytes
click start>run>
type
C:\windows\system32\drivers\etc
delete only the file called "HOSTS" (without "")
then do a re-boot

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:41 AM

Posted 08 September 2009 - 08:03 PM

Hello I am moving this to the Am I infected forum.. Yes run the MBAM scan ... Here are complete instructions.

Next run MBAM (MalwareBytes):

NOTE: Before saving MBAM please rename it to zztoy.exe....now save it to your desktop.

Please download Malwarebytes Anti-Malware and save it to your desktop.

alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 koohii

koohii
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:07:41 AM

Posted 13 September 2009 - 05:47 PM

Malwarebytes' Anti-Malware wont open
everything was fine then the program disappears i would click on the desktop icon and then this would pop up

Posted Image

#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:41 AM

Posted 13 September 2009 - 08:49 PM

This is looking like a rootkit problem.
We Need to check for Rootkits with RootRepeal
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).
  • Open Posted Image on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check only the FILES box: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 koohii

koohii
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:07:41 AM

Posted 14 September 2009 - 09:28 PM

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/09/14 21:25
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA8942000 Size: 49152 File Visible: No Signed: -
Status: -

Name: SKYNETbxvbrsnt.sys
Image Path: C:\WINDOWS\system32\drivers\SKYNETbxvbrsnt.sys
Address: 0xAA5D7000 Size: 163840 File Visible: - Signed: -
Status: Hidden from the Windows API!

Name: srescan.sys
Image Path: srescan.sys
Address: 0xF81D1000 Size: 81920 File Visible: No Signed: -
Status: -

Name: win32k.sys:1
Image Path: C:\WINDOWS\win32k.sys:1
Address: 0xF8857000 Size: 20480 File Visible: No Signed: -
Status: -

Name: win32k.sys:2
Image Path: C:\WINDOWS\win32k.sys:2
Address: 0xF7093000 Size: 61440 File Visible: No Signed: -
Status: -

==EOF==

#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:41 AM

Posted 14 September 2009 - 10:39 PM

You have a Skynet Rootkit and it needs to be removed here.

You will need to run HJT/DDS.
Please follow this guide. go and do steps 6 thru 8 ,, Preparation Guide For Use Before Using Hijackthis. Then go here HijackThis Logs and Virus/Trojan/Spyware/Malware Removal ,click New Topic,give it a relevant Title and post that complete log.

Let me know if it went OK.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users