Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirects on Firefox and IE9


  • Please log in to reply
5 replies to this topic

#1 lrgshadow

lrgshadow

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:01 PM

Posted 23 March 2011 - 02:01 PM

When trying to use google 95% of the links are redirected to "http://85.17.183.225/click.php?s=eAEVxtU...E&aff=1329&as=1!rf=http://searchbigs.com <something>", i have to do a lot of dancing around to get past it. bing doesn't seem to be effected, but the results are garbage.

I've tried Super Anti-spyware, Malwarebytes and even Microsoft security essentials, i can post logs, but the issue still persists. I'm currently unable to install HyjackThis or rkill. Both crash durning install. I'm also unable to reinstall Chrome or use Safari.

I've tried Sophos and while it didn't really install right (i can't seem to update it correctly), it blocks access to a "statescomplete.co.cc/config.php" website about 2 times a minute. That's obviously the malware, but Sophos doesn't remove it.

i was going to give sophos a call and then trying avast, when i came across this site. I'll be uploading the 2 logs that your techs always seems to ask for in my next reply. hopefully i'll be able to actually run them.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:01 PM

Posted 23 March 2011 - 02:05 PM

Hello, please post your MBAM log.
Now do these.

Please read and follow all these.
  • Please download GooredFix and save it to your Desktop.
  • Double-click GooredFix.exe to run it.
  • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt).


Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 lrgshadow

lrgshadow
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:01 PM

Posted 23 March 2011 - 02:11 PM

well, unable to run either of those probrams. looks like i'm screwed.


Problem Event Name: APPCRASH
Application Name: dds.scr
Application Version: 0.0.0.0
Application Timestamp: 498d2b1e
Fault Module Name: netbtend.dll
Fault Module Version: 20.34.2321.0
Fault Module Timestamp: 4d88ff4d
Exception Code: c0000005
Exception Offset: 00007741
OS Version: 6.0.6002.2.2.0.768.2
Locale ID: 1033
Additional Information 1: ef7b
Additional Information 2: 87d50f908b1c411d85a6ba9ab39c219f
Additional Information 3: 971c
Additional Information 4: f2cb355a51a4a9358a30e56a0a21cd67

Problem Event Name: APPCRASH
Application Name: gmer.exe
Application Version: 1.0.15.15570
Application Timestamp: 4d86265c
Fault Module Name: netbtend.dll
Fault Module Version: 20.34.2321.0
Fault Module Timestamp: 4d88ff4d
Exception Code: c0000005
Exception Offset: 00007741
OS Version: 6.0.6002.2.2.0.768.2
Locale ID: 1033
Additional Information 1: ef7b
Additional Information 2: 87d50f908b1c411d85a6ba9ab39c219f
Additional Information 3: 971c
Additional Information 4: f2cb355a51a4a9358a30e56a0a21cd67

Read our privacy statement:
http://go.microsoft.com/fwlink/?linkid=50163&clcid=0x0409

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:01 PM

Posted 23 March 2011 - 02:20 PM

I didn't ask for either of those (DDS /GMER)... can you psot your MBAM log and run the others??
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 lrgshadow

lrgshadow
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:01 PM

Posted 23 March 2011 - 03:20 PM

whoa. strangely enough the email notification for the thread didn't happen and i didn't notice any changes to the thread. Sorry for seemingly ignoring you. i also did what the admins directly sad not to and ran the combofix. i stopped the PC when it said it when it said it was deleting things without prompting. last i noticed was a "google_chrome_overlay" Good news it didn't fubar the PC and Great news it solved the original problem. believe it the MWB log you wanted. let me know if you would like the gooredfix done as well.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6135

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 9.0.8112.16421

3/22/2011 7:37:29 PM
mbam-log-2011-03-22 (19-37-29).txt

Scan type: Full scan (C:\|F:\|)
Objects scanned: 303162
Time elapsed: 1 hour(s), 7 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\hIjBaKoCjNh09001 (Rogue.SystemTool) -> Value: hIjBaKoCjNh09001 -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\programdata\hijbakocjnh09001\hijbakocjnh09001.exe (Rogue.SystemTool) -> Quarantined and deleted successfully.
c:\Users\Rich\AppData\Local\Temp\jar_cache3717562601491896724.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Rich\AppData\Local\Temp\jar_cache6138074890886519487.tmp (Rogue.SystemTool) -> Quarantined and deleted successfully.

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:01 PM

Posted 23 March 2011 - 03:36 PM

No problem,click the Watch Topic button at the top right and select Immediate Notification so you do not miss any replies.

Yes run Goored and TDSS

Edited by boopme, 23 March 2011 - 07:47 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users