Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firefox and IE redirect clicked links; FF freezes, crashes.


  • Please log in to reply
3 replies to this topic

#1 Sinful1386

Sinful1386

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 21 December 2009 - 09:08 PM

I'm running Windows XP Home Edition, SP3, on a part-by-part-built computer.

Sunday night everything was running alright. Monday, everything went to heck in a hand basket.

I regularly multi-task with a few programs open, and other processes running. This time, I was watching a video file in Windows Media Player, had a Firefox browser open, along with a notepad, some accounting software (I have a home office), an excel spreadsheet, and possibly a couple other inconsequential things. All things I've had open simultaneously before, with no problems. A problem I've had before, the sound device not being detected, happened. That is usually fixed with a restart, and doesn't happen very often. Right on the heels of my sound going away, however, every program I had open began to quit. On excel and notepad I got the dialog asking if I'd like to save my changes. I clicked cancel on both, as I didn't want them to close, but they immediately did anyway. As soon as all the programs were closed, the computer shut down. I booted up again, and saw my sound was still missing. I hopped online to see if I could find a fix for it, however my internet connection stopped working, even though the icon in the system tray still showed a connection. I tried to repair the wireless connection, however it wouldn't go past "Disabling wireless adapter" and that window was unresponsive after that. I rebooted again, using the brief time between startup and the connection going out again to download and install AVG. I ran a full scan, which didn't find anything. After another reboot, my sound was back, and my internet connection would stay connected, however I now was getting redirected anytime I clicked on a link in Firefox. I tried IE, and it was the same thing.

I did a system restore, thinking if I reverted back to a couple days ago, it might fix the problem, but no go.

I've run scans with Malware Bytes, Hijack This (which I've used before on numerous occasions), and Spybot S&D, and only got a cookie or two that was found.

I'm at my wits-end with this, and can't think of anything else to do.

Help, please, before I decide to turn Amish!!

BC AdBot (Login to Remove)

 


#2 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:50 AM

Posted 21 December 2009 - 11:15 PM

Hello and welcome.

--

Please run a rootkit scan for me.
Download and Run GMER

We will use GMER to scan for rootkits.This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop. Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.

  • Close any and all open programs, as this process may crash your computer.
  • Double click Posted Image or Posted Image on your desktop.
  • When you have done this, close all running programs.
    There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program. Right-click and select Run As Administrator... if you are using Vista
  • Allow the gmer.sys driver to load if asked.

    If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system... Click NO.
  • In the right panel, you will see several boxes that have been checked. Please UNCHECK the following:
    • Sections
    • IAT/EAT
    • Registry
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show all (Don't miss this one!)
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.

If GMER doesn't work in Normal Mode try running it in Safe Mode

Note: Do Not run any program while GMER is running
*Note*: Rootkit scans often produce false positives. Do NOT take any actions on "<--- ROOKIT" entries
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#3 Sinful1386

Sinful1386
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 22 December 2009 - 01:16 PM

Well, I apparently don't have to worry about this anymore!

My boyfriend, upon hearing of my problem, decided to give me one of my Christmas gifts early! Windows 7! Hooray for a format/install!!

Thanks for your help, though!

Happy Holidays!

#4 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:50 AM

Posted 22 December 2009 - 01:27 PM

Okay, thanks for letting us know then.

Below are some prevention tips.

Preventing Infections in the Future

Please also have a look at the following links, giving some advice and Tips to protect yourself against malware and reduce the potential for re-infection:
  • Avoid gaming sites, underground web pages, pirated software sites, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
Disable Autorun on Flash-Drive/Removable Drives

When is AUTORUN.INF really an AUTORUN.INF?

USB worms work by creating a file called AUTORUN.INF on the root of USB drives. These INF files then use Autorun or Autoplay (not the same thing!) to execute themselves either when the stick is inserted, or more commonly, when the user double-clicks on the USB drive icon from My Computer (Windows Explorer)...


Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. Read USB-Based Malware Attacks and Please disable Autorun asap!.

If using Windows Vista, please refer to:
"Disable AutoPlay in Windows Vista"
"Preventing AutoPlay with Local Group Policy Editor or AutoPlay options panel"

Note: When Autorun is disabled, double-clicking a drive which has autorun.inf in its root directory may still activate Autorun so be careful.

Vist the WindowsUpdate Site Regularly

I recommend you regularly visit the Windows Update Site!
  • Lots of Hacking/Trojans use the methods found (plugged by the updates) that have not been stopped by people not updating.
  • Update ALL Critical updates and any other Windows updates for services/programs that you use.
  • If you wish to turn on automatic updates then you will find here is a nice little article about turning on automatic updates.
  • Note that it will download them for you, but you still have to actually click install.
Update Non-Microsoft Programs

It is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Update all programs regularly - Make sure you update all the programs you have installed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

With Regards,
Extremeboy

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users