Browser Redirect

June 16, 2009 at 09:08:31
Specs: Microsoft Windows XP Home Edition, 3.066 GHz / 1525 MB
Hi hope someone can help me, i have been infected by something that is redirecting my web browser in both IE and Firefox i also can't connect to windows update, the only way i can get to go where i wont is to delete everthing in IE just before searching ...... this other place online had me post a lot of logs but they couldnt find what woz wrong ???

any help appreciated i notice someone here had similar problem solved

Webb


See More: Browser Redirect

Report •


#1
June 16, 2009 at 09:17:15
Have you scanned your PC with antivirus? Run full scan with malwarebytes and post scan log. Which logs did this other place require you make. Can you name program or log you made for them?

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#2
June 16, 2009 at 09:41:30
i have scanned my pc a million times lol i get antivirus from my broadband provider "PC-Guard virgin meadia" the other place was A-Squared but there free scaning tool wouldnt update the first time i used it i found a trojan unfortaneutely i deleted it before anyone new what it woz, and the programe didnt keep a log of it ...... the logs they wanted where the log from free scanning tool, a A-Squared Hijackfree log and a Iseeyouxp log

i just downloaded the program u spoke of and installed it but it wont open ???? ill try redownloading it

thanks Webb


Report •

#3
June 16, 2009 at 09:53:48
Leave that program for now. Pause/stop your current Antivirus/Spyware programs. Download and run Kaspersky AVP tool: http://devbuilds.kaspersky-labs.com...
Once you download and start the tool:
# Check below options:

    * Select all the objects/places to be scanned. 
    * Settings > Customize > Heuristic analyzer > Enable deep rootkit search

# Click Scan
# Fix what it detects
# Attach Scan log/Summary to your next message.

Illustrated tutorial: http://img32.imageshack.us/img32/76...

PS: If you can't open it in normal mode boot to safe mode and run the program.

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

Related Solutions

#4
June 16, 2009 at 10:15:40
i redownloaded and reinstalled Malwarebytes but it still wont open ? also i cant follow your link to the kaspersky avp know matter how many cookies i delete i even used ATF-Cleaner before i tried can u tell me here what the program is and version ill try get it some how

ps just fort u should know somehow i have tranfered this problem to laptop its on vista not xp would it be better to fix there ?

Thanks Webb


Report •

#5
June 16, 2009 at 10:19:50
Follow these in order numbered:

1) Change your dns servers to http://www.opendns.com/start/

2) Follow Response Number 3. Run it in safe mode. If you can't download it for some reason download it on another computer and transfer it via usb.

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#6
June 16, 2009 at 10:44:04
sorry i dont know how to change my dns servers ? ill have to wait till tomorrow to get on another uninfected pc ill try on laptop tho let u know

Report •

#7
June 16, 2009 at 10:54:17
laptop a no go :(

thanks Webb


Report •

#8
June 16, 2009 at 11:31:40
Did you visit site in Response Number 5 step 1). It has directions on how to change dns servers.

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#9
June 16, 2009 at 11:59:27
yes i just worked out what u ment lol i visited and changed dns server but but link still wont work it even wont go to a page that says it has connection probs just wont work at all

i had two connections first one 1394 set to automatically second one local connection diff numbers to the ones u siad i should change to can i post them will it help ?


Report •

#10
June 16, 2009 at 12:02:53
Follow next:
Note: I can help you remove malware manually. Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible. First Track this topic. Then follow:

1) Can you please post your AVZ log:
Note: Run AVZ in windows normal mode. If avz.exe doesn't start, then try to rename the file avz.exe to something else and try to run it again. Make sure you have your web browser open in background before following the steps below.

i) To create the log file, download AVZ by clicking HERE. Please save this file to your desktop or "My Documents" folder.

ii) Please launch the file A-V-Z.exe by double clicking on it or right clicking and selecting Open.
Note: If you are running Windows vista launch A-V-Z.exe by right clicking and selecting Run as Administrator.

You should now see the main window of the AVZ utility. Please navigate to File->Custom Scripts. Copy the script below by using the keyboard shortcut CTRL+C or the corresponding option via right click.

begin
ExecuteStdScr(3);
RebootWindows(true);
end.


Paste the script into the execution window by using CTRL+V keyboard shortcut, or the "paste" option via the right click menu. Click on Run to run the script, the PC will reboot. After the reboot the LOG subfolder is created in the folder with AVZ, with a file called virusinfo_syscure.zip inside. Upload that file to rapidshare.com and paste the link here.

Image Tutorial

2) Download and Run DDS which will create a Pseudo HJT Report as part of its log: DDS Tool Download Link. When done, DDS will open two (2) logs

   1. DDS.txt
   2. Attach.txt

Upload the logs to rapidshare.com and paste download link in your next reply.
Note: Disable any script-blocking programs and then double-click on the DDS.scr icon to start the program. If you did not disable a script-blocker that may be part of your antimalware program, you may receive a warning from your antimalware product asking if you would like DDS.scr to run. Please allow it to do so.

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#11
June 16, 2009 at 12:25:56
i can get the avz program to work in normal windows but your seqence of avents dont tally to saveing the custom scripts will keep trying to make sence of it ok

thanks Webb


Report •

#12
June 16, 2009 at 12:31:45
silly me didnt actually run scan know wonder i couldnt save it lol but in my defence it dont tell u to either lol post soon ok

Report •

#13
June 16, 2009 at 12:33:40
Look at image tutorial.

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#14
June 16, 2009 at 12:42:16
sorry and thanks again its scanning now ok

Webb


Report •

#15
June 16, 2009 at 13:12:39
Post the required logs after it finishes.

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#16
June 17, 2009 at 09:25:14
Hi again posting log from AVZ Antiviral took ages lol below

http://rapidshare.com/files/2455992...

Also i managed to download

" Kaspersky AVP Tool 7.0.0.290 ..... date 17/06/2009" is this the tool on your link, and should i run and post a log from it ?

thanks again Webb


Report •

#17
June 17, 2009 at 09:30:49
Read: Response Number 10 carefully you posted wrong files. No need to run AVP tool you can delete it for now.

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#18
June 17, 2009 at 11:34:53
i tried to follow instructions but it not like it said plus after 1.30 hours the log plus the scan just dissapear grrr

Report •

#19
June 17, 2009 at 13:13:52
Try to run it in safe mode Response Number 10 Part 1 in safe mode and part 2 in normal mode.

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#20
June 18, 2009 at 10:34:31
hi again i got all three logs eventually sorry for been a numpty but it says dont post the attach.txt log unless specifically instructed to ..... it says to zip it up and attach it ?

Thanks Webb


Report •

#21
June 18, 2009 at 10:57:32
Yes follow: Response Number 10 post both the logs. In total 3 logs.

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#22
June 18, 2009 at 11:32:04
Hi again hope i did it right this time here goes fingers crossed

the zipped one

http://rapidshare.com/files/2460049...

dds one

http://rapidshare.com/files/2460036...


Attach one

http://rapidshare.com/files/2460027...


Thanks Webb


Report •

#23
June 18, 2009 at 12:02:08
Follow these Steps in order numbered. Don't proceed to next step unless you have successfully completed previous step:

1) Run this script in AVZ like before, your computer will reboot:

begin
SetAVZGuardStatus(True);
SearchRootkit(true, true);
 QuarantineFile('C:\WINDOWS\TEMP\tempo-15866655.tmp','');
 QuarantineFile('\\?\globalroot\systemroot\system32\gxvxcfkvjbogrvwbhisompjdlrgkkytfuyyff.dll','');
 QuarantineFile('\\?\globalroot\systemroot\system32\gxvxcsonlpkegbvntbvptxllrmtknhvqbsthc.dll','');
 DeleteFile('\\?\globalroot\systemroot\system32\gxvxcsonlpkegbvntbvptxllrmtknhvqbsthc.dll');
 DeleteFile('\\?\globalroot\systemroot\system32\gxvxcfkvjbogrvwbhisompjdlrgkkytfuyyff.dll');
 DeleteFile('C:\WINDOWS\TEMP\tempo-15866655.tmp');
 DeleteFile('C:\windows\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.

2) After reboot execute following script in AVZ:

begin
CreateQurantineArchive('C:\quarantine1.zip');    
end.


A file called quarantine1.zip should be created in C:\.

3) Attach a Combofix log, please review and follow these instructions carefully.

Download it here -> http://download.bleepingcomputer.co...

Before Saving it to Desktop, please rename it to something like 123.exe to stop malware from disabling it.

Now, please make sure no other programs are running, close all other windows and pause Antivirus/Sypware programs (http://www.bleepingcomputer.com/forums/topic114351.html Programs to disable) until after the scanning and removal process has taken place.

Please double click on the file you downloaded. Follow the onscreen prompts to start the scan. Once the scanning process has started please DO NOT click on the Combofix window or attempt to use your computer as this can cause the scanning process to stall. It may take a while to complete scanning and this is normal.

You will be disconnected from the internet and your desktop icons/toolbars will disappear during scanning, do not worry, this is normal and it will be restored after scanning has completed.

Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please upload that file to rapidshare.com and paste the link here.

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#24
June 18, 2009 at 13:38:16
Hi again getting good at this lol well i hope lol still havent a clue what it all means tho

quarantine log

http://rapidshare.com/files/2460460...

combofix log

http://rapidshare.com/files/2460465...

Thanks Webb


Report •

#25
June 18, 2009 at 14:02:33
Note: uninstall Combofix by: pause Antivirus/Sypware programs (http://www.bleepingcomputer.com/forums/topic114351.html Programs to disable) > Start > run > type combofix /u > ok. Or Start > run > type 123 /u > ok.

Can you delete above links its not wise to post virus infected files open in public. Please follow these steps in order numbered and post summary log after each step:

1) Run a full scan with http://www.eset.com/onlinescan/

# Check the box next to YES, I accept the Terms of Use.
# Click Start
# When asked, allow the activex control to be installed.
# Click Start
# Check below options:

    * Remove found threats
    * Scan archives
    * Scan for potentially unwanted applications (Advance Settings).
    * Enable Anti-Stealth technology (Advance Settings).

# Click Scan
# Wait for the scan to finish
# When it finishes it will create a log file here: C:\Program Files\ESET\ESET Online Scanner\log.txt
# Attach this logfile to your next message.

Illustrated tutorial: http://img155.imageshack.us/img155/...

3) Install, update database and run full scan with Malwarebytes' Anti-Malware. Attach malwarebyte full scan log, fix anything detected.

4) House cleaning. Run full Scan with SuperAntispyware : http://www.superantispyware.com/dow... . Fix what it detects and post summary scan log.

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#26
June 19, 2009 at 09:41:04
hi again here goes again hope i did it right

eset log

http://rapidshare.com/files/2463355...

malwarebytes log

http://rapidshare.com/files/2463364...

superantispyware log

http://rapidshare.com/files/2463370...

Thanks Webb


Report •

#27
June 19, 2009 at 10:05:48
Fix what malwarebytes detected. Delete your old restore points. Is your original problem solved?

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#28
June 19, 2009 at 10:41:31
Hi again is there a better way to Delete all restore points, than disk clean up? it keeps not responding? i fixed the malwarebytes things, ps things seem back to normal too with the redirecting thing so far


Thanks Webb


Report •

#29
June 19, 2009 at 10:53:43
How to turn it off/on: http://support.kaspersky.com/faq/?q... Turn it off reboot and turn it back on to delete old restore points.

"ps things seem back to normal too with the redirecting thing so far " Which ps? redirecting thing?

If I'm helping you and I don't reply within 24 hours send me a PM.

If everything is normal follow:

1) http://onecare.live.com/site/en-Us/...
2) http://onecare.live.com/site/en-Us/...


Report •

#30
June 19, 2009 at 11:10:42
sorry "ps thing ment my original problem with IE redirecting" i dont seem to be happening yet not used a lot yet tho, but before, happened every time unless i deleted all cookies ect, plus i just checked i can get to windows update :)

will do the restore point thing in a min ok thanks

Thanks for every thing u help me with very appreciated but i just realized something that might undo your good work i got a external hard drive i not turned on since u been helpin me but has been on when i been infected i have disconnected it but still need to mend laptop could connect it to that to fix least then i got one machine working uninfected

plus should i start a new thread for laptop ?

pss laptop cant connect to computing.net tonight ? keeps getting 504 Gateway Time-out ??? but desk top did once too

thanks again Webb


Report •

#31
June 19, 2009 at 12:26:30
Follow Response Number 3 (redownload new AVP tool don't use old one) for you laptop make sure you attach you external drive to it so it can be scanned and start a new post for your laptop. I am not monitoring this post anymore if you still need help regarding original problem please private message me.

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •


Ask Question