Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

google search engine is taking me


  • Please log in to reply
9 replies to this topic

#1 Hagrid

Hagrid

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 28 January 2010 - 10:26 AM

Hi,

I'm very new here, so this is my first post.

I believe i am having a similar problem. When i search on google, when i select on a link, a rogue IP address comes at the start of the address line followed with a whole random string of characters. Mbam is now blocking the access to the links but they are still trying to access pc etc.

I run with comodo and now Mbam, where i was using SuperAntiSpyware. I installed Avast which found 41 Trojans and Worms, but all scans now come up with nothing, except for a FakeAlert or something along those lines. I have also since removed Avast due to my pc locking up with it being installed.

Can anyone please advise? I have never had so much trouble removing a virus before, as normally one of the things i throw at it, will get rid.

Thankyou in advance for any help.

Haggy

Edited by Hagrid, 28 January 2010 - 10:27 AM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:56 AM

Posted 28 January 2010 - 10:52 AM

Hello Hagrid, I've split you to your own topic. Less confusing for all..
Anyway to get a feel for where we are. Please post your Super scan log...

Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.


Now an Online scan.
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
Tell me how it is running.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Hagrid

Hagrid
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 28 January 2010 - 10:58 AM

Thanks boopme :thumbsup:

Sorry for posting in someone elses thread.

Anyway..i'll get on with those instructions and get back to you asap.

Thanks again..

Haggy

#4 Hagrid

Hagrid
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 28 January 2010 - 11:20 AM

Here is the log on the Mbam scan...


Malwarebytes' Anti-Malware 1.44
Database version: 3651
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

28/01/2010 16:12:32
mbam-log-2010-01-28 (16-12-28).txt

Scan type: Quick Scan
Objects scanned: 148838
Time elapsed: 5 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0\friendlyname (Trojan.FakeAlert) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#5 Hagrid

Hagrid
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 28 January 2010 - 11:30 AM

Following the next set of instruction for ESET, it gets to the scan part and just immediately comes back with results...

Scanned Files: 0
Infected Files: 0
Cleaned Files: 0
Total Scan Time: 00:00:00
Scan Status: Finished

It gives me a little warning about an my existing AV software. Would this software stop the scan from running? Would i be best uninstalling Comodo to carry out this scan?

#6 Hagrid

Hagrid
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 28 January 2010 - 12:44 PM

After uninstalling Comodo the scan worked fine and gave the following results:

Scanned Files: 105256
Infected Files: 0
Cleaned Files: 0
Total Scan Time: 00:47:42
Scan Status: Finshed

This is giving the same results as everything that i have thrown at it..but i know it's still there, because even during the scan Mbam blocked several attempts from rogue IP's accessing my pc, and the google link thing is still happening :thumbsup:

Any further ideas on what to do now?

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:56 AM

Posted 28 January 2010 - 12:52 PM

Not a problem ,I see you are new. It's just always better to have your own topic and instructions.. Tho the issues may look the same the differences in the machines can require different approaches.. As it is you appear to have a hidden and protected malware. We need you do do something else and make a new topic.

You will need to run HJT/DDS.
Please follow this guide. go and do steps 6 thru 8 ,, Preparation Guide For Use Before Using Hijackthis. Then go here HijackThis Logs and Virus/Trojan/Spyware/Malware Removal ,click New Topic,give it a relevant Title and post that complete log.

Let me know if it went OK.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 Hagrid

Hagrid
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 28 January 2010 - 01:03 PM

Thankyou boopme..you're a star :thumbsup:

I will let you know how it all goes :flowers:

#9 Hagrid

Hagrid
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 31 January 2010 - 05:35 PM

As promised boopme..i have come back to let you know how it all went :trumpet:

Thanks to farbar..my system is now clean and clear :thumbsup:

It was a long process but well worth it in the end!!!!!

Thankyou to all the Bleeping Computer crew :flowers:

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:56 AM

Posted 01 February 2010 - 01:40 PM

Hey thanks. :thumbsup:
Yeah farbar's great.. I know it was a wait,but there were malwares in there that weren't going to get out in AII,so best to send you there..
Really glad your good no ,,have fun..
You're welcome from all of us here at BC. We are glad to have helped.
Please take a few minutes to read our quietman7's excellent Tips to protect yourself against malware and reduce the potential for re-infection:,in post 17. :flowers:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users