Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Search Result Redirect + Port Scanning

  • Please log in to reply
1 reply to this topic

#1 BenBasson


  • Members
  • 2 posts
  • Local time:12:10 AM

Posted 01 January 2010 - 11:19 AM

Hi there, I hope you guys can help. My system appears to have been afflicted with all kinds of junk. System Restore is a non-starter, I don't think I have restore points going back far enough to sort this out.

The first symptom I noticed was explorer wasn't loading on startup. A dodgy entry had got into the Shell key in the registry, so I cleaned that up and started running Malware scans. Subsequently, I've noticed that maybe 50-70% of the time I click on a Google search result, I'm being redirected to sites other than the link suggests. If I copy the link location and navigate to it directly, the link works. If I keep going back and clicking again, I get through as well.

I've also noticed some port scan activity in my router firewall logs that has been blocked. The activity is UDP outgoing from my box on ports 1031 and 3343 to a remote IP of varying ports around 55000+

So far, I have run SUPERAntispyware, Spybot, Adaware (free), MBAB, ComboFix, HouseCall, Panda ActiveScan and ESET Online Scan.

SUPERAntispyware has yet to find anything apart from tracking cookies, same with Spybot and Adaware.

MBAB found "Trojan.Sasfix" and what looked like a false positive hit on a couple of files for "Spyware.OnlineGames", I let it quarantine the files.

As far as I can tell, ComboFix did nothing, but I have the log to hand.

Panda ActiveScan just came up with false positives as far as I'm concerned (it targeted two files I've had for years), but I have these files backed up, so I just let it delete them.

ESET Online Scan came up with "Win32.Spybot.Worm" and said that it fixed it, and I can't see any other traces of the virus to confirm or deny this.

After all this, the problem is still occurring, and I'm absolutely stumped. Can anyone tell me what to do now? Logs can be supplied on request.

Thanks in advance.

Oh yeah... I'm running Windows XP Pro.

Edited by BenBasson, 01 January 2010 - 11:35 AM.

BC AdBot (Login to Remove)


#2 BenBasson

  • Topic Starter

  • Members
  • 2 posts
  • Local time:12:10 AM

Posted 01 January 2010 - 01:35 PM

If I post logs will someone be willing to move this over to the appropriate section? Thanks.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users