Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Keeps redirecting me.


  • This topic is locked This topic is locked
12 replies to this topic

#1 jjos

jjos

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:03 PM

Posted 19 July 2012 - 07:33 PM

Hey, please help! I keep getting the message: MalwareBytes has successfully blocked access to a potentially malicious website. Below are only some of them:

206.161.121.3 and 78.41.203.125 any thoughts on where to go from here?


I've run a full scan on MBAM, norton internet security, and Spybot S&D but the only thing they find are cookies.

Windows Vista Home Basic Service Pack 2

Browser: IE 8

Also is there no way to remove the redirects? I do a google search and click the link and it takes me to random site. the only way to get to the site I wanted is to cut and paste the address. Right now its trying to take me to the following (but I'm getting a connect error)


here are my logs from today
Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.19.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19272
Robert :: ROBERT-PC [administrator]

Protection: Enabled

7/19/2012 10:28:59 AM
mbam-log-2012-07-19 (10-28-59).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 185636
Time elapsed: 12 minute(s), 50 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)





Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.19.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19272
Robert :: ROBERT-PC [administrator]

Protection: Enabled

7/19/2012 10:48:33 AM
mbam-log-2012-07-19 (10-48-33).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 387629
Time elapsed: 4 hour(s), 20 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



here are my logs from yesterday

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.18.13

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19272
Robert :: ROBERT-PC [administrator]

Protection: Enabled

7/18/2012 5:48:22 PM
mbam-log-2012-07-18 (17-48-22).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 185414
Time elapsed: 10 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\ProgramData\75973536 (Rogue.Multiple) -> Quarantined and deleted successfully.

Files Detected: 4
C:\Users\Robert\AppData\Roaming\Adobe\plugs\KB4434718.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Robert\AppData\Roaming\Adobe\plugs\KB4435280.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Robert\AppData\Roaming\Adobe\plugs\KB4440521.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Robert\AppData\Roaming\Adobe\plugs\KB4440599.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)


Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.18.13

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19272
Robert :: ROBERT-PC [administrator]

Protection: Enabled

7/18/2012 6:04:18 PM
mbam-log-2012-07-18 (18-04-18).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 185796
Time elapsed: 37 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,561 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:03 AM

Posted 19 July 2012 - 08:35 PM

Hello and welcome. I want to see if I can see why the Java update is infected. It may be calling out.

Lets view these scan logs.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

>>>>>

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

>>>>>

Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click on Change Parameters
  • Put a check in the box of Detect TDLFS file system
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log has a name like: TDSSKiller.Version_Date_Time_log.txt.


>>>>

Now I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


[color="#8B0000"]NOTE: In some instances if no malware is found there will be no log produced.[/color
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 jjos

jjos
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:03 PM

Posted 19 July 2012 - 09:16 PM

all right boopme and thanks

p.s. i cant run toolbox i get a message that says a device attechedto the system is not functioning

Edited by jjos, 19 July 2012 - 09:18 PM.


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,561 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:03 AM

Posted 19 July 2012 - 09:21 PM

Ok, lets repost as I believe you have a rootkit and it's wreaking havoc. We neeed to have our Malware Tean take a deeper look.

Please go here....Preparation Guide ,do steps 6-9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If GMER won't run (it may not on a 64 bit system) skip it and move on.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 jjos

jjos
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:03 PM

Posted 19 July 2012 - 09:47 PM

i still get the same message boopme

p.s. the only system i can run is tdsskiller

Edited by jjos, 19 July 2012 - 10:53 PM.


#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,561 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:03 AM

Posted 20 July 2012 - 09:50 AM

Lets try one more.. Post this in the new topic,



Please download OTL by OldTimer and save it to your Desktop.
  • Close all other applications and windows so that you have nothing open.
  • Double click on the Posted Image icon on your desktop.

    Vista/Windows 7 users right-click and select Run As Administrator.
    If you receive a UAC prompt asking if you would like to continue running the program, you should press the Continue button.
  • Under Output, ensure that Minimal Output is selected.
  • Click the "Scan All Users" checkbox.
    Leave the remaining selections to the default settings.
  • Click the Posted Image button.
  • Do not use the computer while the scan is in progress.
  • When the scan is complete, two log files will open in Notepad:
    • OTListIt.txt <- (will be maximized)
    • Extras.txt <- (will be minimized in the Task Bar).
  • Both logs are automatically saved to the Desktop.
  • Please copy and paste the contents of OTListIt.txt and Extras.txt in your next reply.
    If the Extras.txt log is too long, you may need to add a second reply to your thread or upload it as an attachment.
  • Click the red X in the upper right corner to exit OTL.
Important: Be sure to mention that you tried to follow the Prep Guide but were unable to get DDS to run. If OTL did not work, then reply back here.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 jjos

jjos
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:03 PM

Posted 20 July 2012 - 02:57 PM

i still get this message a device atteched to the system is not functioning

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,561 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:03 AM

Posted 20 July 2012 - 03:53 PM

Will this work from Safe mode.

Reboot into Safe Mode with Networking
How to enter safe mode(XP/Vista)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode with Networking using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 jjos

jjos
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:03 PM

Posted 20 July 2012 - 04:03 PM

i am in safe mode whats next, i can also use all the programs you told me to run

Edited by jjos, 20 July 2012 - 05:47 PM.


#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,561 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:03 AM

Posted 20 July 2012 - 08:01 PM

As you still redirect,run OTL and post a bew topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 jjos

jjos
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:03 PM

Posted 20 July 2012 - 08:06 PM

okay boopme do i post the results here or in removal logs?

Edited by jjos, 20 July 2012 - 08:31 PM.


#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,561 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:03 AM

Posted 20 July 2012 - 08:42 PM

Everything will now be in Removal Logs.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,109 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:01:03 AM

Posted 20 July 2012 - 11:56 PM

I see that your new topic is here: http://www.bleepingcomputer.com/forums/topic461629.html and has been picked up.

To avoid potential confusion, I shall now close this topic.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.


animinionsmalltext.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users