Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help Please.


  • Please log in to reply
8 replies to this topic

#1 Flowt

Flowt

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:09 AM

Posted 25 May 2006 - 01:47 AM

Everytime I go on google and select a website to go to, it transfers me to another site.
I ran spybot and ad-aware but it keeps happening.

85.225.144.144/click.php?PHPSESSID=5470186C0E5B4A35AB89E7413CFE161D&qq=


Any help would be appreciated!
Thanks!

BC AdBot (Login to Remove)

 


m

#2 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:08:09 AM

Posted 25 May 2006 - 02:12 AM

Looks like you've been hijacked.
I suggest you post a HijackThis log for examination.
A member of the HijackThis Team will walk you through, step by step, how to disinfect your computer.

Read How to post a HijackThis Log.
Please read, and follow, all directions carefully!!!

Then, run a log, and post it in the HijackThis forum, at this link. Do not, fix anything, yet.
A member, of the HJT Team, will help you out.
It may take a while to get a response, because the HJT Team are very busy. Please, be patient, these people are volunteers. They will help you out, as soon as possible.

NOTE:
Once you have made the post, please, DO NOT make another post in the HJT forum, until it has been responded to by a member of the HJT Team. The first thing they look for, when looking for logs to reply to, is 0 replies. If you make another post, there will be 1 reply. The team member, glancing over the replies, might assume someone is already helping you out, and will not respond. So, just make your post, and let it sit there, until a team member responds. This way you will be taken care of, in the most timely manner.
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook

#3 Flowt

Flowt
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:09 AM

Posted 26 May 2006 - 03:06 AM

It has stopped happening.
Should I still start a HijackThis Log?

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,607 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:09 AM

Posted 26 May 2006 - 07:04 AM

If your problem is resolved, there is no need to post a log at this moment. Lets do a few more scans to make sure your system is clean.

If your running Win XP/2000, download and scan with Ewido Anti-Malware v3.5
Ewido Install and Scan Instructions

Then perform these online Virus scans:
[Watch the Address bar in IE. You may receive alerts that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then Click Install ActiveX component.]
Trend Micro Housecall Scan
Panda ActiveScan [ActiveScan Panda does not remove adware/spyware but will autoclean for viruses & worms.]
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 Flowt

Flowt
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:09 AM

Posted 27 May 2006 - 03:08 PM

I scanned with ewido and found a trojan virus but everytime I try and remove it, it says error during cleaning.

Name: Trojan.Small.fb Path: [1528] VM_015D0000 Status: Error during cleaning

How can I delete this virus?

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,607 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:09 AM

Posted 27 May 2006 - 03:57 PM

Ewido should be able to clean this as seen in a log scan from another user:
C:\WINDOWS\SYSTEM32\dmaek.exe -> Trojan.Small.fb : Cleaned with backup
C:\WINDOWS\SYSTEM32\dmaql.exe -> Trojan.Small.fb : Cleaned with backup

Did the file related to this trojan have a random five-letter .exe starting with 'cs', 'dm', or 'df' as shown from the Ewido log above?

Repeat the Ewido scan but this time do it in "SAFE MODE".

Reboot in normal mode and please perform this online scan: F-Secure Online Scanner Next Generation Beta
1. Click on the link "F-Secure Online Scanner Next Generation Beta".
2. You may receive an alert on the address bar at this point to install the ActiveX control.
3. Click on that alert and then Click Insall ActiveX component.
4. Read the license agreement and click "Accept".
5. Click "Full System Scan" to download the scanning components and begin scan and cleaning.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 Flowt

Flowt
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:09 AM

Posted 27 May 2006 - 09:06 PM

I scanned ewido in safe mode but I don't scan the virus.
But when I scan ewido in normal mode, I scan the virus.

#8 Flowt

Flowt
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:09 AM

Posted 28 May 2006 - 12:32 AM

I scanned with ewido in normal mode again and the trojan virus came out again.
It said error during cleaning but it had a diffrent name this time.

Path: [1684] VM_01330000

#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,607 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:09 AM

Posted 28 May 2006 - 05:28 AM

Its time to have a deeper look as to what's going on with your system by creating a hijackthis log. This will help us to identify and remove the malware files responsible for your problems.

Follow tg1911's instructions and post a log in the HijackThis Logs and Analysis Forum, not here, for assistance by the HJT Team Experts.

Edited by quietman7, 28 May 2006 - 05:30 AM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users