Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    Ski Lift in Austria Left Control Panel Open on the Internet

Featured Deal: Pay What You Want Complete Cyber Security Certification Bundle Deal

Photo

Redirect problems in Google

Started by jacobm2013 , Jul 09 2010 01:07 PM

  • Please log in to reply
1 reply to this topic

#1 jacobm2013

jacobm2013

  • Members
  • 3 posts
  • OFFLINE
    •  
  • Local time:06:56 AM

Posted 09 July 2010 - 01:07 PM

I have more of an annoyance than a large problem. Links in Google search results commonly redirect to other (most likely adware) search sites. I have and constantly use MBAM, Spybot S&D, Ad-Aware, AVG 9.0 (free version), and Hitman Pro 3.5. Over the past 3 weeks, these have removed something like 4-6 Trojans and numerous cookies, but still redirecting. Also, Hitman reported 'sdhcinst2.dll' as a rootkit, but cant seem to remove it. Any help is appreciated, and thank you for your time!

Edited by Orange Blossom, 09 July 2010 - 01:49 PM.
Move to AII as no logs posted and prep. guide not followed. ~ OB

BC AdBot (Login to Remove)

 

#2 jacobm2013

jacobm2013
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
    •  
  • Local time:06:56 AM

Posted 11 July 2010 - 11:25 AM

Hello again,

I think I have encountered a new breed (or variation) in a rootkit. I couldn't find any trace of this name in any database, but this seems to have been the cause of my problems. Below is the Hitman log showing mentioned rootkit in blue text near the bottom. If anyone else is having the Google redirect problem, try Hitman Pro, so far its been quite successful in the finding and removal of a problem overlooked by many other programs. Name was sdhcinst2.dll in system32.

-Jacob


- <Log computer="DELLCOMPUTER" scan="Normal" version="3.5.6.106" date="2010-07-09T11:09:52" reboot="yes" timeSpentInSecs="687" filesProcessed="17466">
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mwqydfdb.default\cookies.sqlite:ad.yieldmanager.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mwqydfdb.default\cookies.sqlite:adbrite.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mwqydfdb.default\cookies.sqlite:advertising.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mwqydfdb.default\cookies.sqlite:apmebf.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mwqydfdb.default\cookies.sqlite:at.atwola.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mwqydfdb.default\cookies.sqlite:atdmt.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mwqydfdb.default\cookies.sqlite:collective-media.net" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mwqydfdb.default\cookies.sqlite:doubleclick.net" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mwqydfdb.default\cookies.sqlite:kontera.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mwqydfdb.default\cookies.sqlite:mediaplex.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mwqydfdb.default\cookies.sqlite:revsci.net" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mwqydfdb.default\cookies.sqlite:smartadserver.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mwqydfdb.default\cookies.sqlite:specificclick.net" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mwqydfdb.default\cookies.sqlite:tacoda.net" />
</Item>
- <Item type="Malware" malwareName="Rootkit" score="103.0" status="PendingDelete">
- <Scanners>
<Scanner id="Prevx" name="High Risk Cloaked Malware" />
</Scanners>
<File path="C:\WINDOWS\system32\sdhcinst2.dll" hash="78CE2822445DDD684663DE9BC3563279EE903B91E3D3E120A847D0938F2088CF" />
</Item>
</Log>
Back to Am I infected? What do I do?


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Am I infected? What do I do?
  4. Privacy Policy
  5. Rules ·