Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect Virus In Firefox -_-


  • Please log in to reply
7 replies to this topic

#1 ih8myusername94

ih8myusername94

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:02 AM

Posted 25 June 2011 - 08:33 AM

Hello everyone. I gotta say I love this website. Anyway, im basically stumped with this one. Its becoming very annoying as of late. I'm sure this is a common problem i just need help fixing it. I search for something on google, and whichever link I click on gets redirected to something different (usually buzzclick,find-quick-results, etc). Malwarebytes seems to be picking up something, but the redirecting still happens. My back's against the wall on this one and now im looking toward the good people at bleepingcomputer :) so just tell me what i need to display on here and how I go by copy and pasting it all. I'm looking forward to get this all cleaned up because its became very frustrating lol.

Edited by hamluis, 25 June 2011 - 09:55 AM.
No logs, moved from MRL to AII.


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,708 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:02 PM

Posted 25 June 2011 - 11:56 AM

Does the redirection happen in Firefox only?
Did you check IE?

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

================================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 ih8myusername94

ih8myusername94
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:02 AM

Posted 27 June 2011 - 06:08 AM

I have checked. It only does it in Firefox.

SECURITY CHECK:
Results of screen317's Security Check version 0.99.7
Windows 7 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Avira AntiVir Personal - Free Antivirus
WMI entry may not exist for antivirus; attempting automatic update.
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
CCleaner
Java™ 6 Update 26
Out of date Java installed!
Adobe Flash Player 10.1.102.64
Adobe Reader 9.4.1
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.17)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Avira Antivir avgnt.exe
Avira Antivir avguard.exe
``````````End of Log````````````



I've scanned with Malwarebytes around 3 or 4 different times and the first time it apparantly removed 4 infections, and everytime i scan now it doesnt show any viruses:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

6/27/2011 6:19:30 AM
mbam-log-2011-06-27 (06-19-30).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|)
Objects scanned: 718897
Time elapsed: 2 hour(s), 30 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




Yet Avira detects adware at least 10 times a day. I remove it but it keeps coming back. I need help :[

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,708 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:02 PM

Posted 27 June 2011 - 10:29 AM

Can you tell me what EXACTLY is detected by Avira (file name and a location)?

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 ih8myusername94

ih8myusername94
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:02 AM

Posted 27 June 2011 - 01:54 PM

There's definitely more but the 2 most recent ones that pop up are:
Object: iccvid32.exe Detection: TR/Kazy.27644
and
Object: bitsprx532.exe Detection: TR/Kazy.27644


GooredFix gave me back these results:


GooredFix by jpshortstuff (03.07.10.1)
Log created at 14:52 on 27/06/2011 (Jeremy)
Firefox version 3.6.17 (en-US)

========== GooredScan ==========

Deleting "C:\Users\Jeremy\Application Data\Mozilla\Firefox\Profiles\p8f2rumr.default\extensions\{425276e6-c8e0-412d-a233-05e8ac2a490b}" -> Success!
Deleting "C:\Users\Jeremy\Application Data\Mozilla\Firefox\Profiles\p8f2rumr.default\extensions\{929eb08a-59bc-41b3-a62c-aa7fe8b8f9a5}" -> Success!

========== GooredLog ==========

C:\Program Files (x86)\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [22:59 18/06/2011]
{972ce4c6-7e08-4474-a285-3208198ce6fd} [20:16 25/01/2010]
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [21:26 02/02/2010]
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [17:23 14/08/2010]
{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [05:43 26/12/2010]
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [13:51 21/06/2011]

C:\Users\Jeremy\Application Data\Mozilla\Firefox\Profiles\p8f2rumr.default\extensions\
battlefieldheroespatcher@ea.com [00:49 28/11/2010]
{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [10:11 13/06/2011]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
(none)

-=E.O.F=-

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,708 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:02 PM

Posted 27 June 2011 - 05:05 PM

How is redirection?

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#7 ih8myusername94

ih8myusername94
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:02 AM

Posted 28 June 2011 - 06:34 PM

It usually occured with every search. Good news though, for some reason avira decided to remove everything and now im malware free! Thanks for the help though, I really do appreciate it man.

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,708 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:02 PM

Posted 28 June 2011 - 06:38 PM

Very well :)

Let's run one more scan....

Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users