Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser redirect - possibly opachki.ru? Scans clean, but still redirecting


  • Please log in to reply
14 replies to this topic

#1 Sporatica

Sporatica

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:22 AM

Posted 02 July 2010 - 12:57 AM

Major Browser redirect problem not found by any of the antivirus or anti-malware scans that I've run.

System is: Win Xp Pro SP3 running ZA Security Suite Firewall/Antivirus, using FF 3.6.6

This started yesterday, after downloading pdf. ZA kept requesting permission to load exe files. I did not allow and cleared my download list and deleted the pdf (which wouldn't load anyway.)

While searching in yahoo using FF, I began getting redirected to other sites when I clicked on the search results. So, I closed FF and tried IE - same thing.

I updated and ran ZA antivirus scan, it came up with a few things and cleaned them up (I don't know where to find the log) this did not fix the problem.

I updated and ran Malwarebytes, it didn't find anything - but the problem remained.

I updated and ran Super Anti-Spyware, it too came out clean, but the problem remained.

I updated and ran Spybot, which found Opachki.ru but failed at clean up. I saved that log to pdf.

Next, I ran TrendMicro Housecall - nothing - then I downloaded and ran AVG trial - nothing; then I ran Bitdefender (online) - still shows clean.

Just finished running an OTL scan. I am at my wits end. I've searched for manual removal instructions, but none of the registry keys, that are supposed to be attributed to Opachki.ru - are where they are supposed to be.

Please Help a gal out. My washing machine went out, which is why I was searching for parts diagrams in the first place. I am going nuts and have run out of ideas. I should have the OTL log ready as soon as it's done scanning (I have never used OTL, so I have no idea how long that's going to take)

My system is booting at a snails pace and it now takes forever for FF or IE to load. I've got my startup down to basic needs and it is still taking forever.

Thanks in advance to anybody who can help me get back to good on this.

Edited by Sporatica, 02 July 2010 - 04:03 AM.


BC AdBot (Login to Remove)

 


#2 Sporatica

Sporatica
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:22 AM

Posted 02 July 2010 - 01:06 AM

I tried posting the OTL logs here, but they must be too long becuase the copy/paste is good, but the end result is incomplete

Edited by Sporatica, 02 July 2010 - 01:55 AM.


#3 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,080 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:22 PM

Posted 02 July 2010 - 06:10 AM

Hello, please try following the steps here

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#4 Sporatica

Sporatica
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:22 AM

Posted 02 July 2010 - 04:07 PM

Hello, please try following the steps here

Thank you, than you, thank you!! I have struggled for two days. Thank you so much :thumbsup:

#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,080 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:22 PM

Posted 02 July 2010 - 04:15 PM

I take it that did the trick :thumbsup:

Please let me know if you need any more help.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#6 Sporatica

Sporatica
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:22 AM

Posted 02 July 2010 - 04:50 PM

I take it that did the trick :thumbsup:

Please let me know if you need any more help.


Will do. You know, I thought about running TDSS, but wasn't sure it was applicable. But, I did see it recommended here for a similar problem. Thanks again.

#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,080 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:22 PM

Posted 03 July 2010 - 02:13 AM

Always keep in mind that this is a powerful tool and things may go wrong. This rootkit is quite nasty and although tools like TDSSKiller are updated constantly, success is not guaranteed.

Its also recommended you change passwords/sensitive information if present on your computer (including online banking data). This rootkit has backdoor capabilities and may have compromised your windows security. There is no way to verify/repair this and the only way to be sure this security vulnerability is gone, is by performing a reformat/reinstall of windows.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#8 Sporatica

Sporatica
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:22 AM

Posted 03 July 2010 - 05:45 AM

Always keep in mind that this is a powerful tool and things may go wrong. This rootkit is quite nasty and although tools like TDSSKiller are updated constantly, success is not guaranteed.

Its also recommended you change passwords/sensitive information if present on your computer (including online banking data). This rootkit has backdoor capabilities and may have compromised your windows security. There is no way to verify/repair this and the only way to be sure this security vulnerability is gone, is by performing a reformat/reinstall of windows.


Thanks again. I've never been one to store passwords on my PC. It just never felt right. I am sure glad it's gone >> Fingers crossed. Does this migrate to other disk drives? I have five HDD's and would hate to have to reformat all of them - mostly multimedia... movies, videos, etc...

This is the first time I've ever run across something I couldn't track down and kill until this hit my PC.

if i had the time to reformat and reinstall everything I would - I am getting ready to build a new PC and that will be a clean install.

Thanks for all of your continued help.Any idea of what's the best way to keep this from happening again?

#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,080 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:22 PM

Posted 03 July 2010 - 05:54 AM

Usually this does not spread to other drives. Its an infected file in your Drivers folder. See below for some general information.

Please read these advices, in order to prevent reinfecting your PC:
  • Install and update the following programs regularly:
    • an outbound firewall
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
    • MVPs hosts file
      A tutorial for MVPs hosts file can be found here. If you would like automatic updates you might want to take a look at HostMan host file manager. For more information on thehosts file, and what it can do for you,please consult the Tutorial on the Hosts file
  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.
    Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
  • Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.
  • Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.
Some more links you might find of interest:

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 Sporatica

Sporatica
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:22 AM

Posted 03 July 2010 - 06:16 AM

Thanks. I have all of that except spyware blaster. I'll get that first thing tomorrow.


Usually this does not spread to other drives. Its an infected file in your Drivers folder. See below for some general information.

Please read these advices, in order to prevent reinfecting your PC:

  • Install and update the following programs regularly:
    • an outbound firewall
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
    • MVPs hosts file
      A tutorial for MVPs hosts file can be found here. If you would like automatic updates you might want to take a look at HostMan host file manager. For more information on thehosts file, and what it can do for you,please consult the Tutorial on the Hosts file
  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.
    Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
  • Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.
  • Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.
Some more links you might find of interest:



#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,080 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:22 PM

Posted 03 July 2010 - 06:26 AM

Please post back here in case you have any more questions :thumbsup:

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 Sporatica

Sporatica
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:22 AM

Posted 03 July 2010 - 07:26 AM

Please post back here in case you have any more questions :flowers:

Will do. Once again, thank you so much for helping me out with this. :thumbsup:

#13 mr.tomo

mr.tomo

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:22 PM

Posted 03 July 2010 - 12:52 PM

Please post back here in case you have any more questions :flowers:

Will do. Once again, thank you so much for helping me out with this. :thumbsup:

Thank you Both.. I had the exact same problem, only I could never put into words like wot you did..lol.. As for the solution? 5 days of misery sorted in minutes!! Thanks Again..:trumpet:

#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,080 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:22 PM

Posted 03 July 2010 - 12:55 PM

Glad it worked for you too :thumbsup:

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#15 Sporatica

Sporatica
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:22 AM

Posted 03 July 2010 - 01:08 PM

I am so glad that the fix worked for you. This was one stubborn bug. :flowers:

Please post back here in case you have any more questions :trumpet:

Will do. Once again, thank you so much for helping me out with this. :thumbsup:

Thank you Both.. I had the exact same problem, only I could never put into words like wot you did..lol.. As for the solution? 5 days of misery sorted in minutes!! Thanks Again..:inlove:


Edited by Sporatica, 03 July 2010 - 01:09 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users