Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect Virus In Firefox -_-


  • Please log in to reply
7 replies to this topic

#1 ih8myusername94

ih8myusername94

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:28 PM

Posted 25 June 2011 - 08:33 AM

Hello everyone. I gotta say I love this website. Anyway, im basically stumped with this one. Its becoming very annoying as of late. I'm sure this is a common problem i just need help fixing it. I search for something on google, and whichever link I click on gets redirected to something different (usually buzzclick,find-quick-results, etc). Malwarebytes seems to be picking up something, but the redirecting still happens. My back's against the wall on this one and now im looking toward the good people at bleepingcomputer :) so just tell me what i need to display on here and how I go by copy and pasting it all. I'm looking forward to get this all cleaned up because its became very frustrating lol.

Edited by hamluis, 25 June 2011 - 09:55 AM.
No logs, moved from MRL to AII.


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:28 PM

Posted 25 June 2011 - 11:56 AM

Does the redirection happen in Firefox only?
Did you check IE?

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

================================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#3 ih8myusername94

ih8myusername94
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:28 PM

Posted 27 June 2011 - 06:08 AM

I have checked. It only does it in Firefox.

SECURITY CHECK:
Results of screen317's Security Check version 0.99.7
Windows 7 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Avira AntiVir Personal - Free Antivirus
WMI entry may not exist for antivirus; attempting automatic update.
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
CCleaner
Java™ 6 Update 26
Out of date Java installed!
Adobe Flash Player 10.1.102.64
Adobe Reader 9.4.1
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.17)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Avira Antivir avgnt.exe
Avira Antivir avguard.exe
``````````End of Log````````````



I've scanned with Malwarebytes around 3 or 4 different times and the first time it apparantly removed 4 infections, and everytime i scan now it doesnt show any viruses:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

6/27/2011 6:19:30 AM
mbam-log-2011-06-27 (06-19-30).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|)
Objects scanned: 718897
Time elapsed: 2 hour(s), 30 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




Yet Avira detects adware at least 10 times a day. I remove it but it keeps coming back. I need help :[

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:28 PM

Posted 27 June 2011 - 10:29 AM

Can you tell me what EXACTLY is detected by Avira (file name and a location)?

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#5 ih8myusername94

ih8myusername94
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:28 PM

Posted 27 June 2011 - 01:54 PM

There's definitely more but the 2 most recent ones that pop up are:
Object: iccvid32.exe Detection: TR/Kazy.27644
and
Object: bitsprx532.exe Detection: TR/Kazy.27644


GooredFix gave me back these results:


GooredFix by jpshortstuff (03.07.10.1)
Log created at 14:52 on 27/06/2011 (Jeremy)
Firefox version 3.6.17 (en-US)

========== GooredScan ==========

Deleting "C:\Users\Jeremy\Application Data\Mozilla\Firefox\Profiles\p8f2rumr.default\extensions\{425276e6-c8e0-412d-a233-05e8ac2a490b}" -> Success!
Deleting "C:\Users\Jeremy\Application Data\Mozilla\Firefox\Profiles\p8f2rumr.default\extensions\{929eb08a-59bc-41b3-a62c-aa7fe8b8f9a5}" -> Success!

========== GooredLog ==========

C:\Program Files (x86)\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [22:59 18/06/2011]
{972ce4c6-7e08-4474-a285-3208198ce6fd} [20:16 25/01/2010]
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [21:26 02/02/2010]
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [17:23 14/08/2010]
{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [05:43 26/12/2010]
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [13:51 21/06/2011]

C:\Users\Jeremy\Application Data\Mozilla\Firefox\Profiles\p8f2rumr.default\extensions\
battlefieldheroespatcher@ea.com [00:49 28/11/2010]
{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [10:11 13/06/2011]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
(none)

-=E.O.F=-

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:28 PM

Posted 27 June 2011 - 05:05 PM

How is redirection?

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#7 ih8myusername94

ih8myusername94
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:28 PM

Posted 28 June 2011 - 06:34 PM

It usually occured with every search. Good news though, for some reason avira decided to remove everything and now im malware free! Thanks for the help though, I really do appreciate it man.

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:28 PM

Posted 28 June 2011 - 06:38 PM

Very well :)

Let's run one more scan....

Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users