Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Web Browsers are being taken over, can't find any security threats


  • This topic is locked This topic is locked
26 replies to this topic

#1 DanL21

DanL21

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:58 AM

Posted 13 April 2010 - 10:24 PM

OS: Windows XP - Media Center Edition - Version 2002 - Service Pack 3

Ok, so I've had this irritating problem for about a week now; Google Chrome will not load any pages, I open it and the window bar reads "Untitled:" and the page acts like it's trying to load and will not time-out, no matter how long I leave it open. This is for every website imaginable, not a single one works.

So, thinking Chrome is no longer an option, I moved back in with Mozilla FireFox. Well, immediately I noticed that when I went to Google or certain Forums, FireFox would open a dialogue box reading "Alert! The URL is invalid and cannot be loaded" (at one point, there were over 20 stacked on top of one another).. after I "X" out of the Alert dialogue, FireFox immediately opens up exactly 13 new tabs in a new window mixed with strange URLs. Since the newest update ran for FireFox, I no longer get the dialogue box, it just opens the new window with the 13 tabs without warning.

Some of the weird links included:
CODE
http://www.jbs.com/#%C3%85r*%C3%84%E2%80%A2#k
http://xn--iovg 0so8p-r6a5zte6bfax01pmyru60ovra/
http://xn-- -vq-dva4kw5cq7hy49h/

But exactly 7 of the links will turn out to be : file:///C:/Program%20Files/Mozilla%20Firefox/ : and open my FireFox Index



Internet Explorer (my last hope) will open a new page with a random website when I visit Google, but that's about all it does.

This all started after I had an episode with a virus; XP Antispyware Protection, I have since cleaned out the virus and other infected files, but I can't seem to get rid of this annoyance. McAfee failed to provide AntiVirus protection for some reason and my computer got slammed. I since removed McAfee and now have ESET's NOD32 AntiVirus, which is constantly blocking strange links with random characters in it.


I've run the following programs to help find what's ailing my computer:

1. Boot into Safe Mode (Networking) via BootSafe
2. Run CCleaner
3. Run CleanUp!
4. Run SuperAntiSpyware Full Scan
5. Run Malwarebytes' Anti-Malware Full Scan
6. Run SpyBot Search & Destroy
7. Run CleanUp! once more
8. Run Glary Registry Repair

After all of these scans my computer finds ZERO (0) security threats. I've also uninstalled and re-installed every browser (IE, FF, Chrome) as well as Google Desktop (as I've heard that might be the problem for Chrome not working, but is not the case)


So in summary:
Chrome - won't work, period
FireFox - any link opened or certain website produces a new tabbed window with jibberish in the URLs (Google especially, but not limited to)
IE - any link opened or certain website produces a single page with a re-directed link (Google especially, but not limited to)
Multiple Virus scans have been done and nothing has shown itself as the problem.

If anyone can help me figure out what I need to do to find and get rid of this overly annoying browser hijack, it'd be appreciated. I can't go on like this! dry.gif

Edited by DanL21, 13 April 2010 - 11:01 PM.


BC AdBot (Login to Remove)

 


#2 DanL21

DanL21
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:58 AM

Posted 13 April 2010 - 11:54 PM

I should add that I do not get the common hijack problem of being redirected from the search link I click on. If I do a Google search and click on a link, the page will work fine, but open up a new tabbed window with those random links and FF Index pages on them. (it will do this when I visit most sites also.. such as when I went to the website to download GMER, it happened, which I would think would be a secure site. This site seems to be the only page I can load without having this problem occur.

Edited by DanL21, 13 April 2010 - 11:55 PM.


#3 DanL21

DanL21
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:58 AM

Posted 14 April 2010 - 12:59 PM

Bump - Anyone got a clue or something that I can run to find this problem?

#4 DanL21

DanL21
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:58 AM

Posted 14 April 2010 - 05:57 PM

Bump

#5 DanL21

DanL21
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:58 AM

Posted 14 April 2010 - 10:41 PM

Am I breaking any rules by bumping this within 24hrs? I just need help, I'm not sure what else this (probable) rootkit will harm

#6 DanL21

DanL21
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:58 AM

Posted 15 April 2010 - 01:02 PM

...bump

#7 DanL21

DanL21
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:58 AM

Posted 15 April 2010 - 09:50 PM

Can I get a little help?

#8 Value

Value

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:58 AM

Posted 15 April 2010 - 09:55 PM

Hey, I've been dealing with a problem similar to yours (got infected with that stupid xp antispyware thing, removed it...then mozilla started opening extra tabs etc...then I tried switching to google chrome and it won't load anything!)

So maybe check out my thread for some ideas...I think I may have finally broken through by actually using the Windows Malicious Removal Tool thing...as it found this virus: http://www.microsoft.com/security/portal/T...Win32/Alureon.G

Read the description and it sounds exactly like what is messing with us.

That windows tool was recently updated and released with like 7 other security updates...so if your windows updater is on you should have the new version and you can google a way to manually start it up. If you don't have them yet, go to the windows site and grab em then try it out.

#9 DanL21

DanL21
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:58 AM

Posted 15 April 2010 - 10:27 PM

QUOTE(Value @ Apr 15 2010, 10:55 PM) View Post
Hey, I've been dealing with a problem similar to yours (got infected with that stupid xp antispyware thing, removed it...then mozilla started opening extra tabs etc...then I tried switching to google chrome and it won't load anything!)

So maybe check out my thread for some ideas...I think I may have finally broken through by actually using the Windows Malicious Removal Tool thing...as it found this virus: http://www.microsoft.com/security/portal/T...Win32/Alureon.G

Read the description and it sounds exactly like what is messing with us.

That windows tool was recently updated and released with like 7 other security updates...so if your windows updater is on you should have the new version and you can google a way to manually start it up. If you don't have them yet, go to the windows site and grab em then try it out.



Thanks a lot, it does seem we have (had) the same problem. I've taken a glance at your infection post and will try to retrace the steps you took.

Edited by DanL21, 15 April 2010 - 10:39 PM.


#10 DanL21

DanL21
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:58 AM

Posted 15 April 2010 - 10:40 PM

Well, TDSS-Killer found a rootkit infecting my atapi driver, and then said it removed it. I rebooted, but upon rebooting explorer.exe failed to executed and I had to shut down again manually, and the browser problems I have still exist.

I ran TDSS-Killer once more and it found the same infection and says "will be cured on next reboot" .. I guess I'll try once more.

EDIT: Still not removed, and once running TDSS for a third time, it found the same root kit. Does TDSS actually remove these or is it another program? Gawd I hate this rootkit.

Edited by DanL21, 15 April 2010 - 10:57 PM.


#11 DanL21

DanL21
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:58 AM

Posted 16 April 2010 - 12:31 PM

Ok, so I guess I'll try another help forum... so much for the high hopes I had for this one.

#12 jonm01

jonm01

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:58 AM

Posted 16 April 2010 - 02:54 PM

Combofix worked for me. I'm always scared of using it but it has cured 3 of my machines.

#13 DanL21

DanL21
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:58 AM

Posted 16 April 2010 - 03:42 PM

QUOTE(jonm01 @ Apr 16 2010, 03:54 PM) View Post
Combofix worked for me. I'm always scared of using it but it has cured 3 of my machines.


I have no idea how to use it, and I think I saw somewhere that it's strongly suggested not to use it without help from someone who can give instructions

#14 jonm01

jonm01

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:58 AM

Posted 18 April 2010 - 05:18 AM

There's plenty of instructions. It pretty much does it's own thing.

Some vids on youtube aswell

#15 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:58 PM

Posted 19 April 2010 - 01:16 AM

DanL21, I have a feeling that the reason you did not receive help earlier is that by continually bumping your topic it made it appear that someone was already helping you because there were several replies to your thread.

Anyway, try this scan:

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Make sure the Sections option is checked (in the right hand panel). Leave all other options unchecked!
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users