Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Backdoor.Thunk.e turned into browser redirect and...

  • Please log in to reply
No replies to this topic

#1 drachewut


  • Members
  • 1 posts
  • Local time:07:12 AM

Posted 16 July 2010 - 03:07 AM

This problem started a few days ago when I noticed boot time increasing as well as certain programs starting to slow down. No major signs of anything at that point but decided to start checking into it anyway just in case. The result was a few of the usual questionable cookies from Spybot and then scans with PC Tools Antivirus and then Malware bytes which turned up several issues in particular Backdoor.Thunk.E in one folder on my desktop. Everything seemed clear and no other occurrences speared until today when I went online and started to do some research and began getting redirects to unrelated pages when using multiple browsers and search engines. A list of what has been done is below and the general results, unfortunately I did not keep an accurate log as I did not think it would be that big an issue. My operating system is Windows XP.

Actions to date-
1. Spybot SD- typical update and system check. Found a few cookies such as DoubleClick which were deleted.
2. Scanned computer with PC Tools Antivirus Free. Scanned turned up 1,300+ infections of Backdoor.Thunk.e in 2 folders, one on the desktop and one in C. All instances deleted including the folder.
3. Rescanned with PC Tools and all came up clean and everything seemed to be working fine.

1. Recreated a folder with the same name "domains" as the one that was deleted on my desktop for storage of images for websites that I am doing graphics for.
2. Several hours later started to see the same lag show up in the computer.
3. Rescanned with PC Tools and found that all files in the new folder were infected with Backdoor.Thunk.e again. Again everything including the folder were deleted.
4. Thought it was suspicious that only these files would show an infection and recreated the folder with the same name and a second differently named folder and saved copies of images to each and rescanned. The original folder name came up as files being infected. Thinking that this is still odd I moved several of the infected images to a third new folder with a different name and rescanned them with PC Tools. This time they came up clean. This happening completely confuses me.
5. Moved all images out of the original folder to another and rescanned with PC Tools and all came up clean.
6. No further issues at this point.

1. Continued to work and place images in a new folder with a name that starts differently and contains the same name at the end.
2. Started to see the same slow down appear again. Scanned with Spybot and found a couple of more copies of DoubleClick and an Adware. Deleted the same.
3. Scanned with PC Tools and found several more copies of BackDoor.Thunk.e on the C drive, same deal, deleted all files that were infected.
4. Went online using Firefox to do some research and started to get redirected to unrelated sites when I clicked on results from Yahoo. Switched to Google to see if there was the same problem and there was.
5. Switched to Chrome to see if it was isolated to firefox and had same problem. Checked again using Opera and Safari and all had the same redirect issues using Google, Yahoo, Ask, etc.
6. Rescanned with Spybot, found more cookies and deleted.
7. rescanned with PC Tools and came up clean.
8. Downloaded Malware Bytes and could not update the program. When trying to update came up with error- "MBAM_ERROR_UPDATING(12007, 0, WinHttpSendRequest)"
9. Scanned with Malware bytes using the out of the box downloaded version without updates and came up with two more infections. New infections were Hijack.Homepage and Broken.OpenCommand. All infections were deleted.
9. Tested browsers again and still had the same redirecting problem.
10. Decided that even though I have automatic updates turned on for Windows XP ran update anyway and found that it had not even updated to SP3 and would not allow me to perform any updates as it returns an error when I try to install the new update installer.
10. Called a friend who with more knowledge than me on this for advice, he came over ran some scans as well and has no idea what is going on with the redirect issue.

Current problems seem to be limited to the browser redirecting issue which I have no idea how to resolve and the Windows Update issue. I have a sneaking suspicion that there may be a great deal more laying beneath the surface. I truly would appreciate any help that can be offered.

BC AdBot (Login to Remove)


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users