Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News: The Week in Ransomware - July 20th 2018 - Developer's Vent, Ransomware Attacks, and More

Featured Deal: Get 98% off the Ultimate Cisco Certification Bundle: Lifetime Access Deal

I don't know what is infected my machine

Started by captmilmo , Dec 21 2009 05:52 AM

Please log in to reply

3 replies to this topic

#1 captmilmo

Members
4 posts
OFFLINE

Local time:11:47 PM

Posted 21 December 2009 - 05:52 AM

Hi,

After clicking on google search results I get redirected to sites such as "britannia search" "the click checker" "know seach" etc etc. Sometimes this happens on the first search result and sometimes on the second or third search result.

I currently am using Firefox (which I removed and reinstalled when this happened), but it also occurred when I switched back to IE.

I have Norton 360 installed but it can't pick anything up
I have scanned to no avail with malwarebytes, sophos anti rootkit, super antispyware, hijack this

but the redirection still occurs.

Any ideas as to what is causing this, where it came from, and what I can do about this?

Thanks in advance,

Barry

Back to top

BC AdBot (Login to Remove)

BleepingComputer.com
Register to remove ads

#2 MATTSPCHELP

Members
196 posts
OFFLINE

Gender:Male
Location:Leicester, United kingdom
Local time:05:47 AM

Posted 21 December 2009 - 07:27 AM

This sounds like either a bit of malware or a simple hosts file issue , please download and install malwarebytes free edition

Microsoft Certified Desktop Support Technician

Back to top

#3 captmilmo

Topic Starter

Members
4 posts
OFFLINE

Local time:11:47 PM

Posted 22 December 2009 - 06:00 AM

Thanks Matt,

I tried Malwarebytes a few days ago, and I updated it through your link before trying it again.

It came up with a few trojans and about twenty worms that hadn't been on it Sunday.

Unfortunately, the problem hasn't gone away and I was redirected to the same sites after clicking on my third google result this morning.

Regards

Barry

Back to top

#4 captmilmo

Topic Starter

Members
4 posts
OFFLINE

Local time:11:47 PM

Posted 23 December 2009 - 07:50 AM

Hi Matt,

I don't know if this helps. It is the log from my last scan from Malwarbytes. The redirection problem remains unfortunately!

thanks,

Barry

Malwarebytes' Anti-Malware 1.42
Database version: 3402
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

22/12/2009 05:37:35
mbam-log-2009-12-22 (05-37-35).txt

Scan type: Full Scan (C:\|)
Objects scanned: 298334
Time elapsed: 2 hour(s), 32 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 24

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\WINDOWS\system32\SysWoW32 (Worm.Archive) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Siobhan\My Documents\Downloads\Keygen.Mindjet.MindManager.v8.0.217.45042.exe (Trojan.Vilsel) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\d3dx9_2732.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mi1176674986v4 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mi1176674986v4.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mi1176674986v5 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mi1176674986v5.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mi1176674986v6 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mi1176674986v6.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mi1176674986v7.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu1176674986v0 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu1176674986v0.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu1176674986v1 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu1176674986v1.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu1176674986v2 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu1176674986v2.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu1176674986v3 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu1176674986v3.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_i1176674986v5 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_i1176674986v6 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_i1176674986v7 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u1176674986v0 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u1176674986v1 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u1176674986v2 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u1176674986v3 (Worm.Archive) -> Quarantined and deleted successfully.