Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

FileStore72.info - Your Free File Hosting - Redirect


  • Please log in to reply
8 replies to this topic

#1 alice*in*wonderland

alice*in*wonderland

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Location:South Australia
  • Local time:12:28 AM

Posted 13 February 2014 - 03:51 AM

Hello,
 
I use Windows 7 Home Premium, Chrome and google to find a Forum.  I use Microsoft Security Essentials and scan regularly.   When I click the google selection for the Forum, rather than being directed to the forum site I get directed to

h x x p:// filestore72.info/ download.php?id=871062f2
 
"Resource is missing
File with specified ID not found. It may have been removed for breaking the rules.
Online Backup Solutions ........."
 
(It also happens when I use my Nokia Lumia 820 phone to search for the same forum using IE.)  
 
It only happens when I go to  one particular forum.  Google works OK for everything else.   I was able to use editing tools when I posted on that forum but now they either aren't visible or don't work when I use my computer to post.  When I use my phone to access the Forum, the editing tools are visible and look like they would work.  I don't use my phone to post though.
 
Pop Up Ads occur when the filestore site loads.  I can get to the Forum site I want on the second and third try using both my computer and my phone.
 
Sometimes my computer runs very slowly, sometimes my toolbar writing is upside down, sometimes I get a glimpse of the bottom third of my screen displaying letters and numbers before a page loads properly.  I have to close my browser and start again for the problem to correct, sometimes I log off and restart to get the writing back to normal and the screen to display properly.
 
The Forum that I am trying to use is - 
Powered by vBulletin® Version 4.2.0 
 
 
Thank you in advance.

*Moderator Edit: Link broken.
The site may contain malicious content like malware, viruses, or spyware that could harm your computer.~ Queen-Evie*

Edited by Queen-Evie, 13 February 2014 - 09:31 AM.


BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • BC Advisor
  • 12,989 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:11:28 PM

Posted 13 February 2014 - 07:44 AM

The two programs below have recently been able to find and remove the cause of the browser redirect.

 

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#3 alice*in*wonderland

alice*in*wonderland
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Location:South Australia
  • Local time:12:28 AM

Posted 13 February 2014 - 07:44 PM

Thank you Buddy215

 

This is the ADWCleaner text

 

# AdwCleaner v3.018 - Report created 14/02/2014 at 11:02:22
# Updated 28/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Carol - GEOFF-PC
# Running from : C:\Users\Carol\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Save
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16518
 
 
-\\ Google Chrome v
 
[ File : C:\Users\Carol\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [1389 octets] - [14/02/2014 11:00:56]
AdwCleaner[S0].txt - [1092 octets] - [14/02/2014 11:02:22]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1152 octets] ##########


#4 buddy215

buddy215

  • BC Advisor
  • 12,989 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:11:28 PM

Posted 13 February 2014 - 08:07 PM

Do the Junkware Removal Tool scan, too. Let me know if the redirection has stopped.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#5 alice*in*wonderland

alice*in*wonderland
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Location:South Australia
  • Local time:12:28 AM

Posted 13 February 2014 - 08:11 PM

Here is the Junkware Removal Tool result (took me ages to work out how to shut off Microsoft Security Essentials)

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows 7 Home Premium x64
Ran by Carol on Fri 14/02/2014 at 11:28:18.52
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\Carol\appdata\local\software"
Successfully deleted: [Empty Folder] C:\Users\Carol\appdata\local\{042E4C16-6A99-4F4A-A387-AF53C521F482}
Successfully deleted: [Empty Folder] C:\Users\Carol\appdata\local\{0CCFAB7E-7869-48B0-81F5-DCCA2FDE431A}
Successfully deleted: [Empty Folder] C:\Users\Carol\appdata\local\{114A5A7D-8BBC-42AC-8E28-F3A5F69E6565}
Successfully deleted: [Empty Folder] C:\Users\Carol\appdata\local\{248ABDA9-8B44-4446-8B30-D6860297002E}
Successfully deleted: [Empty Folder] C:\Users\Carol\appdata\local\{3DBBA4D9-1981-4AD1-8510-7D9EEE314DA9}
Successfully deleted: [Empty Folder] C:\Users\Carol\appdata\local\{3F0A0513-E5DB-40F7-B49F-58F4DD2C3069}
Successfully deleted: [Empty Folder] C:\Users\Carol\appdata\local\{4346F1AF-D2E8-474A-9158-8BEC0F8548A2}
Successfully deleted: [Empty Folder] C:\Users\Carol\appdata\local\{4A5E3424-04C4-4465-808A-374AA24C295B}
Successfully deleted: [Empty Folder] C:\Users\Carol\appdata\local\{6148FF1F-E6D3-4A01-B62E-A58FABEC578F}
Successfully deleted: [Empty Folder] C:\Users\Carol\appdata\local\{69AA8585-8E5E-4C44-BD64-EC5EFAFC9AF1}
Successfully deleted: [Empty Folder] C:\Users\Carol\appdata\local\{6CF0EE84-6DB3-4B85-B958-87375E0CF749}
Successfully deleted: [Empty Folder] C:\Users\Carol\appdata\local\{71C67F8A-97A5-4530-8BEF-65A236E7FD4E}
Successfully deleted: [Empty Folder] C:\Users\Carol\appdata\local\{74A01102-D4C5-413E-8A25-D8A3B09EB992}
Successfully deleted: [Empty Folder] C:\Users\Carol\appdata\local\{7502D51A-8BB8-4805-92DB-1D170F6573E0}
Successfully deleted: [Empty Folder] C:\Users\Carol\appdata\local\{75391B59-F62D-4FB0-A00D-89DBAD51968D}
Successfully deleted: [Empty Folder] C:\Users\Carol\appdata\local\{7747D79A-0F79-432D-B7B1-AA2A77E0A151}
Successfully deleted: [Empty Folder] C:\Users\Carol\appdata\local\{7B4F78C2-A740-4EC9-A37B-1C8313DBDE95}
Successfully deleted: [Empty Folder] C:\Users\Carol\appdata\local\{7F24CF48-6791-4144-A159-224D530BDF2D}
Successfully deleted: [Empty Folder] C:\Users\Carol\appdata\local\{8E71CFFA-C86B-49B8-904C-5AD8F2437C77}
Successfully deleted: [Empty Folder] C:\Users\Carol\appdata\local\{A39F1A5B-7C45-42CA-8D7B-42A02D1CDC5C}
Successfully deleted: [Empty Folder] C:\Users\Carol\appdata\local\{A4AC5D5F-98BC-4CAC-94E2-8C61ECCA2E14}
Successfully deleted: [Empty Folder] C:\Users\Carol\appdata\local\{B31ADD47-B828-45E1-9BE3-08225ED349B6}
Successfully deleted: [Empty Folder] C:\Users\Carol\appdata\local\{BC9110C2-058F-4B51-AD08-601A2444818F}
Successfully deleted: [Empty Folder] C:\Users\Carol\appdata\local\{C123DC91-442C-4524-9E3E-2E6A1BF5C72A}
Successfully deleted: [Empty Folder] C:\Users\Carol\appdata\local\{C50B839D-0F22-4D54-B960-4F10AB7372DB}
Successfully deleted: [Empty Folder] C:\Users\Carol\appdata\local\{C88514CA-ADB6-4CE9-AAE9-0685500BE197}
Successfully deleted: [Empty Folder] C:\Users\Carol\appdata\local\{CB0290BE-F9EB-4EF1-ABD9-05CCF4A392E1}
Successfully deleted: [Empty Folder] C:\Users\Carol\appdata\local\{D2AF491B-A32E-473F-9424-9085A1BC9BEA}
Successfully deleted: [Empty Folder] C:\Users\Carol\appdata\local\{DCCF4FDA-7637-49B6-8ACD-24C95E504583}
Successfully deleted: [Empty Folder] C:\Users\Carol\appdata\local\{FF09FD19-FE6B-4ABD-88C8-35EE5C24311F}
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 14/02/2014 at 11:32:34.64
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
The redirection is still happening. 
 
A window popped up during the scan - something about Widget Window not working.

Edited by alice*in*wonderland, 13 February 2014 - 08:14 PM.


#6 buddy215

buddy215

  • BC Advisor
  • 12,989 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:11:28 PM

Posted 13 February 2014 - 08:53 PM

Is your phone synced with the computer? Do you sync it by connecting to the computer with wireless or cable?

 

Use CCleaner's default settings to cleanup the computer. Pay close attention while installing and be sure to UNcheck

offers of toolbars such as Yahoo. No need to use the Registry Cleaner and it may cause other problems if used.

CCleaner - PC Optimization and Cleaning - Free Download

 

I was almost sure after seeing the success of those two tools removing what ails you as it did for other users.

But a phone wasn't mentioned in the other users posts.

 

Open Chrome and review the list of add-ons in Chrome. Delete any that you don't recognize.

 

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#7 alice*in*wonderland

alice*in*wonderland
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Location:South Australia
  • Local time:12:28 AM

Posted 14 February 2014 - 02:38 AM

Thank you for your time Buddy215.

 

Yes, my phone is synced with the computer (wireless).  I tried to post on the forum using my phone but the keypad disappears before I can touch it.  

 

I can now access and use the editing tools on the forum from my computer, apparently I needed to refresh the screen using CTRL and F5.

 

I ran the ESET program and forgot to click on the Advanced Settings and the scan showed No Threats found.  I ran the scan again when I realised my error.  Here are the results from second ESET scan which included the extra Advanced Settings ticked:

 

C:\OEM\Preload\Autorun\APP\Nero 10 Essentials Acer Edition\ISSetupPrerequisites\{BF80A1C0-C3FF-4B1C-ABEF-22CD4F97A0AB}\Toolbar.exe a variant of Win32/Bundled.Toolbar.Ask.A potentially unsafe application deleted - quarantined
C:\Users\Carol\Downloads\ccsetup410.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\Carol\Downloads\Speedtest_TuneUpUtilities2012_en-AU.exe a variant of Win32/OpenInstall potentially unwanted application deleted - quarantined
 
 
The redirection is still occurring. 


#8 buddy215

buddy215

  • BC Advisor
  • 12,989 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:11:28 PM

Posted 14 February 2014 - 07:23 AM

You should take a look here: Vbulletin 4.2.0 pl3 hacked redirect to filestore72.info - vBulletin Community Forum

If you have not updated or upgraded to the latest release of Vbulletin then you should do so.

After reading some of the posts there I think there is a very good chance that the problem does not involve software

on your computer or phone. I am going to ask someone else to take a look at this.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#9 alice*in*wonderland

alice*in*wonderland
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Location:South Australia
  • Local time:12:28 AM

Posted 14 February 2014 - 07:41 AM

Thank you again buddy215.  






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users