Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect Just Noticed on Firefox Only


  • This topic is locked This topic is locked
3 replies to this topic

#1 Bash999

Bash999

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 03 December 2012 - 02:38 AM

First off I usually used IE9 because Firewas was way too slow before, which means that I probably could have been infected for a while. I once fixed before when it happened to me on IE. Now when I was usin Firefox earlier, my google searches redirected to hxxttp://63.209.69.107 or hxxttp://8.26.70.252 sites.

I read that TDSSkiller should fix it so I tried that. It found a locked service vdrv1000, which I removed, but I think that was for a virtual drive as it is now no longer appearing, and the virus still seems to be present with firefox only.

I was following the instructions on another bleeping computer post for a guy with same problems as me(which I know is not recommended) but as I "turned off" my norton 360 as indicated in the linked post by choosing "disable antivirus auto-protect" for five hours. I clicked combofix, and it tells me that "antispyware: norton 360 premier edition" is still running and that it will cause damage if I don't disable it. So I looked for a way, but couldn't other than the aformentioned. So I clicked the "X" instead of continue, and now it tells me that "the above real time scanners are still present," but it will continue anyway, and it has another continue button.

There are also options on my norton that say Turn On Silent Mode and Disable Smart Firewall, but I don't think those will disable the antispyware.

I have not clicked OK yet, and was wondering what to do next. Is there a way to terminate process, or what else should I do? I was thinking of shutting off the computer to cancel the operation. Is this recommended? Thank you in advance, and please excuse my foolishness.


-Bash

-update-

-Restarted, I have not performed the actual scan from ComboFix yet. It did however, extract or somethin back then and then gave me that warning about Norton, but yeah- I restarted.

After running full scans with both 360 and MBAM I seemed to remove maybe another trojan or two, but the Redirect is still happening after about 30 google clicks in, but only in Firefox. Any help?

-Bash


*****SUPER MEGA UPDATE*****

I disabled an add-on called "Printing Helper 2.5" on firefox as I read that this may be the culprit and it seems to have done the trick. Am I still infected though? I would still appreciate some help with doing a complete scan. Thanks again.

Yep, about a hundred google clicks and no more redirect. The thing is I never downloaded this add-on, and when digging deeper into Firefox the website is a jumble of letters that does not work, and Firefox says the add-on was last updated November, 28, 1832! O__O! I just wonder how this was installed. I think it might have auto installed when Firefox was on the rocks a year or so back(remember when firefox was awesome, then outta nowhere everyone was having RAM issues?).

But Yes, more assistance is needed to verify PC is clean.

-Bash

Attached Files

  • Attached File  pic1.jpg   48.48KB   7 downloads

Edited by Bash999, 03 December 2012 - 05:31 PM.
Bad links obfuscated.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:38 PM

Posted 07 December 2012 - 10:33 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
    • DDS.scr <- not recommended if you use Chrome to download this .scr file. Use the other options.
    • DDS.pif
    • DDS.COM
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.
===

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Search for AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).


#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:38 PM

Posted 13 December 2012 - 09:36 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:38 PM

Posted 13 December 2012 - 09:36 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users