Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect + Jammed FTP transferts + Heavy upload leak


  • This topic is locked This topic is locked
3 replies to this topic

#1 Eggehh

Eggehh

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:32 PM

Posted 01 September 2011 - 11:52 AM

Hello, as a couple of people today, I've been infected with the fake security tool giving google redirections to 3/4/5/6dayoftheweek. I managed to delete the fake security tool and any kind of popup thanks to some infos gathered on the forum, and as everyone now I still get these google redirections which appears after 3/5 minutes of computer usage after startup. Thing is, after 5 hours spent to understand how this works, what happens and all I noticed a couple of heavy and nontrivial malfunctions about my uploads. I run on Windows 7 64bits and I have the issue on whichever navigator I'm using, wether it has been installed before the problem or after (Moz 6.0.1/IE 9/Opera 11/Chrome).

-Anything going thru FTP protocol is kind of jammed, I get crazy 95mb/s uploads (impossible on my ADSL internet connection) which fails afterwards on a timeout.
This happens with Filezilla on different FTP severs aswell as with Mediafire (which uses FTP transferts)

-Any upload not using FTP (such as Skype file transfert, uTorrent with a test file shared to a friend, Windows Live Messenger and Hotfile) is really slow (around 3-5kb/s)

-Checking my upload usage in the network interface properties showed me that the upload is constantly used at max speed, without any software using that bandwidth on of course

So I installed Wireshark to see bleeploads of stuff in it, basically it was war, UDP requests all the way. I decided to put Zone Alarm as a firewall to block this, which worked and stopped 850 requests to my 27217 port within 15mn.
Now I get basically 80 of these requests an hour, all from totally different IPs and ports and my upload speed is back to normal (even if FTP uploads are still jammed). I'm afraid my computer is becoming part of a zombie network (and that everyone infected with that malware may be) and I'm looking for your help to get us out of there.

Thanks!

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,917 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:32 PM

Posted 01 September 2011 - 02:51 PM

we will need a deeper look. Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If Gmer won't run,skip it and move on.
Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Eggehh

Eggehh
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:32 PM

Posted 01 September 2011 - 04:14 PM

Here it is : http://www.bleepingcomputer.com/forums/topic417055.html

Thanks for the help!

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,917 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:32 PM

Posted 01 September 2011 - 08:30 PM

Thanks it may take a couple days for analysis and the reply.but they will.

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.

To avoid confusion, I am closing this topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users