Page 2 of 4 FirstFirst 1234 LastLast
Results 11 to 20 of 31

Thread: All browsers hijacked - redirecting search links

  1. #11
    Junior Member
    Join Date
    Nov 2009
    Posts
    16

    Default

    Yes, Kaspersky is a highly recommended antivirus tool I downloaded when I realized my PC was infected. I knew that bitdefender (the very highly rated AV I paid for) hadn't found anything so I wanted a second opinion.

    I'll run through the other recomendations here in your last post but I am still having the issue and it feels like we're sort of giving up.

    Did you see anything else that could be the root of the issue?

    This is reall frustrating.

    It isn't your fault though, it is mine. I appreciate that you gave it a shot.

    -Jonathan

  2. #12
    Emeritus- Malware Team
    Join Date
    Oct 2009
    Location
    New England, USA
    Posts
    503

    Default

    I'll run through the other recomendations here in your last post but I am still having the issue and it feels like we're sort of giving up.
    No, I'm no where near giving up. Please proceed with the instructions and we'll go from there.


    Did you see anything else that could be the root of the issue?
    Not yet, but we haven't come close to exhausting our resources. I thought maybe combofix took care of the issue. Is it any different after running it?


    This is reall frustrating.
    Understood. Just hang in there and we'll work through it.

  3. #13
    Junior Member
    Join Date
    Nov 2009
    Posts
    16

    Default

    Thanks for the encouragement and reassurance.

    To answer your question regarding whether anything is different. If it is, I can't tell. The original issue that brought me here is still in place. I just did a search on Bing for 'finance' and clicked on one of the search results that was 'comcast/finance' which appeared to be an article on a finance blog but I was directed to a search site called 'thermocite' instead.

    This was after the Malwarebytes scan and fix below.

    Here's the log from the quick scan with Malwarebytes:

    Malwarebytes' Anti-Malware 1.41
    Database version: 2775
    Windows 5.1.2600 Service Pack 3

    12/2/2009 8:36:19 AM
    mbam-log-2009-12-02 (08-36-19).txt

    Scan type: Quick Scan
    Objects scanned: 120662
    Time elapsed: 14 minute(s), 19 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 1
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\{442e26b2-0ae9-1033-0203-060506210001} (Trojan.Agent) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

  4. #14
    Emeritus- Malware Team
    Join Date
    Oct 2009
    Location
    New England, USA
    Posts
    503

    Default

    I'd like for you to run this next online scan to check for remnants or anything that might be hidden.
    The below scan can take up to an hour or longer, please be patient.

    *Note
    It is recommended to disable onboard antivirus program and antispyware programs while performing scans so no conflicts and to speed up scan time.
    Please don't go surfing while your resident protection is disabled!
    Once scan is finished remember to re-enable resident antivirus protection along with whatever antispyware app you use.


    Please do a scan with Kaspersky Online Scanner or from here
    http://www.kaspersky.com/virusscanner

    Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

    • Click on the Accept button and install any components it needs.
    • The program will install and then begin downloading the latest definition
      files.
    • After the files have been downloaded on the left side of the page in the Scan section select My Computer.
    • This will start the program and scan your system.
    • The scan will take a while, so be patient and let it run. (At times it may appear to stall)
      * Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
      * Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
      * Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
    • Once the scan is complete, click on View scan report To obtain the report:

    Click on: Save Report As
    Next, in the Save as prompt, Save in area, select: Desktop
    In the File name area, use KScan, or something similar In Save as type, click the drop arrow and select:
    Text file [*.txt]
    Then, click: Save
    Please post the Kaspersky Online Scanner Report in
    your reply.

    Animated tutorial
    http://i275.photobucket.com/albums/jj285/B...ng/KAS/KAS9.gif

    (Note.. for Internet Explorer 7 users:
    If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%
    .)
    Or use Firefox with IE-Tab plugin
    https://addons.mozilla.org/en-US/firefox/addon/1419

    In your next reply post:
    Kaspersky log
    New HJT log taken after the above scan has run


    Let me know how it's running too please.

  5. #15
    Junior Member
    Join Date
    Nov 2009
    Posts
    16

    Default

    Hi Indegenus,

    Sorry it has taken a little longer to get back. I had a hectic couple days with work.

    I ran this Kaspersky Online scan overnight last night and it ran for 8.2 hours. Thsi morning it showed no threats. I clicked on the report button and as the page was trying to load, I noticed that the scan had only run 88% instead of the expected 100%. By clicking the report link (the report was blank) and going back to the scan page, it started over with the ''accept' button.

    I am running the scan again today while I am at work and will check it again when I get back.

    Overall, the computer is running fine, so none of the scanning and fixing we've done has broken anything. However, the issue with the browser redirect remains.

    Thanks again. You'll hear from me in about another 10 hours.

    Regards,
    Jonathan

  6. #16
    Emeritus- Malware Team
    Join Date
    Oct 2009
    Location
    New England, USA
    Posts
    503

    Default

    How are you making out here Jonathan?

  7. #17
    Junior Member
    Join Date
    Nov 2009
    Posts
    16

    Default

    Hi Indegenus,

    This scan was interrupted again. The last one I ran was 9 hours, 80 something percent complete ... looking like it had stalled and I had no choice but to stop it so I could install a new development studio I need for work (the install requires 2 or 3 reboots).

    It's just tough to do the really long scans on a PC that I use so often.

    I am going to keep trying though. Don't give up on me yet.

    -J

  8. #18
    Emeritus- Malware Team
    Join Date
    Oct 2009
    Location
    New England, USA
    Posts
    503

    Default

    We can try another scanner.

    Eset Online Scanner
    Run with Internet Explorer
    • Place a check mark in the box YES, I accept the Terms Of Use
    • Click the Start button.
    • Now click the Install button, or click the notification bar at the top of the window and choose to install.
    • Click Start. The scanner engine will initialize and update.
    • Do Not place a check mark in the box beside Remove found threats.
    • Click the Scan button. The scan will now run, please be patient.
    • When the scan finishes click the Details tab.
    • Copy and paste the contents of the C:\ProgramFiles\EsetOnlineScanner\log.txt into your next reply.

  9. #19
    Emeritus- Malware Team
    Join Date
    Oct 2009
    Location
    New England, USA
    Posts
    503

    Default

    Just got a heads up from other experts on a new infection causing your issues.

    A quick check....

    Give me a list of your Firefox Add-ons:

    In Firefox click Tools --> Add-ons

  10. #20
    Junior Member
    Join Date
    Nov 2009
    Posts
    16

    Default

    Hi Indigenus

    When I go to my add-ons for Firefox, I just get a list to select and add, so I think it means I don't have any add-ons installed. I am attaching a small screen shot just so you know what I am looking at.

    I also have pasted in the log.txt from the Eset scan. It did find a file - an old crack for WinRar, but I don't believe that file has anything to do with my issue. I will go ahead and delete it for good measure.

    First, the log.txt:

    ESETSmartInstaller@High as CAB hook log:
    OnlineScanner.ocx - registred OK
    # version=7
    # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
    # OnlineScanner.ocx=1.0.0.6211
    # api_version=3.0.2
    # EOSSerial=cbd34a521afd4744b2d42bb46a242bac
    # end=finished
    # remove_checked=false
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2009-12-06 07:22:19
    # local_time=2009-12-06 02:22:19 (-0500, Eastern Standard Time)
    # country="United States"
    # lang=1033
    # osver=5.1.2600 NT Service Pack 3
    # compatibility_mode=512 16777215 100 0 0 0 0 0
    # compatibility_mode=2053 16776869 100 100 0 141858025 0 0
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # scanned=250753
    # found=1
    # cleaned=0
    # scan_time=5973
    C:\Program Files\WinRAR\WRARcrk.exe probably a variant of Win32/Bifrose trojan 00000000000000000000000000000000 I


    ______

    The screenshot of my tools / add-ons for FF is attached ato this message as a file.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •