Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antivirus will not open constant redirect on google


  • Please log in to reply
17 replies to this topic

#1 guinnessfc

guinnessfc

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:04 PM

Posted 25 September 2011 - 03:48 PM

Hello first time poster On 9/24/2011 I went use google search I click on item I searched for and was redirected to another site. Any click on search engines results in redirect. I tried to run Norton Anti virus and it will not open. I cannot run malwarebytes. It starts scan and then closes. I have tried hit man pro and it shows multi issues from trojans to malware. ANy antivirus program I tried to open closes I have tried these is safe mode as well. Computer extremely slow. I recently bought a new computer desktop and had a norton disk and tried to reinstall nothing happens just freeze on initialization process. any assistance would be helpful.

I have a Dell Inspiron Laptop 1500 running Windows vista

if you need additional information please instruct...'

Thanks Charles

I have tried windows defender
norton 360
norton 20011
malewarebytes
hitman pro
cclean

BC AdBot (Login to Remove)

 


#2 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:03:04 PM

Posted 25 September 2011 - 05:10 PM

Hi guinnessfc,

:welcome: to Bleeping Computer.

My name is Jason and I'll be helping you with your computer problems. You can call me by my screename jntkwx or Jason is fine.

Some things to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please do not attach logs or put logs in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can also help.
  • Do not run anything while running a fix.
  • If you don't understand a step, please ask for clarification before continuing with any future steps.

Click on the Watch Topic button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Note to others: The instructions here are intended for the person who began this topic. If you need help, please create your own topic in the appropriate forum.

 

:step1: Let's try rebooting into Safe Mode.
This can be done tapping the F8 key as soon as you start your computer
You will be brought to a menu with several options. Press the down arrow key on your keyboard until Safe Mode with Networking is selected. Press Enter. Please see here for additional details.

:step2: Once in Safe Mode with Networking, download rkill from one of the following downloads (if you are unable to download or run rkill from one download, move to the next one.)

1. http://download.bleepingcomputer.com/grinler/rkill.com
2. http://download.bleepingcomputer.com/grinler/rkill.pif
3. http://download.bleepingcomputer.com/grinler/rkill.scr
4. http://download.bleepingcomputer.com/grinler/eXplorer.exe
5. http://download.bleepingcomputer.com/grinler/iExplore.exe
6. http://download.bleepingcomputer.com/grinler/uSeRiNiT.exe
7. http://download.bleepingcomputer.com/grinler/WiNlOgOn.exe
8. http://www.boredomsoft.org/hosted/rkill.exe
9. http://www.boredomsoft.org/hosted/rkill.com
10. http://www.boredomsoft.org/hosted/rkill.scr
11. http://www.boredomsoft.org/hosted/eXplorer.exe
12. http://www.boredomsoft.org/hosted/iExplore.exe

Please be patient while Rkill looks for various malware programs and ends them. When it has finished, the black window will automatically close and you can continue with the next step. If it appears like Rkill did not stop the malware from running, please try running RKill again until the malware is no longer running.

Do not reboot your computer after running RKill as the malware programs will start again!

:step3: Rerun Malwarebytes
Still in Safe Mode with Networking, open Malwarebytes, click on the Update tab, and click the check for Updates button.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

If you have trouble updating, troubleshoot Malwarebytes' Anti-Malware


In your next post, please include:
  • Malwarebytes log
  • How's your computer running now?

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#3 guinnessfc

guinnessfc
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:04 PM

Posted 25 September 2011 - 06:44 PM

Jason,

Thank you for your response. I have completed the tasks you requested however there has been no change to my computer.

I ran the rkill it doesnt appear to have found anything I will attached log ..

I still am unable to run maleware it closes after 39 sec. It start to scan and then shutsdown.

I have done these in safe mode.

a few notes when rkill began to run an error message box pop up stating iexplore.exe has stopped working

If I try to start the maleware program from desktop or program list I receive the wrror message:
c:|Program Files|malwarebytes"anti-malare\mbam.exe
Windows cannot access the specified device, path or file- youmay not have appropriate access permissions to access the item.

I tried to rename file as stated in froums and I reieve the message and I am not authorized to make the change.

here is the rkil log....

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 09/25/2011 at 18:00:28.
Operating System: Windows Vista ™ Home Premium


Processes terminated by Rkill or while it was running:

C:\Users\guinnessfc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SXN9JRQZ\rkill[2].com


--- ATTENTION ---

Windows was configured to use a proxy! Proxy settings have been removed.

The Proxy Server that was configured is:

If this was a valid setting, please double-click on the rk-proxy.reg file on your desktop and allow the data to be merged to restore your proxy settings.


Rkill completed on 09/25/2011 at 18:00:32.



#4 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:03:04 PM

Posted 25 September 2011 - 06:59 PM

Hi guinnessfc,

Let's try this:
Download This File
Save it next to mbam.exe (this file is located at: c:\Program Files\Malwarebytes' Anti-Malware\mbam.exe). Once done, drag and drop mbam.exe into Inherit.exe. Click OK and attempt to run Malwarebytes Anti-malware once again.

Edited by jntkwx, 25 September 2011 - 07:00 PM.

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#5 guinnessfc

guinnessfc
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:04 PM

Posted 25 September 2011 - 07:12 PM

No still does not run. Looked like about 30 sec.

#6 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:03:04 PM

Posted 25 September 2011 - 07:15 PM

Just to clarify: you try to run Malwarebytes, it successfully opens, you try to scan, and it stops scanning after 30 seconds?
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#7 guinnessfc

guinnessfc
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:04 PM

Posted 25 September 2011 - 07:19 PM

I tried one more time it ran for 10 sec. I did look at the tabs at the top and there was two logs saved from previous attempts yesterday and today. I am not sure if this has any relevance

here is the log...

20:39:34 guinnessfc MESSAGE Protection started successfully
20:39:39 guinnessfc MESSAGE IP Protection started successfully
20:49:06 guinnessfc MESSAGE Protection started successfully
20:49:11 guinnessfc MESSAGE IP Protection started successfully
20:56:16 guinnessfc IP-BLOCK 206.161.121.126 (Type: outgoing, Port: 49534, Process: svchost.exe)
20:58:17 guinnessfc IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 50623, Process: svchost.exe)
20:58:17 guinnessfc IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 50627, Process: svchost.exe)
20:58:17 guinnessfc IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 50631, Process: svchost.exe)
20:58:17 guinnessfc IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 50632, Process: svchost.exe)
20:58:33 guinnessfc IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 50729, Process: svchost.exe)
20:58:33 guinnessfc IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 50731, Process: svchost.exe)
20:58:58 guinnessfc IP-BLOCK 78.140.152.61 (Type: outgoing, Port: 51158, Process: svchost.exe)
20:58:58 guinnessfc IP-BLOCK 78.140.152.61 (Type: outgoing, Port: 51159, Process: svchost.exe)
20:59:06 guinnessfc IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 51230, Process: svchost.exe)
20:59:06 guinnessfc IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 51243, Process: svchost.exe)
20:59:06 guinnessfc IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 51249, Process: svchost.exe)
20:59:22 guinnessfc IP-BLOCK 82.98.86.163 (Type: outgoing, Port: 51393, Process: svchost.exe)
20:59:38 guinnessfc IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 51590, Process: svchost.exe)
20:59:38 guinnessfc IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 51618, Process: svchost.exe)
21:00:03 guinnessfc IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 51849, Process: svchost.exe)
21:00:11 guinnessfc IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 51853, Process: svchost.exe)
21:00:11 guinnessfc IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 51854, Process: svchost.exe)
21:00:35 guinnessfc IP-BLOCK 78.140.152.61 (Type: outgoing, Port: 51946, Process: svchost.exe)
21:00:35 guinnessfc IP-BLOCK 78.140.152.61 (Type: outgoing, Port: 51947, Process: svchost.exe)
21:00:43 guinnessfc IP-BLOCK 78.140.152.61 (Type: outgoing, Port: 52020, Process: svchost.exe)
21:00:43 guinnessfc IP-BLOCK 78.140.152.61 (Type: outgoing, Port: 52023, Process: svchost.exe)
21:00:59 guinnessfc IP-BLOCK 82.98.86.163 (Type: outgoing, Port: 52106, Process: svchost.exe)
21:01:07 guinnessfc IP-BLOCK 82.98.86.163 (Type: outgoing, Port: 52190, Process: svchost.exe)
21:01:07 guinnessfc IP-BLOCK 82.98.86.163 (Type: outgoing, Port: 52191, Process: svchost.exe)
21:01:07 guinnessfc IP-BLOCK 82.98.86.163 (Type: outgoing, Port: 52192, Process: svchost.exe)
21:01:07 guinnessfc IP-BLOCK 82.98.86.163 (Type: outgoing, Port: 52199, Process: svchost.exe)
21:01:15 guinnessfc IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 52238, Process: svchost.exe)
21:12:09 guinnessfc IP-BLOCK 67.29.139.153 (Type: outgoing, Port: 53808, Process: svchost.exe)
21:14:10 guinnessfc IP-BLOCK 67.29.139.153 (Type: outgoing, Port: 54473, Process: svchost.exe)
21:14:26 guinnessfc IP-BLOCK 67.29.139.153 (Type: outgoing, Port: 54582, Process: svchost.exe)
21:14:26 guinnessfc IP-BLOCK 67.29.139.153 (Type: outgoing, Port: 54583, Process: svchost.exe)
21:14:34 guinnessfc IP-BLOCK 67.29.139.153 (Type: outgoing, Port: 54685, Process: svchost.exe)
21:14:42 guinnessfc IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 54706, Process: svchost.exe)
21:14:42 guinnessfc IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 54709, Process: svchost.exe)
21:14:43 guinnessfc IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 54716, Process: svchost.exe)
21:14:59 guinnessfc IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 54870, Process: svchost.exe)
21:15:07 guinnessfc IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 54967, Process: svchost.exe)
21:15:07 guinnessfc IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 54968, Process: svchost.exe)
21:15:07 guinnessfc IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 54969, Process: svchost.exe)
21:15:39 guinnessfc IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 55126, Process: svchost.exe)
21:15:39 guinnessfc IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 55127, Process: svchost.exe)
21:15:47 guinnessfc IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 55158, Process: svchost.exe)
21:15:47 guinnessfc IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 55159, Process: svchost.exe)
21:16:12 guinnessfc IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 55316, Process: svchost.exe)
21:16:28 guinnessfc IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 55437, Process: svchost.exe)
21:16:28 guinnessfc IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 55438, Process: svchost.exe)
21:16:36 guinnessfc IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 55478, Process: svchost.exe)
21:16:36 guinnessfc IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 55481, Process: svchost.exe)
21:16:53 guinnessfc IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 55553, Process: svchost.exe)
21:16:53 guinnessfc IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 55571, Process: svchost.exe)
21:16:53 guinnessfc IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 55572, Process: svchost.exe)
21:16:53 guinnessfc IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 55575, Process: svchost.exe)
21:19:50 guinnessfc IP-BLOCK 67.29.139.153 (Type: outgoing, Port: 56191, Process: svchost.exe)
21:19:50 guinnessfc IP-BLOCK 67.29.139.153 (Type: outgoing, Port: 56192, Process: svchost.exe)
21:25:30 guinnessfc IP-BLOCK 195.3.145.251 (Type: outgoing, Port: 56691, Process: svchost.exe)
21:25:30 guinnessfc IP-BLOCK 195.3.145.252 (Type: outgoing, Port: 56692, Process: svchost.exe)

Just to clarify: you try to run Malwarebytes, it successfully opens, you try to scan, and it stops scanning after 30 seconds?


That is correct

#8 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:03:04 PM

Posted 25 September 2011 - 07:32 PM

Hi guinnessfc,

That log wasn't quite helpful (it's the IP blocking log, not a scan log). I'm curious what the contents of a file is. You should see a rk-proxy.reg file on your desktop. If you right click on it, and click on edit, please copy and paste the contents of the Notepad document that opens.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#9 guinnessfc

guinnessfc
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:04 PM

Posted 25 September 2011 - 08:00 PM

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable"="1"
"ProxyOverride"="*.local"




#10 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:03:04 PM

Posted 25 September 2011 - 08:09 PM

Hi guinnessfc,

Let's try another scanner:


Superantisypware (SAS):

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from http://www.superantispyware.com/downloads/SASDEFINITIONS.EXE (copy and paste that website address) and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others checked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Home" button to leave the control center screen.
  • Back on the main screen, under "Select Scan Type" click Complete Scan.
  • On the left, make sure you check C:\.
  • Click Start Complete Scan > Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a USB drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#11 guinnessfc

guinnessfc
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:04 PM

Posted 25 September 2011 - 08:21 PM

when I check "complete scan" and check the correct drive it shows D: drive checked as well. My question is do I only want to have C: drive checked?



#12 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:03:04 PM

Posted 25 September 2011 - 08:30 PM

You want whichever drives you use on a daily basis. If C: is a backup/recovery partition, you can leave it unchecked for now. This'll make the scan finish faster, but won't guarantee that the C: drive is malware-free.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#13 guinnessfc

guinnessfc
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:04 PM

Posted 25 September 2011 - 08:50 PM

Ok C: Drive is my primary drive.

I got the same results as malewarebytes

This program would not start with shortcut icon on desktop. I had to go to programs from start menu and click on the program name and use the SuperAntispyware Alternate start. If I used the desktop icon or the SuperAntispyware Free Editon link from start menu I recieved the error box saying Windows cannot access the specified device path or file. you may not have the appropriate permissions to access the item....


When this program start it ran for about 12 sec and closed.... During the scan it did list 8 adware tracking cookies before it closed..

#14 guinnessfc

guinnessfc
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:04 PM

Posted 26 September 2011 - 05:21 AM

I now can only access the internet in safe mode

#15 guinnessfc

guinnessfc
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:04 PM

Posted 26 September 2011 - 06:18 AM

Ok as of this morning my computer is totally locked up.

I ran skill once more this morning and if registered it closed a file that ended in iexplore.exe

Malewarebytes still would not complete scan
SuperAntispyware could not complete scan

I rebooted computer in regular mode to see if that would help and the screen is now stuck on my windows sign on screen. I no longer have the ability to sign on in safe mode or regular mode. Where you enter your password there is a flashing cursor but I am able to type anything keyboard is non functioning. Additionally the mouse cursor is fro zen and does not move.

SO I guess my computer is shot....

If you think there may be anything else I can do I will follow up later.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users