Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirection malware


  • Please log in to reply
6 replies to this topic

#1 anonanon

anonanon

  • Members
  • 182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:39 PM

Posted 28 September 2011 - 10:47 PM

My PC runs Win XP Pro and recently when I use a web browser, I often get redirected automatically to some other bogus site. This happens in Opera and Firefox, the two browsers I've used. There are no other apparent problems with my programs or the OS (yet). I've tried a number of things with no success:

- Avira, Malwarebytes, Spybot, and MS Malicious Software Removal: full scans; nothing detected
- Hijackthis, TSSDkiller; nothing detected

The hosts file has not been tampered with.
The atapi.sys file shows no problems when scanned by Avira or Malwarebytes.

Btw, I couldn't try Malwarebytes with an updated database (its database is 28 days old), because my Malwarebytes program can't update itself (error message, even after uninstalling and reinstalling the program) and an attempt to manually update didn't work (I got a current rules.ref file from a different PC and moved it to the folder where I thought it should reside -- there was no existing rules.ref file on the affected PC). However, I don't think the autoupdate problem in Malwarebytes is due to the current infection, because I've had this on other PCs in other contexts; it seems to be a bug in the program. But I would be happy to learn how to fix it or work around it.

The main problem is the redirection malware, which my defenses haven't been able to detect. Can you suggest other tools to try next?

Thanks for your ideas,
Roger

BC AdBot (Login to Remove)

 


#2 Eleet PCs

Eleet PCs

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York, NY
  • Local time:11:39 PM

Posted 29 September 2011 - 01:57 AM

Can you post the error code that Malwarebytes returns when you try to update your database.

#3 anonanon

anonanon
  • Topic Starter

  • Members
  • 182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:39 PM

Posted 29 September 2011 - 08:09 AM

The error code is:

PROGRAM_ERROR_UPDATING (11004, 0, No address found)
The requested name is valid and was found in the database, but it does not have the correct associated data being resolved for.

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:39 AM

Posted 29 September 2011 - 09:05 AM

Hello, I moved this to Am I Infected from XP.

I believe both problems are actually based in your router.
Open MBAM in normal mode and click Update tab, select Check for Updates
Next disconnect your system from the internet, and your router, then…
Open MBAM in normal mode and click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected,

Next you must reset the router to its default configuration. This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds). If you don’t know the router's default password, you can look it up HERE


However, if there are other infected machines using the same router, they will need to be cleared with the above steps before resetting the router. Otherwise, the malware will simply go back and change the router's DNS settings. You also need to reconfigure any security settings you had in place prior to the reset. Check out this site here for video tutorials on how to properly configure your router's encryption and security settings. You may also need to consult with your Internet service provider to find out which DNS servers your network should be using.

Once you have ran Malwarebytes' Anti-Malware on the infected system, and reset the router to its default configuration you can reconnect to the internet, and router. Then return to this site to post your logs
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 anonanon

anonanon
  • Topic Starter

  • Members
  • 182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:39 PM

Posted 29 September 2011 - 09:30 AM

I'm willing to try this if you still think it's worth trying after I give you another piece of information: There are two other PCs using the same router, and they do not have the redirect problem. Also, one of those other PCs can update Malwarebytes and the other can't.

Doesn't that rule out the router as the source of the problem?

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:39 AM

Posted 29 September 2011 - 02:54 PM

Well the info on the error at MBAm says that it is a router reset,FAQ Section N.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 anonanon

anonanon
  • Topic Starter

  • Members
  • 182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:39 PM

Posted 30 September 2011 - 08:15 AM

Thanks. After I mounted the problem hard drive on a different machine, ran a number of scans, and they found nothing, I put the problem hard drive back on the original PC. Then I checked the DNS setting (network connections, TCP/IP) and found it was set to automatic. I changed that to a known safe address (8.8.8.8) and the redirect problem seems to have gone away. Also, Malwarebytes can update. I checked the other two PCs that are on this router and found the same pattern -- the one where Malwarebytes could update already had a good DNS address set up, while the one that couldn't update was choosing the DNS automatically. After fixing that, all PCs can now update malwarebytes.

There were no other symptoms of infection, besides the internet redirection problem. I guess the router may be infected, or possibly my ISP (Verizon) has a problem at its end. I will reset the router, when I have time to deal with Verizon to make sure I have the correct password for reconfiguring the router if that's needed. I'll post what happens there in case anyone is interested.

Thanks for your help.

Roger




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users