Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirected to Random Search Engines?


  • This topic is locked This topic is locked
39 replies to this topic

#1 Puzzled30

Puzzled30

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:San Diego
  • Local time:08:16 AM

Posted 13 July 2010 - 01:57 PM

Okay, so here is the order of events. My computer got infected with the Security Suite virus a few days ago. I followed the instructions with Rkill and Malwarebytes. I had to run it a few times, but all seemed to be good. The next day, I ran Malbytes, it again found more. I again ran Rkill, and it continues to find and stop "imapi.exe." So, today I open Explorer, try to Google something, then I open the link I want to see, but it keeps sending me to different search engines and ads! Super frustrating! So, right now, I am running Malbytes again and its already found two more, and its not done running!

On top of all that, everytime I reboot, I keep getting a message that says "Generic Host Process Win32" from data execution.

Any help would be greatly appreciated.

Thanks

BC AdBot (Login to Remove)

 


#2 Puzzled30

Puzzled30
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:San Diego
  • Local time:08:16 AM

Posted 13 July 2010 - 05:38 PM

I read an earlier thread about this so I decided to use the ATF cleaner, and SUPERAntispyware. Here is the log from SAS. Can anyone tell me what I should do next? The earlier post was recommended to d/load FakeAlert Stinger, but I am unsure if I need to do that??

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/13/2010 at 03:25 PM

Application Version : 4.40.1002

Core Rules Database Version : 5193
Trace Rules Database Version: 3005

Scan type : Complete Scan
Total Scan Time : 01:40:56

Memory items scanned : 283
Memory threats detected : 0
Registry items scanned : 7276
Registry threats detected : 0
File items scanned : 147582
File threats detected : 46

Adware.Flash Tracking Cookie
C:\Documents and Settings\HP_Administrator\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GQ6GF4K7\MEMECOUNTER.COM
C:\Documents and Settings\HP_Administrator\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GQ6GF4K7\IA.MEDIA-IMDB.COM
C:\Documents and Settings\HP_Administrator\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GQ6GF4K7\MEDIA.MTVNSERVICES.COM
C:\Documents and Settings\HP_Administrator\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GQ6GF4K7\MEDIA.SOCIALVIBE.COM
C:\Documents and Settings\HP_Administrator\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GQ6GF4K7\MEDIA.TATTOMEDIA.COM
C:\Documents and Settings\HP_Administrator\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GQ6GF4K7\MEDIA1.BREAK.COM
C:\Documents and Settings\HP_Administrator\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GQ6GF4K7\MEDIA1.CLUBPENGUIN.COM
C:\Documents and Settings\HP_Administrator\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GQ6GF4K7\WWW.ADULTSWIM.COM
C:\Documents and Settings\HP_Administrator\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GQ6GF4K7\INTERCLICK.COM
C:\Documents and Settings\HP_Administrator\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GQ6GF4K7\UDN.SPECIFICCLICK.NET
C:\Documents and Settings\HP_Administrator\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GQ6GF4K7\WWW.NAIADSYSTEMS.COM
C:\Documents and Settings\HP_Administrator\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GQ6GF4K7\M1.2MDN.NET
C:\Documents and Settings\HP_Administrator\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GQ6GF4K7\SECURE-US.IMRWORLDWIDE.COM
C:\Documents and Settings\HP_Administrator\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GQ6GF4K7\CONTENT.ODDCAST.COM

Adware.Tracking Cookie
cdn4.specificclick.net [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\GQ6GF4K7 ]
content.oddcast.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\GQ6GF4K7 ]
ia.media-imdb.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\GQ6GF4K7 ]
interclick.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\GQ6GF4K7 ]
m1.2mdn.net [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\GQ6GF4K7 ]
macromedia.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\GQ6GF4K7 ]
media.mtvnservices.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\GQ6GF4K7 ]
media.scanscout.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\GQ6GF4K7 ]
media.socialvibe.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\GQ6GF4K7 ]
media.tattomedia.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\GQ6GF4K7 ]
media1.break.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\GQ6GF4K7 ]
media1.clubpenguin.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\GQ6GF4K7 ]
mediaserver.vrxstudios.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\GQ6GF4K7 ]
memecounter.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\GQ6GF4K7 ]
promo.hebergement-discount.info [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\GQ6GF4K7 ]
secure-us.imrworldwide.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\GQ6GF4K7 ]
spe.atdmt.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\GQ6GF4K7 ]
udn.specificclick.net [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\GQ6GF4K7 ]
www.adultswim.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\GQ6GF4K7 ]
www.naiadsystems.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\GQ6GF4K7 ]
media.mtvnservices.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\4SUJP85C ]
media.scanscout.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\4SUJP85C ]
media1.break.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\4SUJP85C ]
objects.tremormedia.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\4SUJP85C ]
secure-us.imrworldwide.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\4SUJP85C ]
C:\Documents and Settings\NetworkService\Cookies\system@atdmt[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@doubleclick[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@realmedia[2].txt

Adware.Vundo/Variant-X32[Header]
C:\KA\ADIBOO\CURSOR32.DLL

Rogue.Agent/Gen-Nullo[DLL]
C:\WINDOWS\ACAGUTAGESAGUBI.DLL
C:\WINDOWS\AXAKAJOM.DLL
C:\WINDOWS\INIRIJEGO.DLL

#3 trollocks

trollocks

  • Members
  • 369 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England
  • Local time:04:16 PM

Posted 13 July 2010 - 06:15 PM

Follow these instructions and run TDSSKiller
http://www.bleepingcomputer.com/virus-remo...sing-tdsskiller

#4 Puzzled30

Puzzled30
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:San Diego
  • Local time:08:16 AM

Posted 13 July 2010 - 06:22 PM

Perfect!!! It worked! thank you.

On another topic, I was just reading that in order to fix the other issue (svchost.exe) I should turn off "automatic updates?" Is that the way to go?

#5 Puzzled30

Puzzled30
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:San Diego
  • Local time:08:16 AM

Posted 13 July 2010 - 06:43 PM

Okay, everything seems to be back to normal now, except that when I just tried to reboot, it showed an "End Program" box that said "IDS_142." Any ideas as to what this is??

#6 trollocks

trollocks

  • Members
  • 369 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England
  • Local time:04:16 PM

Posted 13 July 2010 - 06:49 PM

No idea what that "End Program" box that said "IDS_142" is.Reboot and see if it happens again.

Rerun MBAM next and make sure it comes up clean.

#7 Puzzled30

Puzzled30
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:San Diego
  • Local time:08:16 AM

Posted 13 July 2010 - 07:03 PM

This is so frustrating!! My Computer is constantly being loud, like its always thinking. I've resolved the "re-directing" problem with TDSSKiller. Thank God! But I cant seem to fix the svchost problem. I've turned off automatic updates, I went into the "Hijackthis log" and "fixed" the HP Update line. I will run Malware again. Thank you for ur help

#8 Puzzled30

Puzzled30
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:San Diego
  • Local time:08:16 AM

Posted 13 July 2010 - 08:01 PM

MBAM came up clean again. I am completely lost. Please help

#9 Puzzled30

Puzzled30
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:San Diego
  • Local time:08:16 AM

Posted 13 July 2010 - 08:40 PM

I have been trying to fix this for days. It started with the AV Security Suite virus that I have removed. I also was able to fix the "re-directing" issue by reading the threads and using ATF cleaner, SAS, and MBAM. But I CANNOT seem to get rid of the this problem. (svchost.exe application error) I've tried everything that I have read on here and other places. I've disabled Windows automatic updates, I ran Hijack This and "fixed" the HP auto updates. But NOTHING is working. I could REALLY use some help.\

Thank you.

Edited by Orange Blossom, 14 July 2010 - 10:24 PM.
Merged topics. ~ OB


#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:16 AM

Posted 13 July 2010 - 09:27 PM

Is this XP?
Was there an error say something like,,,,, The instruction at "Ox745f2780" referenced memory at "0x00000000".
The memory could not be "read"
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 Puzzled30

Puzzled30
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:San Diego
  • Local time:08:16 AM

Posted 13 July 2010 - 09:34 PM

Yes, it is XP. And the readings are very similar to what you wrote. Upon re-boot, I get multiple boxes opening up that say, "Data Execution Prevention" and then each box that opens after that has different numbers in it. The latest said, "0x00c896bc" then prior to that it was, "0x00df96bc." All the other "fixes" you have provided for the re-directing worked perfectly. I just cant seem to get rid of this annoyance. as stated, I've tried disabling everything that has been recommended to disable. Arghh!!!!!

#12 Puzzled30

Puzzled30
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:San Diego
  • Local time:08:16 AM

Posted 13 July 2010 - 09:41 PM

And I might add that this issue is very noticeable when I try to open up, "My Computer" and all I get is the "roaming" flashlight searching. Then, BAM!, the svchost.exe application error box comes up. In fact, I just did it as we speak, and it says, " 0x00c896bc" referenced memory at "0x00000000" could not be written.

#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:16 AM

Posted 13 July 2010 - 09:43 PM

Ok thanks. This looks to me like a failed or corrupted recent Windows Update install.
I think this will help.
How to Repair this SVCHOST.EXE error
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 Puzzled30

Puzzled30
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:San Diego
  • Local time:08:16 AM

Posted 13 July 2010 - 09:45 PM

that is what's soooo frustrating. I tried that already. I am completely confused

#15 Puzzled30

Puzzled30
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:San Diego
  • Local time:08:16 AM

Posted 13 July 2010 - 09:51 PM

And......I went "fixed" or "deleted" the line in Hijack This for HP updates, and it still runs in the task manager when I re-boot. I'm hoping thats not the problem?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users