Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Redirect fix that worked for me


  • This topic is locked This topic is locked
1 reply to this topic

#1 Ranger1948

Ranger1948

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:29 AM

Posted 13 January 2011 - 12:39 PM

As a newbie to posting in bleepingcomputer.com (but not a newbie for reading the forums; learned a lot, thank you!), I pass the following on for whatever help it might be to someone else; admins please delete, relocate or whatever as desired; sorry if I didn't get it right.


Scenario; acquired a nasty Browser Redirect problem, along with a 'permanent' disabling of Windows Defender about 3 weeks ago. Affected both Bing and Google running on IE8, but NOT Google running on Chrome, so I knew it was related to Internet Explorer, and not Google (many forums had topics on "Google Redirect Virus"; may not really be the issue, or may truly be a separate infection; don't know). Running Google Chrome (or perhaps FireFox, etc.) would be a way to check where the problem really sits (and would let you do some searching for help).


The system I am running is;

Running Windows XP Home, v5.1, sp3 with Internet Explorer 8.0.6001.18702. Also have current version of Google Chrome browser.

Security programs (all free versions) Avast Antivirus, ZoneAlarm Firewall and Spybot Search & Destroy; also had Windows Defender running 'cause it flags registry changes.


Full scans with latest updates for Avast & Spybot S&D didn't find or fix it (but more about Spybot S&D later). Couldn't run Windows defender.

Read many related bleepingcomputer forums (and others), and tried AdAware, CCleaner, MalwareBytes, Eusing Registry Cleaner, SpywareBlaster. SUPERAntiSpyware, TDDSKiller (and a few others I didn't remember); found some minor miscellaneous junk, but no recognition of or fix for main problem.

Looked at HiJackThis logs, and even tried several recommended ComboFix solutions; ComboFix gave me the infamous Blue Screen of Death twice, so could never complete a run there; don't know if it might have worked otherwise; fortunately no permanent effects from BSOD.

While digging on the Windows Defender problem, found and ran Microsoft Windows Live OneCare safety scanner (MS WLOCSS); took a while, but it FOUND & FIXED the browser redirect issue. Also believe it fixed the disabling of Windows Defender, but MS says that running the WLOCSS will disable Defender anyway, so haven't checked; would have to delete the WLOCSS to try it.

FYI, the files it found (and deleted) were;

c:\windows\tasks\ugrlroevr.job

c:\windows\system32\resetr.dll


As a side note, Spybot S&D was the ONLY program to identify and try to fix the disabling of Windows Defender; it identified the problem in plain english, and actually told you what registry entry was the problem; a registry entry allowing WD to start had been changed from '2' to '4'. Unfortunately, every time it fixed it, it changed the registry entry to allow start, but it (and nothing except the MS WLOCSS) found the actual malicious program changing the entry, so the bug kept disabling the entry.

Still, hats off to the Spybot S&D crew for alerting to the disabling of a security program.

Hope maybe this might be of help to someone; the Microsoft safety scan is free, and written by the people that wrote the operating system and browser, so you may want to add it to your toolkit.

Regards,

BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:12:29 AM

Posted 13 January 2011 - 05:41 PM

Topic closed to remove from unanswered list since it's irrelevant. :)
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users