Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

google redirect/videocop


  • Please log in to reply
5 replies to this topic

#1 joeinfro

joeinfro

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:25 PM

Posted 21 August 2010 - 09:20 PM

i've been searching all over the place for a fix for this thing, and i have seen the largest compendium of topics dedicated for this particular website on bleeping computer, so i was wondering if you guys could help me out.

just recently, my browser randomly redirects me to the videocop website, along with the results5.google.com analytics site. after reading a couple other posts, i see that the problem is not completely the same for everyone, and was wondering whether i could get some help on this one

thanks in advance.

BC AdBot (Login to Remove)

 


#2 NpaMA

NpaMA

  • Members
  • 635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Memphis, TN
  • Local time:11:25 PM

Posted 21 August 2010 - 09:57 PM

You may be infected, and should post in the Am I Infected? Forum.

#3 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:09:25 PM

Posted 22 August 2010 - 12:56 AM

Moved to AII.
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook

#4 joeinfro

joeinfro
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:25 PM

Posted 22 August 2010 - 05:03 PM

right, so i found out a little more about my problem

i was just nosing around my running processes, and i noticed a LARGE amount of .exe's that i haven't noticed before. i ran a system inspect by eset and found the root files for these weird programs. i killed the .exe and deleted them as well, but they started popping up again in a different place, in a different folder. sidenote: they all had different names, but were convincingly in important program folders.

before this, i rebooted my pc and found this program hogging all my CPU, zmisua.exe with Apex in the description bar (its located in the Windows folder). i did a short search for this file, and it came up absolutely blank in google, which is very, very strange.


running windows 7, just FYI


[EDIT]also, whenever i start up my computer, there's a popup that says that it could not start up edexizodul.dll which i also looked up and returned nothing. THIS dll i found with ESET after it labeled it as a possible trojan thing. on top of this, microsoft security center can't start. SOUNDS LIKE FUN

Edited by joeinfro, 22 August 2010 - 05:16 PM.


#5 joeinfro

joeinfro
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:25 PM

Posted 22 August 2010 - 09:31 PM

if you guys are curious, whenever i get redirected, my ESET catches a bad website, and so i now have the IP address of my tormentors. 78.47.249.288

just wondering, what would happen if i DDOS this address?

#6 michael1

michael1

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:25 PM

Posted 02 September 2010 - 06:51 PM

I was infected by the VideoCop bug, and it took me long time to figure out how to get rid of it. Iím really impressed by the ingenuity of its developers. Itís unlike any Malware Iíve ever dealt with before.
First off, let me go over the symptoms. You will frequently see advertisements for VideoCop on legitimate, well respected web sites that would never allow malicious web sites to advertise on their web pages. Mostly these ads show up on Google ad space.
Firefox frequently hangs as itís trying to contact Google analytics.
After doing a Google search, and clicking on a result, you will be taken you to an unrelated, malicious web site, but if you ďback arrowĒ to the results and click the link again, you will go to the correct web site.
The root of the problem is not on your computer, itís on your router. Somehow, and Iím not quite sure how, the DNS entries on your router have been changed. I have a Linksys WRT54G v6.0 with the latest firmware, and the default password was changed the day I turned it on. My Wi-Fi security is enabled, even with MAC filtering. For the record, the DNS servers were 213.109.68.7, 213.109.73.245, 1.1.1.1.
I can only think of two ways this happened. Most likely, the Malware used my routerís password that was cached in my browser, or there is a vulnerability in the router that is being exploited. If the VideoCop hackers are using a vulnerability, thereís nothing we can do to prevent this from happening again except wait for Linksys to release a new firmware that fixes the vulnerability. But if itís using a cached password, the solution is to never cache your routerís password.
To resolve this problem, first log into your router and change your password, and log back in with the new password. If IE or Firefox asks you if it should remember your password say ďNoĒ. Now clear the DNS servers (all 3) by putting 0ís in the boxes. 0.0.0.0 will tell your router to use your IPSís DNS settings which are obtained as part of the DHCP protocol. Now fully scan your computer with MalWareBytes, Spybot Search and Destroy, and any other Spyware remover. Also, do a full scan with your resident antivirus since youíve possibly picked up a few spywares with all of the VideoCop forwards youíve been experiencing.
I hope this helps.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users