Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Redirect Problem


  • This topic is locked This topic is locked
2 replies to this topic

#1 scs

scs

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:20 AM

Posted 19 May 2010 - 04:05 PM

Hi,

This past weekend I noticed that my browser started redirecting to anonymous sites from google search links. I also noticed a fictitious antispyware called antispyware soft pop up on my screen. I also happened to purchase a new graphics card at about that same time. Rather than use the CD included in the box I decided to download the latest and greatest drivers directly from msi's home site. That is when I noticed the next symptom; I could no longer download a file. It would get to 99% and then get a host rest error.

At that point I rebooted in safe mode with networking and began to research the problem online and look for the best antispyware download. I decided on ESET. I downloaded and then ran the trial after a reboot to normal mode. ESET found numerous suspicious files and cleaned or quarantined them. I rebooted, opened up mozilla, ran a google search, clicked on it and all seemed okay until I clicked on another search link.

At that point all problems returned. I found that I could use google search links by copying the link and manually pasting into a new broswer window.

I decided to search for manual resolutions and found a fix to search for and delete some file and then go into the registry and delete some entries. After doing so all seemed fine for a while, but then later reincarnated itself will all previous problem and more. Now my email wouldn't work (outlook) and I started getting a persistent error box stating that the username and password for my proxyserver were invalid 0.0.0.0.

At this point I rebooted back in safe with networking mode and then found a download called malwarebytes and ran it with the same outcome as all the other remedies, although it found things that ESET did not.

Back to Safe mode again! The next thing I did I now realize I should not have done after reading through your forum. I downloaded and ran "ComboFix", so my apologies for jumping the gun on that but I was in panic mode at that point and didn't fully read before acting. However, I probably lucked out. It crashed on the first several attempts until I finally figured out to disable ESET in the Start menu and then reboot. I also disabled a lot of other items on startup that I thought looked suspicious or were otherwise not essential. For example, I disabled all JAVA related items because I suspected an intrusion via JAVA for a while now. After reboot ComboFix ran through all phases and created a log file. As per your site instructions I am not posting it unless directed to do so.

The good news is that it fixed some things. With a cringe, I reluctantly restarted ESET and dared to try outlook again. ESET prompted me to allow or disallow each remote connection. Prior to allowing each, I independently verified the IP address of each from another PC. My email works fine now and the malware programs show no signs of still being on my computer.

However, I have not had the courage to open any browser since running "ComboFix". After reading your forums more (from another pc) I decided that it is best to have the experts advise from this point before I open another can of worms.

Thanks in advance and sorry for the book, but I wanted to provide as much relevant information as possible from point of first symptom to now.

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,947 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:10:20 AM

Posted 19 May 2010 - 04:09 PM

Hello,

That request about NOT posting CF logs is primarily to keep people from running the program unsupervised.

Please read this topic: http://www.bleepingcomputer.com/forums/t/273628/combofix-usage-questions-help-look-here/ which explains that reasoning further.

Please follow the instructions in ==>This Guide<== starting at step 6.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Since you have run ComboFix, please include the ComboFix log in the new topic.

If you cannot produce any of the other logs, then please create the new topic anyway, include the information that you were unable to produce the other logs and why and include the ComboFix log along with a description of your computer issues.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,947 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:10:20 AM

Posted 19 May 2010 - 07:35 PM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/t/317871/antispyware-soft/ you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users