Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser re-direct hijack problem


  • Please log in to reply
3 replies to this topic

#1 aerograd

aerograd

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:11 AM

Posted 30 January 2010 - 10:33 PM

Hello. First time poster here. Here are the details of my problem:

A few weeks ago my computer (Windows XP w/ SP3) was infected by the Internet Security 2009/2010 virus. After a lot of researching I figured out how to remove this virus.

During that process I downloaded and installed Spybot Search & Destroy, Adaware, Malwarebytes Anti-Malware to try to stay on top of spyware, malware, etc.

The same night that the IS2009/2010 virus got me, I also noticed that my browsers (both IE7 and Firefox) were being re-directed after clicking a link on a google search page. So, I began to do more research and found that I may be infected with the go.google.com hijack (or something similar). I uninstalled Firefox and re-installed it to see if that made any difference. No luck, Firefix still got re-directed. I uninstalled it again and now only have IE7 on the computer.

I have updated all of my anti-virus (PC Tools Anti-Virus) and anti-spyware (Malwarebytes Anti-Malware, Spybot Search & Destroy, Ad-aware) programs and scanned my system numerous times with no luck in killing this browser re-direct. I put some of the sites that the browser was getting re-directed to in my list of restricted sites under Tools\Internet Options\Security\Restricted Sites. That blocked some of them from coming up but doesn't really fix the problem obviously.

I also tried following some advice from other help sites including (http://remove-malware.net/how-to-remove-gogooglecom-goyahoocom-or-gomsncom/). I deleted four registry entries in HKLM\Software\Microsoft\InternetExplorer\Main related to go.microsoft.com. I also renamed nvsvc32.exe to nvsvc32.exe.delete and wscntfy.exe to wscntfy.exe.delete. It actually said to delete these, but I renamed the extension since I was hesitant to delete them outright. Both are found in Windows\System32. Don't know if I should undo that, delete them, or leave as-is.

Well none of that has worked. I still get re-directed to various websites when I search using google then click on one of the links in the search list.

So now here I am seeking help from the experts at bleepingcomputer.com! =)

Anyhelp you could provide would be much appreciated! Thanks!

aerograd

BC AdBot (Login to Remove)

 


#2 Darthy

Darthy

    The red side of the Force


  • Members
  • 1,217 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Solar System of Ors
  • Local time:01:11 PM

Posted 30 January 2010 - 11:32 PM

Can you go to System Restore?
Εν οίδα οτι ουδέν οίδα - Socrates
Thanks John

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,565 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:11 AM

Posted 31 January 2010 - 12:53 AM

Hello, using system restore may put youback to a time before the redirects started but willl not remove the malware.

Let's look at 2 things.
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

We Need to check for Rootkits with RootRepeal
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).
  • Open Posted Image on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check all seven boxes: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 aerograd

aerograd
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:11 AM

Posted 01 February 2010 - 08:05 AM

Ok I ran ESET as requested. When I ran it I unchecked the remove found threats check box. Do I need to re-run ESET with that box checked to remove the threats listed below that it found?

Here are the contents of the ESET scan log file:

C:\Documents and Settings\Donny\Application Data\Sun\Java\Deployment\cache\6.0\37\4076ba25-25803643 multiple threats
C:\Documents and Settings\Donny\Application Data\Sun\Java\Deployment\cache\6.0\52\52d131f4-442b2585 a variant of Java/TrojanDownloader.Agent.NAD trojan



Second, I downloaded RootRepeal and began the scan as instructed. However, when it started it slowed my computer to a halt it seemed. I know you said it may take awhile to run, so I let it keep running over night. When I woke up this morning I noticed the computer clock still said 2:30 PM yesterday (when I started it). I couldn't open task manager or anything else. So, I rebooted the computer and kicked off RootRepeal again. Again, it appears to bring the computer to a standstill (at least as far as I can tell). The clock doesn't advance, I can't click on anything else, I can't open Task Manager, etc. It just shows an hourglass in a blank white RootRepeal window, but no progress bar or anything. I need further direction on what to do with RootRepeal (how long should I let it run?, can I run a subset of what was first instructed to see how it goes?, etc.), or the next step.


Thanks!

aerograd




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users