Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firefox & Internet Explorer Being Redirected


  • Please log in to reply
1 reply to this topic

#1 needy1977

needy1977

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:33 PM

Posted 01 January 2010 - 04:37 PM

This problem of being redirected started with a Malware infection. I was browsing the Internet (using Firefox 3.5.6) for game downloads, after following a link to a website my computer took a pretty hard hit. I never clicked on anything to choose a download, and was leaving the site to check out other leads. Windows alerts came up telling me my Firewall had been shut off, and next my antivirus (Symantec Antivirus) was shut off. I was totally taken off guard and had no idea yet what was taking place. The next thing was I see a notice about "downloads completed" and "Media Pass" was being installed on my computer. At this point Symantec is struggling and popping warnings that I have been infected with "Downloader and Trojan.Vundo". The first thing I do is disconnect from the Internet. Symantec wants me to reboot to remove the risk, I do this but keep getting reinfected. I decide to go to "Safe Mode" to work from there. My computer won't go into "Safe Mode", I'm getting a stop error BSOD. I don't know if this is due to the virus or a problem that I had and was unaware of. From this point I leave this computer off the Internet and get on a spare computer looking for answers. I download Malwarebytes and attempt to install but the virus won't let me finish. I find out about using the Malwarebytes with a renamed executable and download that. I also read to use "Rkill" first and do that. Now I have been able to successfully run the Malwarebytes and it picked loads of stuff off of my system. I ran it a couple more times and it found 1 thing each time and finally the next couple scans were clean. Next I ran "Ad-Aware" and that also found 1 thing which it deleted, the next scans were clean. On both of those programs I did choose "Full Complete Scans". The next thing I did was finally hooked into the Internet and I find that both Firefox and Internet Explorer are being redirected to various advertising sites. I decided to try and scan with "Trend Micro House Call". It finds 1 thing and the next 2 scans are clean. I'm still running into the problem of being redirected. One other thing, when running the scan from Trend, Symantec pops up about a couple of Trojans being dumped on me and it Quarantines them. I don't know if this is due to something that Trend uses or an actual Trojan.

I am running Windows XP Media Center Edition with Service Pack 3, my Symantec was up to date with virus definitions 12-25-2009 so was my Ad-Aware, same date. This attack took place on 12-30-2009. I have since updated my virus definitions to 12-31-2009. Any ideas about what might get my computer back to it's former state would be appreciated.

I am editing my post because I found that my "System Restore " has been disabled. The message I get is "System Restore has been turned off by group policy. To turn on System Restore contact your domain Administrator".

While I have been waiting for a response from someone, I have installed and ran SuperAntiSpyware. It found a couple of things, mostly tracking cookies. There is still something lurking in this computer, I'm being swept away into Advertising sites while searching for other things (mostly looking for anything pertaining to my problem).

Edited by needy1977, 02 January 2010 - 11:07 AM.


BC AdBot (Login to Remove)

 


#2 needy1977

needy1977
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:33 PM

Posted 03 January 2010 - 11:46 AM

I am updating my previous post for those of you who may be interested in my experience. I am in the process of reformatting my infected computer; what a trip it has been. It was difficult for me to believe that my computer took such a beating as I am faithful at keeping things up to date. Before I began the reformat this was the final trigger for me:
I decided to run another online scan, this time I chose Kaspersky. It was very thorough, about 2 hours in, it was still only at around 30%. It had found a few things but I was leaving it alone to finish before reading its findings. Up comes a window saying something like "Generic host process for Win32 services has encountered a problem and needs to close" I read the details but it's a language I don't understand. I ignored it knowing it was probably something to do with my infection and I could see that my computer was still being scanned. Shortly afterwards up pops another window, "System shutdown NT Authority System, DCOM server process launcher service terminated unexpectedly". Oh yeah, my computer shut itself down. I made one more attempt to scan online with Kaspersky but this time I was only on for a minute or so before it shut down.
That was enough for me, my computer was out of my control and I believe I could not take any chances with this creepy thing that was hiding inside. I have changed my passwords to be on the safe side and hope I never run across anything like this again.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users