Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browswer redirects only for certain sites


  • Please log in to reply
4 replies to this topic

#1 anonymouse

anonymouse

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:24 PM

Posted 17 November 2009 - 10:02 PM

Hey, I think I might have a strange version of the browser redirect virus. I get redirected to those stinking Yellowpages and shopping ad offer sites, but only when I attempt to go to specific URLs. Does anybody have any experience in dealing with redirect viruses, or has anybody here ever heard of getting redirected only from certain sites?

Thanks in advance.

BC AdBot (Login to Remove)

 


#2 anonymouse

anonymouse
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:24 PM

Posted 17 November 2009 - 10:18 PM

Update: I ran RootRepeal, Win43kDiag, and the Run > Cmd log and figured this might be useful:

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/11/17 22:05
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xAA60A000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7B73000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA9A35000 Size: 49152 File Visible: No Signed: -
Status: -

==EOF==


Volume in drive C has no label.
Volume Serial Number is ACB6-6B7E

Directory of C:\WINDOWS\ERDNT\cache

11/30/2007 03:25 PM 181,248 scecli.dll

Directory of C:\WINDOWS\ERDNT\cache

11/30/2007 03:25 PM 407,040 netlogon.dll

Directory of C:\WINDOWS\ERDNT\cache

11/30/2007 03:25 PM 56,320 eventlog.dll
3 File(s) 644,608 bytes

Directory of C:\WINDOWS\system32

11/30/2007 03:25 PM 181,248 scecli.dll

Directory of C:\WINDOWS\system32

11/30/2007 03:25 PM 407,040 netlogon.dll

Directory of C:\WINDOWS\system32

11/30/2007 03:25 PM 56,320 eventlog.dll
3 File(s) 644,608 bytes

Directory of C:\WINDOWS\system32\dllcache

11/30/2007 03:25 PM 181,248 scecli.dll

Directory of C:\WINDOWS\system32\dllcache

11/30/2007 03:25 PM 407,040 netlogon.dll

Directory of C:\WINDOWS\system32\dllcache

11/30/2007 03:25 PM 56,320 eventlog.dll
3 File(s) 644,608 bytes

Total Files Listed:
9 File(s) 1,933,824 bytes
0 Dir(s) 373,899,264 bytes free



#3 anonymouse

anonymouse
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:24 PM

Posted 18 November 2009 - 11:20 AM

Anyone know how to solve this problem? Any help would be greatly appreciated.

#4 anonymouse

anonymouse
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:24 PM

Posted 18 November 2009 - 05:52 PM

Nobody knows what might be wrong here?

#5 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:04:24 PM

Posted 21 November 2009 - 05:11 PM

11/30/2007 03:25 PM 56,320 eventlog.dll

I did not read you other thread entirely Did boopme have you run any rootkit scans?
This indicates that you have one
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users