Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win7 machine apparently infected with browser hijacker


  • This topic is locked This topic is locked
6 replies to this topic

#1 Vetos

Vetos

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:05:34 AM

Posted 30 August 2011 - 03:38 PM

Referred from here: http://www.bleepingcomputer.com/forums/topic416112.html ~ OB

I'm running Win7 64-bit, so I couldn't use GMER, but my DDS logs are attached below. Thanks in advance to anyone who replies.

Attached Files


Edited by Orange Blossom, 30 August 2011 - 10:17 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:34 AM

Posted 04 September 2011 - 09:33 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

Did you set this Proxy server?

uInternet Settings,ProxyServer = http=127.0.0.1:64465

You can check with your Internet Provider if it's required. If not.

In Internet Explorer go to Tools - Internet Options - Connections Tab - Lan Settings and remove the reference to 127.0.0.1:64465 if found, then uncheck "Use a proxy server" and check "Automatically detect settings".
===

If you use Firefox in Tools Menu > Options... > Advanced Tab > Network Tab > Connection > Settings. Select the Auto-detect proxy settings for this network option
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html
===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Plesase post the logs and let me know what problem persists.

#3 Vetos

Vetos
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:05:34 AM

Posted 12 September 2011 - 04:55 AM

Ran both programs, logs posted below. Thanks for your assistance.

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:34 AM

Posted 12 September 2011 - 08:03 AM

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:
  • Download the latest version of Java SE Runtime Environment 6 Update 27.
  • In the box labeled "Java Platform, Standard Edition", click the "Download JRE" button to the right.
  • In the Window that opens, select Windows (or Windows x64), and check the "agree" box and click "Continue".
  • Click on the link to download Windows Offline Installation and save to your Desktop.
  • Then from your Desktop double-click on jre-6u27-windows-i586.exe that you have downloaded to install the newest version.

    For the x64 bit version download this on jre-6u26-windows-x64.exe). Make sure you download the corrent version.

    - Note: If you are running Vista or Windows 7, you may need to right-click on the installation file and select Run as Administrator.

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ 6 Update 26

===

An important vulnerability has been identified in Adobe Flash Player 10.3.181.16 and earlier versions for Windows, Macintosh, Linux and Solaris, and Adobe Flash Player 10.3.185.22 and earlier versions for Android.Adobe recommends... update to Adobe Flash Player 10.3.181.22

Direct download current version - executable Flash Player installer... to your Desktop, then double-click to install.

Download for Internet Explorer

Download for Firefox and other browsers
<<<>>>

Please let me know if you still have some difficulties with this computer.

#5 Vetos

Vetos
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:05:34 AM

Posted 12 September 2011 - 01:46 PM

I installed both of those updates that you posted. And the scans I ran last night seem to have worked; the redirects have stopped altogether! Thank you so much BC staff!

Also, a quick question: My Trend Micro subscription expired a few days ago, and I don't have the funds right now to buy another year of coverage. I'd like to know which of the freeware anti-virus/malware/etc. programs out there you guys would recommend the most. I'd like something that features real-time protection (like automatically blocking web threats, as Trend Micro did), as well as some sort of temporary disable of that feature so performance won't drag so much when I game online, and also some sort of customization for scan targets, so I can make scans go faster by making the program skip certain folders. Is there anything out there like that? And once again, thank you guys. You've been a huge help :)

#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:34 AM

Posted 12 September 2011 - 05:31 PM

The following are two good free sucurity software.

avast!.
AntiVir

If you install any one of them make sure you remove your current Trend Micro using the add/remove programs list.
===

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

Delete the other tools we used to clean this computer.

#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:34 AM

Posted 20 September 2011 - 07:40 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users