Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Websites redirecting, scans find nothing


  • Please log in to reply
1 reply to this topic

#1 memorial

memorial

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:40 AM

Posted 11 October 2014 - 03:53 PM

Hello, I am using Windows 7, and am having redirect problems that I believe are caused by a root ransomware virus. The problem began with redirects to Interpol and Italian police ransomware sites (I am an American in Italy). Not all sites redirected at first though, and eventually Malewarebytes and Avast were able to locate and quarantine some files. But the problem has not gone away. The only sites I can access are major ones (nfl.com, cnn.com, youtube.com, etc., avast's website, google sites, etc.) Any smaller websites (atlantic.com, huffingtonpost.com, etc.) get redirected. At the moment, the redirects on Internet Explorer go to a graphic "dating" website, which can be closed down easily. On Firefox, the "Interpol" site still comes up, though Avast tends to stop it and quarantine it before it causes any harm. Nevertheless, I still can't go on the site. I am using Chrome without Javascript to figure out what to do (how I am using this site right now, which would redirect otherwise). So whatever it is, it functions off of Javascript. The real problem is that whatever is messing with my internet is on my computer, and is not being found. I'm constantly running scans through Avast, Malewarebytes, and now AdwCleaner. Each one at one time or another has found problematic files, but nothing has eliminated whatever is causing the problem. And the great majority of scans say nothing is wrong, which is patently not the case. On one hand, the problem does not seem to be very series-yet-since everything on my computer works normally, except for visiting 99 percent of websites. The ransomware locks have never popped up when I start up my computer or prevented me from running scans or downloading programs like Avast and AdwCleaner. On the other, besides obviously wanting basic internet functionality back, I am worried that whatever is on my computer could spread, and quickly. Please advise on how to proceed. To get the ball rolling, I will paste some of the results that were found. These are the results of the first AdwCleaner scan and clean: # AdwCleaner v3.311 - Report created 11/10/2014 at 21:30:28 # Updated 30/09/2014 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Alex - HAL # Running from : C:\Users\Alex\Downloads\AdwCleaner.exe # Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** File Found : C:\Program Files (x86)\Mozilla Firefox\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433} File Found : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll File Found : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.xpt File Found : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll File Found : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.xpt File Found : C:\Users\Public\Desktop\eBay.lnk Folder Found : C:\Program Files (x86)\Common Files\Software Update Utility Folder Found : C:\ProgramData\Browser Manager Folder Found : C:\Users\Alex\AppData\Local\iLivid ***** [ Scheduled Tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Found : HKCU\Software\ilivid Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Key Found : [x64] HKCU\Software\ilivid Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Key Found : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1} Key Found : HKLM\SOFTWARE\Classes\AppID\dnu.EXE Key Found : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe Key Found : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96} Key Found : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70} Key Found : HKLM\SOFTWARE\Classes\dnUpdate Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1 Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1 Key Found : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5} Key Found : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA} Key Found : HKLM\SOFTWARE\iLividSRTB Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90} Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17280 -\\ Mozilla Firefox v32.0.3 (x86 en-US) [ File : C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\zkanhgp6.default-1413030450884\prefs.js ] -\\ Google Chrome v37.0.2062.124 [ File : C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [3319 octets] - [11/10/2014 21:30:28] ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [3379 octets] ########## I'm not sure how to copy the Avast results, but the virus' are all called HTML:FakeLock-F[Trj] and JS:ScriptIP-inf[Trj] Thank you for your time

BC AdBot (Login to Remove)

 


m

#2 memorial

memorial
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:40 AM

Posted 11 October 2014 - 03:55 PM

Didn't mean for that to be a giant block. I had paragraphs, but I am forced to not use Javascript in order to use this site, which I think caused that rather unseemly mess.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users