Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


redirect has my computer even after cleaning pc

  • Please log in to reply
1 reply to this topic

#1 xbadxguyx


  • Members
  • 2 posts
  • Local time:12:25 PM

Posted 25 July 2010 - 01:00 PM

i have tried to get rid of some sort of redirect that got hold of my comp as of yet i don't know its name i have entered my problem on an other forum with no luck of getting rid of it im hoping this forum can help listed are the steps and recommendations that were given and followed some of the thing listed help my computer function but there is a remnant of the redirect that i cant find -now that i have malwear bytes working it catches something trying to redirect and open my browser even when my browser is closed please advise

listed on another forum:

i have firefox and i keep getting redirected i use malweare bytes but i guess it didn't catch the redirect before it took over -it also got hold of ie i couldn't use it for a while i found a quick fix that enabled me to use ie and allowed me to enable real time protection which stops the redirection but it lingers and slows me down i am afraid one day it will escape im looking for a permanent solution i have

malwear bytes
sophos - lives on my computer but dose not do anything

the steps i took are listed below

1. Navigate to: C:Program FilesMozilla Firefoxextensions, look for a folder that is a string of letters, created around the time you began having the problem. Something like “{BCB94CDD-5542-403F-9FB3-07D3DB1E9951}”
2. Open the folder, and then open the folder called “chrome”, then “content”, and look for a file inside called overlay.xul (variants may have different names). i used search for overlay.xul found 4 in ie folder and firefox folder
3. Verify that it is the virus: does it have code similar to this: click to see code
4. If you have found the culprit, delete the file (or encrypt with Axcrypt which is reversible).
5. Replace it with a blank text file with the same name and extension.
6. Repeat the process you may have multiple copies in multiple folders.
7. Test: Go back to Google, try your search results again.
8. If no redirects: Sing Hallelujah.

part 2
1. Do the “short fix” listed above.
2. Remove old versions of Java by downloading JavaRa and unziping it to your desktop.
3. Double-click on JavaRa.exe to start the program and Click on Remove Older Versions.
4. Download and install the latest version of Java (Most likely the first download you see here).
5. Install Malwarebytes and SuperAntiSpyware
6. Update them, run them, and delete all bad stuff.
7. Shutdown, restart, run them again.
8. If you are clean then test for redirects in Google.
9. If no redirects: Sing Hallelujah.

response 1: The type of problem you have is known as "browser hijacking". None of the malware scanners you are using can guard against this unless they include a "real-time" monitoring component. SuperAntiSpyware is very good but only the "Pro" version gives real-time protection, you have to pay for that. Same with MalwareBytes - you have to pay for real-time protection. Sophos AV won't stop browser hijacks anyway.

With Firefox, you could probably fix by thoroughly removing it and deleting "Mozilla Firefox" keys in the software sections of the REgistry. Internet Explorer, however, is more problematic since it can't be completely removed.

My son had a similar problem but only IE was hijacked (probably because the hijack required ActiveX). So he simply stopped using IE altogether (which is no bad thing anyway).

my response 1: can try to remove keys and reinstall firefox but every thing i have read has stated that that will not fix the problem i also deleted all of my plug-ins and add on's through firefox with no change

response 2: try combofix: http://www.bleepingcomputer.com/com... Follow the guide on the website

my response 2: looks like combo fix worked but i have to get my log looked at

my response 3- 1 day later: it has returned !!!!!! i had like one day of peace now it is back anyone else have any other ideas ?

response 3: Try trojan remover http://www.simplysup.com/tremover/d...
Hitman Pro http://www.surfright.nl/en/downloads. Run both till they are clean and then uninstall them as they are just 30 day fully functional trials. You can do that in all programs, no need to use add/remove

my response 4: ran hitman and Trojan remover no luck finding anything but some cookies and a file that wasn't running i had it for some time just sitting there ucf2000.exe and there was a repair on my proxy sever ill look into that but the problem is there the only reason i know its there is because malware bytes catches web redirection when my browser is off i no longer have the redirection when clicking on links after doing short fix and combo fix listed above

thoughts ??

response 4: give spybot S&D a shot:, http://www.filehippo.com/download_s...
Update it and check for problems. Some people use the tea-timer setting, not me though so I have that unchecked.

my response 5: no luck with spybot it didn't find any thing but i still get pop ups when my browser is completely closed im lucky that mal wear bytes is on and blocking everything but i still cant find the source

response 5: unhackme works pretty good, just follow the instructions on the website (unhackme for beginners):

this is where i sought out this forum since the only recommendation that seemed to help came from bleepingcomputer

Modified formatting, moved from XP forum to Am I Infected ~ Hamluis.

Edited by hamluis, 25 July 2010 - 02:46 PM.

BC AdBot (Login to Remove)


#2 xbadxguyx

  • Topic Starter

  • Members
  • 2 posts
  • Local time:12:25 PM

Posted 26 July 2010 - 12:44 PM

? anyone ?

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users