Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser redirector issue


  • This topic is locked This topic is locked
8 replies to this topic

#1 StumpedTech

StumpedTech

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 29 May 2010 - 12:08 AM

Hello, people! I hope someone can help me with this. I somehow acquired a browser redirector and cannot get rid of it for the life of me! I ran Malwarebytes and it removed some registry entries that were malware, but the problem with the browser being redirected when I click on a search result in IE or Firefox remains. The site always appears to be a random adAlso, occassionally, an IE window will open with a random site. No successive virus or Malwarebytes scans show anything is amiss! Here's my Hijackthis log. Any help would be much appreciated! Thanks in advance!

Agh! The original malware just came back: Antispyware Soft! Any ideas? Bueller? Bueller?

Attached Files


Edited by Budapest, 29 May 2010 - 01:12 AM.
Posts merged and moved from XP ~BP


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:08 AM

Posted 29 May 2010 - 02:54 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.
    1.Please do not run any other tool untill instructed to do so!
    2.Please reply to this thread, do not start another!
    3.Please tell me about any problems that have occurred during the fix.
    4.Please tell me of any other symptoms you may be having as these can help also.
    5.Please try as much as possible not to run anything while executing a fix.

If you follow these instructions, everything should go smoothly.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

I would like to get a better look at your system, please do the following so I can get some more detailed logs.


DeFogger:
    Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
    • The application window will appear
    • Click the Disable button to disable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger may ask you to reboot the machine, if it does - click OK
    Do not re-enable these drivers until otherwise instructed.
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Download DDS:
    Please download DDS by sUBs from one of the links below and save it to your desktop:


    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.
    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
      • DDS.txt
      • Attach.txt
    • A window will open instructing you save & post the logs
    • Save the logs to a convenient place such as your desktop
    • Copy the contents of both logs & post in your next reply

Gmer

Download GMER Rootkit Scanner from here.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO


  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Note: Do not run any programs while Gmer is running.


information and logs:
    In your next post I need the following
      1.logs from DDS
      2.log from GMER
      3.let me know of any problems you may have had

Gringo



I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 StumpedTech

StumpedTech
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 29 May 2010 - 11:22 AM

Hey, thanks, man! Here are the logfiles you requested. Hope they help! I'll have to add the GMER.txt file in a second reply. It exceeded the size limit.

Attached Files



#4 StumpedTech

StumpedTech
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 29 May 2010 - 11:30 AM

Actually, the GMER.txt file was larger than the limit by itself, so I split it into two files. Here is the first part.

Attached Files



#5 StumpedTech

StumpedTech
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 29 May 2010 - 11:38 AM

Hrm...didn't notice the file size limit. Ok, here's GMER in zipped form. And, thank you.

Attached Files

  • Attached File  gmer.zip   40.09KB   8 downloads


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:08 AM

Posted 29 May 2010 - 01:50 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:
    Please visit this webpage for download links, and instructions for running the tool:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    Please ensure you read this guide carefully and install the Recovery Console first.

    The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode.
    This allows us to more easily help you should your computer have a problem after an attempted removal of malware.
    It is a simple procedure that will only take a few moments of your time.


    Once installed, you should see a blue screen prompt that says:
      The Recovery Console was successfully installed.
    Please continue as follows:
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Click Yes to allow ComboFix to continue scanning for malware.

    When the tool is finished, it will produce a report for you.

    Please include the report in your next post:

    C:\ComboFix.txt

"information and logs"
    In your next post I need the following
    1. Log from Combofix
    2. let me know of any problems you may have had
    3. How is the computer doing now?

Gringo



I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 StumpedTech

StumpedTech
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 29 May 2010 - 09:00 PM

One thing I have noticed is now my Antirvir (AVG) keeps detecting malware. For example: Documents and Settings\Network Services\Local Settings\Temporary Internet Files\Content.IE5\ALFXVAZ2\build_creative[1].htm. Also Battlefield: Bad Company 2 is now crashing everytime I try to open it. Attached is my combofix log. The only difference I can see now is that my desktop doesn't come up about every other restart. Thanks, Gringo!

Attached Files



#8 StumpedTech

StumpedTech
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 30 May 2010 - 04:12 PM

Forget about it, Gringo. I just decided to bite the bullet and reimage it. That's why I made an image of my computer in the first place. I appreciate your help, though.

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:08 AM

Posted 30 May 2010 - 09:33 PM

Hello StumpedTech


thanks for letting me know.


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users