Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Domainsa or 404bucks hijacked my 404 error page


  • This topic is locked This topic is locked
2 replies to this topic

#1 phickspc

phickspc

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:09 PM

Posted 30 October 2011 - 11:29 AM

>Problem:

Hi, ever since yesterday evening around 5pm GMT, whenever I typed a url that doesn't exist, Firefox began redirecting me to an affiliate link from 404bucks i.e.
"hxxp://domainsa.com/landing/?affId=IywxMjI&domainname=[ENTER DOMAIN NAME OF DESIRED URL]."

It also redirects whenever I type "404bucks" or "domainsa" anywhere else on FFox, or whenever I'm reading a page that mentions the two words.

*NB: The problem doesnn't occur on Opera, Chrome or IE. Nor does it affect my other computers with Windows 7 x64 Biz/XP Pro x32
.*


>>PC Info:

Vista Business x64 SP2, i7.
Latest Firefox.
Toolbars enabled: Google Toolbar & Zynga Facebook Game Toolbar (I use this to play facebook games)

>>>Troubleshooting:

I performed a system restore to 3 days back, but it didn't resolve the issue.

Lavasoft Adaware, Comodo virus scan didn't find anything.
My free version of Spyware Doctor found and cleaned 6 entries of Adware.Hotbar and some other entries of 'Browser Hijacking virus', yet the problem persists.

I installed the PCTools defender toolbar (provided by PCtools SpyDoctor update) and whwnever i type anything in there it uses a search index known as hxxp://search.feedandme.com/ although there are no redirects

Currently there are only about 2 threads on the internet regarding a 404bucks redirect virus, none of which offer a solution.


I've attached my HijackThis Report

What can I do?

- Thanks,

Heevy

Attached Files


Edited by Orange Blossom, 30 October 2011 - 11:46 AM.
Deactivated links and moved to log forum. ~ OB


BC AdBot (Login to Remove)

 


#2 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:07:09 PM

Posted 04 November 2011 - 05:16 AM

Hi,

Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds file to run the tool.
  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop. Post them back to your topic.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#3 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:07:09 PM

Posted 14 November 2011 - 04:29 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users