Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Another search re-direct virus/malware...


  • Please log in to reply
5 replies to this topic

#1 ratner

ratner

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:08 AM

Posted 07 June 2010 - 09:39 PM

Hello esteemed advisors,

My PC seems to have been infected by a virus or some sort of malware that spawns a new Internet Explorer window using the keyword searched for on a search web-site. The window opens relatively infrequently (approximately once a hour), and so far I have noticed this occurring when I have used Google to search for an item. I just did a search on Bing to see if a similar issue arises.

I have followed the instructions posted on another topic/thread called "I keep getting redirected and it won't go..." <www.bleepingcomputer.com/forums/topic322176.html using both Super Anti Spyware and ATF Cleaner in the manner presribed in this posting. I just completed the last step of rerunning a MalwareBytes Quick-Scan and rebooting the machine, however, shortly after doing yet another search on Google, a new IE window appeared with one of the terms the same as the search keyword that I used to search on Google.

I am new to this forum, and therefore, am not familiar with the protocol to post logs from MalwareByte, etc. I would appreciate any assistance you can provide me with regarding this. For yoyur reference, I am running Windows XP. Thank you very much.

Sincerely,
Ratner

BC AdBot (Login to Remove)

 


#2 mullay

mullay

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:08 AM

Posted 07 June 2010 - 09:59 PM

this isnt a definate fix but try http://www.bleepingcomputer.com/virus-remo...sing-tdsskiller as far as getting rid off pop-ups its worked for myself and several others hopefully a forum moderater will get around to responding to your post with more relevant information on how to get rid of this crap.

#3 ratner

ratner
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:08 AM

Posted 08 June 2010 - 10:39 AM

Hi Mullay,

Sorry I didn't get to respond earlier, but I wasn't able to stay awake until the last scan was over last night.

Your recommendation to use the steps outlined in http://www.bleepingcomputer.com/virus-remo...sing-tdsskiller seemed to have worked! The only thing I did differently was to run a full-scan on MalwareBytes (instead of quick-scan) which yielded no malware.

I have not re-started my computer as of yet since this scan, however, I've been performing a couple of searches on Google, and none of them are yielding re-directions. I will post again if the problem appears, but for now you can assume that you recommended steps solved the issue. Thanks a million!!!

Best,
Ratner

#4 ratner

ratner
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:08 AM

Posted 08 June 2010 - 10:15 PM

Hello Mullay and (hopefully) a Forum Moderator,

I had a Google re-direct issue which I managed to solve with Mullay's suggestion to follow the instructions described in http://www.bleepingcomputer.com/virus-remo...sing-tdsskiller.

The issue wasn't seen again after the last full MalwareBytes scan, and I have been using my computer problem free, until about half-an-hour ago when an AV Secuirty Suite pop-up came up and claimed to start scanning my machine. I immediately tried running rkill.exe (I didn't have the opportunity to rename it), and received an error message stating that rkill.exe had been infected.

I then restarted the machine in Safe Mode and have been running a MalwareBytes full-scan. It has thus far found no malicious objects in the past half-hour, but a full-scan can take up to 3 hours on my machine.

Any advice and/or assistance you can provide me with to solve this issue would be very much appreciated. Are these two issues related? Was the Google re-direct issue actually fixed with the previous procedure? Please let me know ast your earliest convenience. Thanks in advance for your assistance.

Kind regards,
Ratner

#5 ratner

ratner
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:08 AM

Posted 09 June 2010 - 09:24 AM

Hello All,

I earlier had a Google re-direct issue which I was able to overcome using TDSSkill (http://www.bleepingcomputer.com/forums/topic322516.html).

However, soon after re-setting my computer, after having solved this issue, an AV Security Suite window popped up. I immediately tried running rkill.exe and received an error message stating that rkill.exe had been infected.

I then restarted the machine in Safe Mode and ran a MalwareBytes full-scan, which found no Malware running.

I then followed the instructions outlined in this post: http://www.bleepingcomputer.com/forums/ind...amp;hl=AV+Suite and used ATF-Cleaner and SUPERAntiSpyware in the manner decribed. The SUPERAntiSpyware scan found a single Trojan.Agent/Gen-Frauder.

I ran MalwareByte again (Full-Scan) in Safe-Mode and found 2 infected registry keys, both in HKEY_CURRENT_USER\Software (avsot and avsuite) that were quarantined and deleted successfully.

After re-starting the machine, the AV Security Suite popped up again. This time, I was able to find a process from the Windows Task Manager named aeedfw.exe. Since I didn't recognize it I stopped the process and the AV Security Suite pop-up immediately disappered. Now, however, although I am able to run Internet Explorer, it is unable to connect to any web-site and gives me an error as if I was not connected to the network.

Each time I re-start, I see this aeedfw.exe process running, immediately kill it via the Windows Task Manager, and am unable to connect to the Internet via Internet Explorer. I know that I have a valid network connection since I am able to used SSH to connect sucessfully.

Any help or guidance anyone can provide me with on fixing thi issue would be very much appreciated.

Sincerely,
Ratner

Edited by Orange Blossom, 11 June 2010 - 09:55 PM.
Merged topics. ~ OB


#6 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,946 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:09:08 AM

Posted 11 June 2010 - 09:54 PM

Hello,

Given what you've already tried, please follow the instructions in ==>This Guide<== starting at Step 6.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to try to resolve them.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users