Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser redirect problem


  • Please log in to reply
No replies to this topic

#1 JohnnyM16

JohnnyM16

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:10 PM

Posted 01 December 2010 - 03:55 PM

Hi Folks,

this is my first post, hope I've chosen the correct forum. You can guess from the title what this is about, but I'll give you a brief history and some background.

I'm an IT professional, albeit not too knowledgeable about PC/Windows technology, and the malware discussed below infected my 'work' laptop, which is running XP Professional, SP3. I have another machine at home that I use for 'doubtful' surfing (YouTube, Facebook, random web links etc.), so I was surprised that it was my work machine that got infected, especially as we run Kaspersky Anti-Virus 6.0.4.2012, with daily updates. However, I believe Kaspersky class the first item mentioned below as malware, not a virus (!).

Anyway. I picked up the Rogue Security Tool first (no idea how - can you get it from opening emails?). Did some reading on the BC forums, then downloaded RKill, MalwareBytes and SuperAntiSpyware, with which I managed to get rid of it.

Then I noticed that links from Google searches on Firefox (version 3.6.12) were intermittently redirecting; plus I started getting virus alerts from Kaspersky, warning me about the creation of a file called 123.js. Each time the warning popped up, I chose to delete the 123.js file, but it would re-occur soon afterwards.

At this point, I ran Trend Micro's Housecall (quick scan), which told me I had the trojan Bamital!inf and another virus, PE_PATCHED.SMC, that had infected winlogon.exe and explorer.exe.

TM Housecall gave me the option to fix these (after a reboot), and sure enough, Bamital disappeared from the scans, and I the warnings from Kaspersky stopped. However, according to TM Housecall, PE_PATCHED.SMC remained (is this a false positive?) and the redirects have continued.

I've tried using IExplore 6.0, and have seen no evidence of redirection, but that may be because it is intermittent. Needless to say, a proportion of the Firefox redirects are to what Mozilla refers to as 'attack sites', which are blocked. Sometimes, the click-through will arrive on the correct website, but within a few seconds I get an error screen with the message: 'Content Encoding Error. The page you are trying to view cannot be shown because it uses an invalid or unsupported form of compression'.

Apart from the TM Housecall results, no other scan is currently reporting any malware (Kaspersky, MBAM, SAS).

That's all for now, sincerely hope the cavalry can ride in and rescue me.

Best regards.
Johnny M.

BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users