Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect Problem


  • Please log in to reply
2 replies to this topic

#1 brownkc

brownkc

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 06 May 2010 - 10:46 PM

Seems like a lot of people have had this....

For the last week or so have been dealing with this, appears to happen in IE or Firefox. One of the sites I have gotten redirected to is asklots, happens sporadically.

Windows XP Media Center Edition (Version 5.1, Service Pack 3)
Have updated my Norton 360 to Version 4.1.0.32, no viruses found
Windows Defender (spyware tool) found no problems
I can send you my DDS.TXT, ATTACH.TXT AND GMER.LOG, do not see where I can attach. Let me know what else you want me to run.
Have run Malware Bytes 1.46, did have following infections:

Files Infected:
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP496\A0079074.exe (Packed.Katusha) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP497\A0079120.exe (Packed.Katusha) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP497\A0079148.exe (Packed.Katusha) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP497\A0079185.exe (Packed.Katusha) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP498\A0079298.exe (Packed.Katusha) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP499\A0079310.exe (Packed.Katusha) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP499\A0079411.exe (Packed.Katusha) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP499\A0079345.exe (Packed.Katusha) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP500\A0079418.exe (Packed.Katusha) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP500\A0080390.exe (Packed.Katusha) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP500\A0080430.exe (Packed.Katusha) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP501\A0080451.exe (Packed.Katusha) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP501\A0081500.exe (Packed.Katusha) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\XHFHGEBDbadw.exe (Trojan.Agent) -> Quarantined and deleted successfully.

BC AdBot (Login to Remove)

 


#2 brownkc

brownkc
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 08 May 2010 - 12:29 AM

Other important info --- I am getting constant HTTPS TidServ Request 2 and HTTP Tidserv Request notifications in Norton (supposedly blocking attacks on the computer), but it seems the damage has already been done. Those appeared to start around the time that I started seeing the Redirects. It appears my C drive partition statitistics have been corrupted as well (do not show under Disk Management any more). Am concerned that personal data has been compromised. Norton support is telling me only option is to run HP Recovery which they insist is not a format/reinstall but from what I read that is what it is. Help appreciated!

#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,993 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:01:29 AM

Posted 28 July 2010 - 11:46 PM

Hello,

If you still need assistance, please follow the instructions in ==>This Guide<== starting at Step 6.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users