Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My browser is being redirected by Myshovel


  • Please log in to reply
No replies to this topic

#1 barryd

barryd

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 24 March 2010 - 05:14 PM

Using IE 8 I am consistently being redirected. Typically I wind up being transferred to the Myshovel URL and am asked to type in an authentication pattern. Sometimes I wind up at YellowPages. When I tried to download some of the AntiVirus programs the redirection viruses would terminate my browser. I used a 2nd PC to download the programs below onto a memory stick and then installed then one by one in Safe Mode and removing them w/unistall when they failed to cure the virus. I now do not know what all is legacy and can work on the PC but am still infected.

I loaded PCTools - and had no luck w/presenting problem. Same with Pareto, MalwareBytes, SpySweeper, Eusing Registry cleaner, HiJack This.......and so on. They all found problems and cleaned them up but I am still infected. I tried the unpublished reinstall of Windows which was successful in whatever it did - I know this because at the end I was able to use all my pre-existing S/W and over the course of two days I iteratively downloaded all patches.

I did find an anomalous file in Windows/System32 called cbed.sys that was created 2/23/10. I tried to remove it and failed. I have a laptop also running XP but it does not contain this file. I asked a friend in IT who has XP on several machines and he does not have cbed.sys either. Can you explain what or why a WINDOWS/SYSTEM32 file would have a creation date that is substantially different created on date? This makes no sense and I think it is about this time that my system went bonkers.

I had a "pro" come over and we ran Kaversky - or something like that, which supposedly is a Linux program booted from CD that can scan the system outside the XP O/S. I ran this several times and while it found some things that it considered anomalous my Browser still gets hijacked.

I have loaded Safari as well as Chrome to use as secondary browsers and still have hijacking issues.

Under direction of the PCTools staff in Australia, I downloaded Combofix and ran it and only now see that I might have screwed up by doing so before being told by this forum.

I do have a log but Pareto S/W was running at the time and it might not have allowed the running of one of the ComboFix checks.

I can follow directions fairly well and am willing to have someone be my brain while I am their eyes and hands.

Hijacked in Austin
Barry L. Dichter

BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users