Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Website redirections


  • Please log in to reply
17 replies to this topic

#1 qenniisiis

qenniisiis

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:56 AM

Posted 10 January 2012 - 06:15 PM

Hello,
I'm having trouble trying to search for websites on google,
they keep redirecting the websites to search engines I have not chosen.
Ex: (Gimmeanswers, Buzzclick, Yellowpages, etc.)
I've tried scanning Malwarebytes, Avast, and Spybot and they've found
some threats; I delete them and keep going on the desired websites and
somehow get redirected AGAIN.
It seems like this virus has tried to also collect private information
because I received an email from my bank notifying me of numerous attempts.
Please help, this is really frustrating to resolve but I will very much
appreciate the help. :)

Edited by Budapest, 10 January 2012 - 06:19 PM.
Moved from Vista


BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:56 AM

Posted 10 January 2012 - 06:19 PM

Try this:

http://www.bleepingcomputer.com/virus-removal/remove-tdss-tdl3-alureon-rootkit-using-tdsskiller
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 qenniisiis

qenniisiis
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:56 AM

Posted 10 January 2012 - 06:23 PM

I downloaded the program and got it scanned, however it told me that no threats were found.
I just now went to do another search and again another website popped up.

#4 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:56 AM

Posted 10 January 2012 - 06:35 PM

What browser do you use?

Run another quick scan with Malwarebytes and post the log.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#5 qenniisiis

qenniisiis
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:56 AM

Posted 10 January 2012 - 07:08 PM

I use mozilla firefox.

Here's the log:


Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.08.03

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 7.0.6001.18000
genesis :: GENESIS-PC [administrator]

1/10/2012 6:48:59 PM
mbam-log-2012-01-10 (18-48-59).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 264096
Time elapsed: 15 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#6 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:56 AM

Posted 10 January 2012 - 07:14 PM

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#7 qenniisiis

qenniisiis
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:56 AM

Posted 10 January 2012 - 07:23 PM

Here you go:


GooredFix by jpshortstuff (03.07.10.1)
Log created at 19:21 on 10/01/2012 (genesis)
Firefox version 9.0.1 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [18:59 16/06/2011]

C:\Users\genesis\Application Data\Mozilla\Firefox\Profiles\9m0ow3ai.default\extensions\
{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} [03:45 06/12/2011]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [16:29 18/01/2011]
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext" [19:46 19/12/2011]
"{23fcfd51-4958-4f00-80a3-ae97e717ed8b}"="C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5" [23:34 31/12/2011]

---------- Old Logs ----------
GooredFix[00.20.47_11-01-2012].txt

-=E.O.F=-

#8 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:56 AM

Posted 10 January 2012 - 07:31 PM

Do you use a router? If so try resetting it as the virus may have messed with the DNS settings.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#9 qenniisiis

qenniisiis
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:56 AM

Posted 10 January 2012 - 07:41 PM

I reset the router and scanned the computer again but it seems like nothing
was different in this case, either.
Last log:


GooredFix by jpshortstuff (03.07.10.1)
Log created at 19:37 on 10/01/2012 (genesis)
Firefox version 9.0.1 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [18:59 16/06/2011]

C:\Users\genesis\Application Data\Mozilla\Firefox\Profiles\9m0ow3ai.default\extensions\
{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} [03:45 06/12/2011]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [16:29 18/01/2011]
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext" [19:46 19/12/2011]
"{23fcfd51-4958-4f00-80a3-ae97e717ed8b}"="C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5" [23:34 31/12/2011]

---------- Old Logs ----------
GooredFix[00.20.47_11-01-2012].txt
GooredFix[00.21.19_11-01-2012].txt
GooredFix[00.35.12_11-01-2012].txt

-=E.O.F=-

#10 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:56 AM

Posted 10 January 2012 - 07:49 PM

Go to this Microsoft page:

http://support.microsoft.com/kb/811259

About half way down the page click on this:

Posted Image

See if that makes any difference.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#11 qenniisiis

qenniisiis
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:56 AM

Posted 10 January 2012 - 08:00 PM

I downloaded the fix it program and ran the Goored Fix, again:




GooredFix by jpshortstuff (03.07.10.1)
Log created at 19:57 on 10/01/2012 (genesis)
Firefox version 9.0.1 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [18:59 16/06/2011]

C:\Users\genesis\Application Data\Mozilla\Firefox\Profiles\9m0ow3ai.default\extensions\
{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} [03:45 06/12/2011]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [16:29 18/01/2011]
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext" [19:46 19/12/2011]
"{23fcfd51-4958-4f00-80a3-ae97e717ed8b}"="C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5" [23:34 31/12/2011]

---------- Old Logs ----------
GooredFix[00.20.47_11-01-2012].txt
GooredFix[00.21.19_11-01-2012].txt
GooredFix[00.35.12_11-01-2012].txt
GooredFix[00.37.47_11-01-2012].txt

-=E.O.F=-

#12 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:56 AM

Posted 10 January 2012 - 08:04 PM

Are you still get redirected?
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#13 qenniisiis

qenniisiis
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:56 AM

Posted 10 January 2012 - 08:16 PM

It seems like it's okay now. I'm not sure why though?
Just a few minutes ago it kept redirecting me.

#14 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:56 AM

Posted 10 January 2012 - 08:21 PM

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#15 qenniisiis

qenniisiis
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:56 AM

Posted 11 January 2012 - 10:10 AM

I scanned the computer and these were the list of threats found:



C:\Documents and Settings\genesis\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\593ae75a-508255e3 Java/Agent.DY trojan deleted - quarantined
C:\Documents and Settings\genesis\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\128aa334-2fc2d538 Java/Exploit.CVE-2011-3544.F trojan deleted - quarantined
C:\Documents and Settings\genesis\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\5426e8b7-47c3a1ae Java/Exploit.CVE-2011-3544.H trojan deleted - quarantined
C:\Documents and Settings\genesis\Desktop\GooredFix Backups\C\Users\genesis\Application Data\Mozilla\Firefox\Profiles\9m0ow3ai.default\extensions\{debb2875-f9b2-4003-a257-0595eaccd3e1}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined
C:\Program Files\Search Toolbar\SearchToolbar.dll Win32/Toolbar.Zugo application cleaned by deleting - quarantined
E:\GENESIS-PC\Backup Set 2010-01-26 170632\Backup Files 2010-06-20 214455\Backup files 1.zip multiple threats deleted - quarantined
E:\GENESIS-PC\Backup Set 2010-01-26 170632\Backup Files 2010-12-01 190003\Backup files 3.zip multiple threats deleted - quarantined
E:\GENESIS-PC\Backup Set 2010-01-26 170632\Backup Files 2011-01-01 190001\Backup files 2.zip multiple threats deleted - quarantined

Edited by qenniisiis, 11 January 2012 - 11:17 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users