Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Recently infected


  • This topic is locked This topic is locked
8 replies to this topic

#1 diabloroker

diabloroker

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:40 AM

Posted 06 October 2010 - 11:37 AM

Hello,

Recently I've been doing some searches in Firefox via Google and been redirected to certain sites such as: dealparty, forless.com, shopus something... depending on what I'm searching for the site changes. When I go back and click the link again it wouldn't do the same thing. I'm certain this is a redirect infection but I've tried my conventional ways of cleaning such as Malwarebytes, Security Essentials, CCleaner, and Spybot.

After my attempts of trying to get rid of it myself, I need your assistance.

Thank you,
-M

EDIT:

Windows 7 x64

Edited by diabloroker, 06 October 2010 - 05:00 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,326 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:40 AM

Posted 06 October 2010 - 10:47 PM

Hello and welcome.. I would like to try a couple things here,

first an online scan...
ESET
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the ESET Online Scanner button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Export to text file... to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Eset Smart Installer icon on your desktop.
  • Check the "YES, I accept the Terms of Use"
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push "List of found threats"
  • Push "Export to text file", and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the "<<Back" button.
  • Push Finish
In your next reply, please include the following:
  • Eset Scan Log


NOTE: In some instances if no malware is found there will be no log produced.


If still redirecting>>>
Change your DNS Servers:
  • Go to Posted Image > Run... and in the open box, type: cmd
  • Press OK or Hit Enter.
  • At the command prompt, type or copy/paste: ipconfig /flushdns
  • Hit Enter.
  • You will get a confirmation that the flush was successful.
  • Close the command box.
If the above commands did not resolve the problem, the next thing to try is to reset your network settings and Configure TCP/IP to use DNS.
  • Go to Posted Image > Control Panel, and choose Network Connections.
  • Right-click on your default connection, usually Local Area Connection or Dial-up Connection if you are using Dial-up, and and choose Properties.
  • Double-click on Internet Protocol (TCP/IP) or highlight it and select Properties.
  • Under the General tab, write down any settings in case you should need to change them back.
  • Select the button that says "Obtain an IP address automatically" or make sure the DNS server IP address is the same as provided by your ISP.
  • Select the button that says "Obtain DNS servers automatically".
  • If unknown Preferred or Alternate DNS servers are listed, uncheck the box that says "Use the following DNS server address".
  • Click OK twice to get out of the properties screen and restart your computer. If not prompted to reboot go ahead and reboot manually.
-- Vista users can refer to How to Change TCP/IP settings

CAUTION: It's possible that your ISP (Internet Service Provider) requires specific DNS settings here. Make sure you know if you need these settings or not BEFORE you make any changes or you may lose your Internet connection. If you're sure you do not need a specific DNS address,
then you may proceed.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 diabloroker

diabloroker
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:40 AM

Posted 06 October 2010 - 11:04 PM

Thank you for assisting me, I appreciate it!

For the ESET Scanner do I leave the "Remove Known Threats" or similar checked?

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,326 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:40 AM

Posted 06 October 2010 - 11:09 PM

Check Remove found threats and Scan potentially unwanted applications. (If given the option, choose "Quarantine" instead of delete.)
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 diabloroker

diabloroker
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:40 AM

Posted 07 October 2010 - 10:48 AM

ESET Scan Log:

C:\Users\DiabloRoker\Downloads\4001 Business Sales & Personal Letters\4001Letters.exe NSIS/TrojanDownloader.FakeAlert.DK.Gen trojan deleted - quarantined
D:\Misc\OLD_JUNKKKZ\Battlefield.2.CDKEY.Changer-SUSPECTS.ShadowCast.rar probably a variant of Win32/Agent.DSBPBVW trojan deleted - quarantined
D:\Misc\OLD_JUNKKKZ\Motorola Pst 7.2.3 Phone Programmer Pst Uni Patch.zip probably a variant of Win32/Bifrose.LDPMWAT trojan deleted - quarantined
D:\Misc\OLD_JUNKKKZ\[Cellulare - Software] - PST v.7.1.1 & v.6.9.2 & v.6.7 + Midway v.2.8 + Guida all'uso @tone.rar probably a variant of Win32/Bifrose.LDPMWAT trojan deleted - quarantined
D:\Misc\OLD_JUNKKKZ\[motorola]_pst_7.1.1.rar probably a variant of Win32/Bifrose.LDPMWAT trojan deleted - quarantined
F:\BACKUP\Dad's Files\Desktop\My docs\lj1010seriesprnsyswin-en.exe probably a variant of Win32/Genetik trojan deleted - quarantined


I have tried the above methods and it still redirects. Here is one of the exact names of one of the sites it brought me to: shopcompareus.com

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,326 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:40 AM

Posted 07 October 2010 - 11:08 AM

Hello, it is a possibility the infection is in the router.
Download and update MBAM (below) Do not run yet.

Next you must reset the router to its default configuration. This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds). If you donít know the router's default password, you can look it up HERE.

However, if there are other infected machines using the same router, they will need to be cleared with the above steps before resetting the router. Otherwise, the malware will simply go back and change the router's DNS settings. You also need to reconfigure any security settings you had in place prior to the reset. Check out this site HERE for video tutorials on how to properly configure your router's encryption and security settings. You may also need to consult with your Internet service provider to find out which DNS servers your network should be using.

Once you have ran Malwarebytes' Anti-Malware on the infected system, and reset the router to its default configuration you can reconnect to the internet, and router.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 diabloroker

diabloroker
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:40 AM

Posted 07 October 2010 - 11:51 AM

I reset the router to default settings and reconfigured my security settings.

It seems like it fixed it but when I went to test it for the 10th time, searching "camera deals", the first result was amazon but it redirected me again. I closed the browser and tried recreating the problem with other searches but its a lot more difficult than before. Before I would be able to recreate it every 3rd search.

Searching with Malwarebytes didn't come up with any results.

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,326 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:40 AM

Posted 07 October 2010 - 12:01 PM

I think it best we get a deeper look and see what's hidden. Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If Gmer won't run,skip it and move on.
Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,960 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:11:40 AM

Posted 14 October 2010 - 06:53 PM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/topic352308.html you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users