Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Getting redirected


  • Please log in to reply
11 replies to this topic

#1 Ps25

Ps25

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:22 AM

Posted 13 May 2012 - 07:38 PM

So last night I was watching a show on watchseries.eu, which hosts it's shows on this website called videoweed (I've done this multiple times) but last night though midway through the show I googled something and it redirected me to random websites such as fabusearch and stuff. So in turn, I ran my Microsoft Security Essentials and nothing came up. So I went and downloaded this anti spryware program called Malwarebytes, which I downloaded, installed and updated. Then I disconnected my PC from the internet, went in safe mode and ran Malwarebytes. Eventually after scanning all my drives, it fould the spyware and I quarantined it. However, when I rebooted my PC and went into normal mode after that my IE is still forwarding me to random sites. After this, I went to :\windows directory and deleted some random (IP localhost and/or either 127.0.0.1:) in "hosts". Yet i'm still getting redirected and stuff.
Sorry for the block of text, but can anyone help me with this?

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:22 AM

Posted 13 May 2012 - 07:58 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)


Please download GMER from here(doesnot work on 64 bit OS)

http://www2.gmer.net/download.php

Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)

If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

#3 Ps25

Ps25
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:22 AM

Posted 13 May 2012 - 10:16 PM

Log from TDSSkiller

Spoiler



Can't run GMER as I'm running Vista 64 bit.


Log from AswMBR

Spoiler


#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:22 AM

Posted 13 May 2012 - 11:06 PM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log


Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply


Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

#5 Ps25

Ps25
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:22 AM

Posted 14 May 2012 - 07:58 PM

Got a clean log on MBAM the first time I ran it

Log from ESET
Spoiler


Log from mini toolbox
Spoiler


#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:22 AM

Posted 15 May 2012 - 01:45 AM

After this, I went to :\windows directory and deleted some random (IP localhost and/or either 127.0.0.1:) in "hosts". Yet i'm still getting redirected and stuff.


Did you change the hosts file directory?

In the log it shows that hosts file is not in default directory(C:\windows\system32\drivers\etc)

#7 Ps25

Ps25
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:22 AM

Posted 15 May 2012 - 08:29 AM

nope it's still there. saved as a text file though, don't know if that effects it or not.

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:22 AM

Posted 15 May 2012 - 09:01 AM

Download

System look

Launch it and copy the script in the BOX

:dir
C:\WINDOWS\SYSTEM32\DRIVERS\ETC

Click on LOOK and post the generated log

good luck

#9 Ps25

Ps25
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:22 AM

Posted 15 May 2012 - 06:30 PM

SystemLook 30.07.11 by jpshortstuff
Log created at 16:29 on 15/05/2012 by Gaurav
Administrator - Elevation successful

========== dir ==========

C:\WINDOWS\SYSTEM32\DRIVERS\ETC - Parameters: "(none)"

---Files---
hosts.bak --a---- 813 bytes [12:34 02/11/2006] [07:37 07/05/2012]
hosts.new --a---- 734 bytes [19:27 13/05/2012] [19:28 13/05/2012]
hosts.original --a---- 761 bytes [10:22 11/04/2012] [01:57 09/04/2012]
hosts.txt --a---- 707 bytes [22:03 13/05/2012] [22:03 13/05/2012]
lmhosts.sam --a---- 3683 bytes [06:42 02/11/2006] [21:37 18/09/2006]
networks --a---- 407 bytes [12:34 02/11/2006] [21:37 18/09/2006]
protocol --a---- 1358 bytes [12:34 02/11/2006] [21:37 18/09/2006]
services --a---- 17244 bytes [12:34 02/11/2006] [21:37 18/09/2006]

---Folders---
None found.

-= EOF =-

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:22 AM

Posted 15 May 2012 - 06:38 PM

go to

C:\WINDOWS\SYSTEM32\DRIVERS\ETC

delete hosts.new and hosts.txt files

Do you still have redirects?

#11 Ps25

Ps25
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:22 AM

Posted 15 May 2012 - 10:59 PM

So far, nope. Thanks a lot mate :)

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:22 AM

Posted 16 May 2012 - 04:40 AM

Download

TFC


Launch it,it will close all running programs

click on START,it should ask for reboot

Turn off your system restore,restart the PC,create a new restore point

http://windows.microsoft.com/en-us/windows-vista/Turn-System-Restore-on-or-off

Update your antivirus frequently,do not click on suspicious links

Safe surfing :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users