Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Is A Virus Causing Web Page Redirection?


  • Please log in to reply
9 replies to this topic

#1 JPHarvey

JPHarvey

  • Members
  • 508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sydney, Australia
  • Local time:02:09 PM

Posted 06 June 2006 - 09:06 PM

Howdy all,

My partner's logon has recently been having it's web page redirected to inappropriate web pages :thumbsup: and as such it is causing concern that there may be some type of malware on our PC. I had recently gone through HJT Logs and Analysis on my login on an unrelated topic, however, no malware was discovered - ( http://www.bleepingcomputer.com/forums/t/49429/setpointexe-and-possible-worm-or-trojan/ ).

Here is my system configuration:

Windows XP Home SP2
Norton Antivirus 2005 (current and receiving updates)
Spybot S&D 1.4
Internet Explorer 6.0
I also use Ewido AM, A-Squared, McAfee Stinger, Security Task Manager.

The redirect is usually caused when she manually types the address into the address bar, and may only happen very occasionally. :flowers:

I guess my main question is - is it possible for me to run through a complete HJT log and ensure all is well in my login, yet problems remain in her login?
[CPU]Intel E6600 Core 2 Duo @ 3.19GHz
[MoBo]ASUS P5N32-SLI Premium (nForce590)
[RAM]4GB Corsair XMS2 DDR2-800 CL4 @ 710MHz
[GPU]XFX 8800 GTX 768MB [SLI] @ Stock
[PSU]CoolerMaster 1kW
[Audio]ASUS Xonar D2
[Case]Antec Nine Hundred
[OS]Windows Vista Ultimate 64
[LCD]SAMSUNG 226BW
[Other]WC'd CPU & SLI

BC AdBot (Login to Remove)

 


#2 Harry83

Harry83

  • Members
  • 257 posts
  • OFFLINE
  •  
  • Location:State College PA
  • Local time:11:09 PM

Posted 06 June 2006 - 09:56 PM

Okay I just looked at your entire other thread...Grinler is incredibly knowledgable and he couldn't find anything wrong...wow...it appears you were still having that redirect problem? You said it only happens when your partner is logged in?

I don't really know how to answer your question because the entire situation is odd. There is no reason why your browser should redirect to porn sites if there is no malware on the PC...I suggest logging in under your partner's login and then posting a new HJT log...Describe the problem in the subject line...you could provide links to associated threads for your helper too...

It is actually possible that you have a rootkit infection that hides itself from Blacklight and Rootkit Revealer..I have heard of this before, which makes certain malware rootkits almost invisible to detection tools. Apparently, these require an incredible amount of sophistication though, so it's doubtful you'd have such a thing.

I'm sorry I don't have a good answer for you but a redirect to inappropriate sites definitely sounds like a malware problem...

If you post a new HJT log and another helper can't find anything wrong either then I guess your only solution would be to format your drive...that would suck though. Hopefully someone will have some insight into this problem.

Edited by Harry83, 06 June 2006 - 10:09 PM.

--
Harry83
Posted Image
Liberating America From Spyware - 1 Computer at a time...

#3 JPHarvey

JPHarvey
  • Topic Starter

  • Members
  • 508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sydney, Australia
  • Local time:02:09 PM

Posted 06 June 2006 - 10:40 PM

Okay, I'll post a new HJT Log from her login. It's really weird hey, because it does not do it every time - I tried it and it didn't work?! Go figure... I guess we'll see what comes out of the analysis.
[CPU]Intel E6600 Core 2 Duo @ 3.19GHz
[MoBo]ASUS P5N32-SLI Premium (nForce590)
[RAM]4GB Corsair XMS2 DDR2-800 CL4 @ 710MHz
[GPU]XFX 8800 GTX 768MB [SLI] @ Stock
[PSU]CoolerMaster 1kW
[Audio]ASUS Xonar D2
[Case]Antec Nine Hundred
[OS]Windows Vista Ultimate 64
[LCD]SAMSUNG 226BW
[Other]WC'd CPU & SLI

#4 Harry83

Harry83

  • Members
  • 257 posts
  • OFFLINE
  •  
  • Location:State College PA
  • Local time:11:09 PM

Posted 06 June 2006 - 11:16 PM

Good luck, I really hope this gets worked out...

Oh an also please post back to this thread after the HJT analysis...I'm interested to see what comes of this.
--
Harry83
Posted Image
Liberating America From Spyware - 1 Computer at a time...

#5 acklan

acklan

    Bleepin' cat's meow


  • Members
  • 8,529 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Baton Rouge, La.
  • Local time:09:09 PM

Posted 07 June 2006 - 12:46 AM

What is the URL that her computer is redirected to?
"2007 & 2008 Windows Shell/User Award"

#6 JPHarvey

JPHarvey
  • Topic Starter

  • Members
  • 508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sydney, Australia
  • Local time:02:09 PM

Posted 07 June 2006 - 01:02 AM

Okay - here is the URL:

//www.mediapickle.com/new/

Filth I tells ya!

I'll post my log in a minute! :thumbsup:

Edited by KoanYorel, 07 June 2006 - 01:41 AM.

[CPU]Intel E6600 Core 2 Duo @ 3.19GHz
[MoBo]ASUS P5N32-SLI Premium (nForce590)
[RAM]4GB Corsair XMS2 DDR2-800 CL4 @ 710MHz
[GPU]XFX 8800 GTX 768MB [SLI] @ Stock
[PSU]CoolerMaster 1kW
[Audio]ASUS Xonar D2
[Case]Antec Nine Hundred
[OS]Windows Vista Ultimate 64
[LCD]SAMSUNG 226BW
[Other]WC'd CPU & SLI

#7 Harry83

Harry83

  • Members
  • 257 posts
  • OFFLINE
  •  
  • Location:State College PA
  • Local time:11:09 PM

Posted 07 June 2006 - 03:18 AM

Okay, mediapickle.com is associated with 180 Solutions which pops up the inappropriate websites you were talking about based upon entered keywords in searches, or while surfing. This could have been installed on your PC via bundling or a browser security hole. Some affiliate websites force install it as well. It actually will log all websites that you visit.

Here is a link to some information about it at Symantec:

180 Solutions Info

This also has removal instructions but since you have posted a new log to the HJT board (I think?) then you shouldn't alter your system until you receive help.

There is an auto-removal tool at spywareremove.com but it's not a widely known site. They look credible but I'm not sure how effective the tool is so I can't recommend it or advise you to use it.

From the research I've done it seems as if most anti-malware scanners have updated their definitions to detect and remove this threat. I find it extremely odd that nothing showed up in your previous HJT log...

I hope this at least gives you and idea of what might be happening with your system. I hope it gets cleared up soon :thumbsup: Just make sure after your helper is done with you that you follow the prevention steps in the clean up speech and keep your system and anti-malware definitions fully up to date. :flowers:
--
Harry83
Posted Image
Liberating America From Spyware - 1 Computer at a time...

#8 Harry83

Harry83

  • Members
  • 257 posts
  • OFFLINE
  •  
  • Location:State College PA
  • Local time:11:09 PM

Posted 07 June 2006 - 05:27 AM

I know I briefly mentioned spywareremove.com...just to clarify on that topic. They are the makers of a very mediocre Anti-Malware product called SpyHunter that used to be classified as "Rogue/Suspect" by Spyware Warrior...it has since been delisted (they cleaned up their aggressive advertising/false positives as goad to purchase schemes) but is still not a very good product...I would not recommend you use tools from their site even though it claims to solve your problem.

I don't recommend it because the tools effectiveness has not been tested. This company isn't doing anything wrong, but I can't recommend tools I don't trust or haven't tested....
--
Harry83
Posted Image
Liberating America From Spyware - 1 Computer at a time...

#9 Harry83

Harry83

  • Members
  • 257 posts
  • OFFLINE
  •  
  • Location:State College PA
  • Local time:11:09 PM

Posted 07 June 2006 - 06:05 AM

I just looked in your log and I 100% definitely see a bad entry in there...so looks like something showed up this time in the log! Don't worry, in a few days a helper will be along to tell you exactly what to do. Unfortunately I'm not allowed to, because I'm still a trainee :thumbsup:

But, you're now on your way to having a popup free PC....
--
Harry83
Posted Image
Liberating America From Spyware - 1 Computer at a time...

#10 JPHarvey

JPHarvey
  • Topic Starter

  • Members
  • 508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sydney, Australia
  • Local time:02:09 PM

Posted 07 June 2006 - 04:36 PM

Sweet as - thank you very much, and I will eagerly await the analysis of my HJT log!

Cheers - :thumbsup:
[CPU]Intel E6600 Core 2 Duo @ 3.19GHz
[MoBo]ASUS P5N32-SLI Premium (nForce590)
[RAM]4GB Corsair XMS2 DDR2-800 CL4 @ 710MHz
[GPU]XFX 8800 GTX 768MB [SLI] @ Stock
[PSU]CoolerMaster 1kW
[Audio]ASUS Xonar D2
[Case]Antec Nine Hundred
[OS]Windows Vista Ultimate 64
[LCD]SAMSUNG 226BW
[Other]WC'd CPU & SLI




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users