Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown Browser Redirect Issue


  • Please log in to reply
No replies to this topic

#1 Fredonians

Fredonians

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 27 December 2011 - 11:31 PM

Hi,

I got my friend's laptop and it was infected with various pieces of malware. It is a HP laptop running Win7 Home Premium
(v6.1 SP1)

Based on what I was intially seeing I followed the instructions at: http://www.bleepingcomputer.com/virus-removal/remove-xp-antivirus-2012
and was able to detect and remove various infections.

I then installed Avast and was able to remove a few viruses.

After more Malwarebytes runs I whittled it down to:
c:\Windows\assembly\temp\kwrd.dll (PUP.BitMiner) -> Quarantined and deleted successfully.
c:\Windows\Temp\_ex-68.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

This was sort of strange because BitMiner was detected earlier but not removed. Based on what I have been reading I am not exactly sure this has been fully removed.

I am now at the point where the machine starts up fine and things run OK, get on the network, etc. However it still has some type of redirect issue. For example if I open a new tab in IE9 it goes properly to www.yahoo.com. I can do a search for "windows update" and get proper results. However when I then click on the link for www.windowsupdate.com a new IE window opens up to an ad type of site. Other links will bring me to
www.scanerrors.com (a fairly obvious malware site). As another example I was able to go to www.sysinternals.com and download the suite but when I searched for the string "sysinternals" on Bing and clicked on the returned link I was redirected to http://63.209.69.107/search/web/Sysinternals/a35/itcg-21426/v5 which is an ad type of site.

Any ideas out there for where to go next? I would appreciate any help. Thanks, Fredonians

BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users