Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Occasional browser hijack/redirect

  • Please log in to reply
1 reply to this topic

#1 Izeo


  • Members
  • 2 posts
  • Local time:11:29 AM

Posted 20 November 2012 - 03:30 PM


Using Win XP Pro 64-bit, every once in a while in Firefox, when I attempt to go to a link or search in Google (maybe once a day), I get redirected to some spammy sites. One of the pages I got redirected to a lot is "yellowpages" and one, funnily, is "Buy Norton Antivirus!"

I believe this is affecting other things on my PC (one program gives me BSOD).
But I don't want to ask about that now, right now I'd like to fix the redirect/rootkit.


I had ran:
- Avast Antivirus (reports nothing)
- Spybot S&D (found 1 thing and fixed, but didn't fix the symptom)
- MalwareBytes' AntiMalware (reports nothing)
- Chkdsk, ran from Windows CD Recovery Console (sometimes reports clean, once it said something like "There is no volume to check" but then displayed volume information anyway, sometimes it reports there WERE errors and fixes them... a bit scary)
- Memtest (ran through 16 passes with 0 errors)


From reading the "Do these things before you post" thread, I downloaded and ran:
- MalwareBytes' AntiRootkit

Firstly, right when I run mbar.exe it said, "Could not load protection driver".

MBAR finds two things that worry me: "Rootkit.Pihar.c.MBR" and three "Forged physical sector". Using the tool to remove the errors, and restarting, and scanning again, and the problems are all back!

Another note, while AntiRootkit was actually scanning, it had TONS of entries of "Forged physical sector", but in the results it only showed three. I've attached my "system-log" along with the "mbar-log". In the "system-log" you can see how it lists TONS of "Forged physical sector", in the middle.

I have a good feeling that this is the source of my problems. Any advice is greatly appreciated.

Attached Files

Edited by hamluis, 20 November 2012 - 03:42 PM.
Moved from XP to Am I Infected - Hamluis.

BC AdBot (Login to Remove)


#2 boopme


    To Insanity and Beyond

  • Global Moderator
  • 73,493 posts
  • Gender:Male
  • Location:NJ USA
  • Local time:12:29 PM

Posted 20 November 2012 - 09:58 PM

Hello, I moved this to the Virus, Trojan, Spyware, and Malware Removal Logs forum for review of your MBAR log.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users