Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I keep getting a Yahoo redirect........


  • Please log in to reply
8 replies to this topic

#1 kennymacattack

kennymacattack

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:03:07 AM

Posted 05 September 2013 - 03:18 PM

Every once in a while, when I try to go to my homepage (Yahoo), I get this- http://www.yahoo.com/cgi-bin/redirect.ha

 

And sometimes when I search for something using Yahoo (I don't use google, I'm weird haha) I will be redirected to shopping sites like Best Buy. When I click my browser back, then I can access the site that I was actually searching for. You guys have helped me once before and I hope you can help me again. One of these days when I have time, I will learn all of this stuff and help out others. Thanks in advance for any help!



BC AdBot (Login to Remove)

 


#2 TwinHeadedEagle

TwinHeadedEagle

  • Security Colleague
  • 352 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:08:07 AM

Posted 05 September 2013 - 04:29 PM

Download TDSSKiller and save it to your desktop.

  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

 

==============================================

 

 

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt


Edited by TwinHeadedEagle, 05 September 2013 - 04:31 PM.


#3 kennymacattack

kennymacattack
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:03:07 AM

Posted 05 September 2013 - 04:54 PM

The report on the TDSS came back saying that it found nothing. The report file is huge though and it's hard to copy and paste. You still want me to post it? (Sorry!)



#4 TwinHeadedEagle

TwinHeadedEagle

  • Security Colleague
  • 352 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:08:07 AM

Posted 05 September 2013 - 04:58 PM

If there is no infection found, you don't need to attach it. Please procede to next step...



#5 kennymacattack

kennymacattack
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:03:07 AM

Posted 05 September 2013 - 05:05 PM

That was quick! Thank you.

 

MBAM Log File-

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.05.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
kenny :: KENNY-PC [administrator]

9/5/2013 6:01:06 PM
mbam-log-2013-09-05 (18-01-06).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 245765
Time elapsed: 2 minute(s), 43 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



#6 TwinHeadedEagle

TwinHeadedEagle

  • Security Colleague
  • 352 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:08:07 AM

Posted 06 September 2013 - 01:16 AM

That seems clean too. What browser are you getting redirects on?
 
 
wogs.png Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

 

thisisujrt.gif Download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Edited by TwinHeadedEagle, 06 September 2013 - 01:16 AM.


#7 kennymacattack

kennymacattack
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:03:07 AM

Posted 07 September 2013 - 01:55 PM

I use Mozilla/Firefox. AdWare Cleaner came up with nothing and didn't give a text file. It is quite odd that nothing is showing up and I also haven't had any redirection since I downloaded MBAM. My redirection had been happening for quite some time before that. Maybe it is fixed? lol. But, just in case, here is the JRT report-

 

unkware Removal Tool (JRT) by Thisisu
Version: 5.5.8 (09.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by kenny on Sat 09/07/2013 at 14:47:06.09
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{4303AB84-6F55-E34A-08C9-36C4FC0237C4}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2431}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{4303AB84-6F55-E34A-08C9-36C4FC0237C4}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2431}



~~~ Files

Successfully deleted: [File] "C:\users\default user\start menu\programs\startup\best buy pc app.lnk"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\best buy pc app"
Successfully deleted: [Empty Folder] C:\Users\kenny\appdata\local\{1C2910D5-E021-4C05-B0E0-23CBD5607DA4}
Successfully deleted: [Empty Folder] C:\Users\kenny\appdata\local\{36623241-4295-4D90-A598-95EF34121794}
Successfully deleted: [Empty Folder] C:\Users\kenny\appdata\local\{547F09EE-ADDA-4296-90CE-282A961DE9A8}
Successfully deleted: [Empty Folder] C:\Users\kenny\appdata\local\{7BF6E0B6-E9A5-4AE7-907D-E564F1EBE1D1}
Successfully deleted: [Empty Folder] C:\Users\kenny\appdata\local\{97B68FDA-BC38-4D2D-8297-A24384E6695E}



~~~ FireFox

Emptied folder: C:\Users\kenny\AppData\Roaming\mozilla\firefox\profiles\8o38ad5w.default\minidumps [421 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 09/07/2013 at 14:51:02.70
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#8 kennymacattack

kennymacattack
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:03:07 AM

Posted 07 September 2013 - 02:02 PM

Sorry for replying so soon, but I just got another re-direction to a shopping site when using yahoo! search. It had been a while since it last happened, so I thought it was gone.....



#9 TwinHeadedEagle

TwinHeadedEagle

  • Security Colleague
  • 352 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:08:07 AM

Posted 08 September 2013 - 02:07 AM

Open your topic here, and wait for helper to assist you --> http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users