Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google searches redirects to some "Flash Player Update" malware


  • Please log in to reply
3 replies to this topic

#1 arturhie

arturhie

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:22 PM

Posted 06 February 2015 - 06:58 PM

Mod Edit: Moved to the Am I Infected forum from WIN 8 ~~ boopme


So recently everyone in my house started having this redirect virus. Eventually, a friend came over and his google searches redirected him to a malicious site pretending to be a "Flash Player Update". We didn't even exanged files through pen-drives, he simply connected to my router and started getting redirected.
 
For some reason I put the router cable that was in the n°1 entry in another entry (n°2) and it stopped happening. Two days after it happened again, and no matter what entry I put the cable IT DOESN'T work  anymore.
 
I did a whole virus search with avira, and found nothing that fixed the problem.
I did a search with adwcleaner and found a lot of stuff, also nothing fixed the problem.
I reset the router multiple times, and still we are faced with the same problem.
 
In my computer specifically, i found some registry entries that mentioned "doubleclick.net", "s.ytimg", and some other adware crap. I deleted them. That did stop my BING researches from being faked, but didn't stop the google and youtube redirection I'm having.
 
Now, I don't know what to do anymore. I don't have any clue. Help, anyone?
 
(editing)
Apologies, apparently I didn't post this at the right place in the forum. Would someone put this in the right place please? I can't delete this and my browsers are barely working so its hard for me to start another thread in the malware forum.

Attached Files


Edited by boopme, 06 February 2015 - 09:01 PM.


BC AdBot (Login to Remove)

 


#2 Phantom010

Phantom010

  • Members
  • 1,022 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cyberspace
  • Local time:03:22 PM

Posted 06 February 2015 - 08:28 PM

If you bypass the router, are you still being redirected?

 

 

Please download MiniToolBox to your desktop and run it.

Select List content of Hosts only.

Click Go.

A Notepad window will be opened. Copy/paste the content into your next reply.



#3 arturhie

arturhie
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:22 PM

Posted 07 February 2015 - 12:07 AM

MiniToolBox by Farbar  Version: 30-11-2014
Ran by Usuario (administrator) on 07-02-2015 at 02:37:04
Running from "C:\Users\Usuario\Downloads"
Microsoft Windows 8.1 Single Language  (X64)
Boot Mode: Normal
***************************************************************************
========================= Hosts content: =================================




**** End of log ****
 
 
 
That is it...
I connected directly from the modem and still got redirected from google to that fake Flash update stuff.

When I was trying to connect to youtube, I noticed the browser showed me "connecting to i1.ytimg.com" and "connecting to doubleclick.net". Then it showed me the usual flash update thing. In the location bar it said I was on youtube.com.



#4 Phantom010

Phantom010

  • Members
  • 1,022 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cyberspace
  • Local time:03:22 PM

Posted 07 February 2015 - 12:12 PM

"doubleclick.net" and "s.ytimg are the Google and Yahoo ad servers. Nothing malicious there. As for Flash, Adobe does not ask you to update Flash on the Web like that.
 
You will probably need more powerful malware removal tools from the Virus, Trojan, Spyware, and Malware Removal Logs forum.

 

Read this:

 

http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/


Edited by Phantom010, 07 February 2015 - 12:14 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users