This topic is lockedI am not sure if this is the problem as I am using the computer in Vietnam. Everytime when I want to use yahoo (www.yahoo.com) and it will automatically direct me to the yahoo vietnam site (http://vn.yahoo.com/?p=us) and I didn't even key in the address with the vn extension. Do you think somehow it recognized that I am using the computer in Vietnam and it will direct me to the problem site? Thank you.
Redirect Problem With Yahoo and Google [Closed]
Started by
kochiu77
, Dec 24 2008 07:00 PM
#16
Posted 26 December 2008 - 11:19 PM
kochiu77
- Topic Starter
-
- Member
-
- 29 posts
Member
I am not sure if this is the problem as I am using the computer in Vietnam. Everytime when I want to use yahoo (www.yahoo.com) and it will automatically direct me to the yahoo vietnam site (http://vn.yahoo.com/?p=us) and I didn't even key in the address with the vn extension. Do you think somehow it recognized that I am using the computer in Vietnam and it will direct me to the problem site? Thank you.
#17
Posted 27 December 2008 - 09:42 AM
greyknight17
-
- Visiting Consultant
-
- 16,560 posts
Malware Expert
That other computer you have is in your house also right? Does it have this same problem?
Were you able to run the TrendMicro scan?
Were you able to run the TrendMicro scan?
#18
Posted 27 December 2008 - 10:55 AM
kochiu77
- Topic Starter
-
- Member
-
- 29 posts
Member
Hi Greyknight,
I have run MicroTrend and discovered 4 HTTP cookies and I also run F-secure online and discover a bit more.
I run F-secure twice and still have 5 malwares. I am using the same problem computer with Firefox but don't have this problem occur.
Do you think the add-on create this problem?
Saturday, December 27, 2008 19:32:54 - 20:38:41
Computer name: PC269896545103
Scanning type: Scan system for malware, rootkits
Target: C:\
--------------------------------------------------------------------------------
Result: 5 malware found
TrackingCookie.Atdmt (spyware)
System
TrackingCookie.Atwola (spyware)
System
TrackingCookie.Mediaplex (spyware)
System
TrackingCookie.Webtrends (spyware)
System
W32/Horst.gen34 (virus)
C:\PROGRAM FILES\IPTV\AGENTZP.OCX (Submitted)
--------------------------------------------------------------------------------
Statistics
Scanned:
Files: 38108
System: 3917
Not scanned: 10
Actions:
Disinfected: 0
Renamed: 0
Deleted: 0
None: 5
Submitted: 1
Files not scanned:
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\WINDOWS\PREFETCH\LAYOUT.INI
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MUVEE TECHNOLOGIES\030625\SCRATCH\ERRSTAT.HTM
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MUVEE TECHNOLOGIES\030625\0102\0310\VALUES
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\HSPERFDATA_ADMINISTRATOR\1140
--------------------------------------------------------------------------------
Options
Scanning engines:
F-Secure USS: 2.40.0
F-Secure Hydra: 2.8.8110, 2008-12-26
F-Secure AVP: 7.0.171, 2008-12-26
F-Secure Pegasus: 1.20.0, 2008-11-17
F-Secure Blacklight: 0.0.0
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
Use Advanced heuristics
I have run MicroTrend and discovered 4 HTTP cookies and I also run F-secure online and discover a bit more.
I run F-secure twice and still have 5 malwares. I am using the same problem computer with Firefox but don't have this problem occur.
Do you think the add-on create this problem?
Saturday, December 27, 2008 19:32:54 - 20:38:41
Computer name: PC269896545103
Scanning type: Scan system for malware, rootkits
Target: C:\
--------------------------------------------------------------------------------
Result: 5 malware found
TrackingCookie.Atdmt (spyware)
System
TrackingCookie.Atwola (spyware)
System
TrackingCookie.Mediaplex (spyware)
System
TrackingCookie.Webtrends (spyware)
System
W32/Horst.gen34 (virus)
C:\PROGRAM FILES\IPTV\AGENTZP.OCX (Submitted)
--------------------------------------------------------------------------------
Statistics
Scanned:
Files: 38108
System: 3917
Not scanned: 10
Actions:
Disinfected: 0
Renamed: 0
Deleted: 0
None: 5
Submitted: 1
Files not scanned:
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\WINDOWS\PREFETCH\LAYOUT.INI
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MUVEE TECHNOLOGIES\030625\SCRATCH\ERRSTAT.HTM
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MUVEE TECHNOLOGIES\030625\0102\0310\VALUES
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\HSPERFDATA_ADMINISTRATOR\1140
--------------------------------------------------------------------------------
Options
Scanning engines:
F-Secure USS: 2.40.0
F-Secure Hydra: 2.8.8110, 2008-12-26
F-Secure AVP: 7.0.171, 2008-12-26
F-Secure Pegasus: 1.20.0, 2008-11-17
F-Secure Blacklight: 0.0.0
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
Use Advanced heuristics
#19
Posted 27 December 2008 - 11:34 AM
greyknight17
-
- Visiting Consultant
-
- 16,560 posts
Malware Expert
An add-on for Internet Explorer you mean? You can try disabling all the add-ons to see if it fixes the problem.
#20
Posted 27 December 2008 - 11:55 AM
kochiu77
- Topic Starter
-
- Member
-
- 29 posts
Member
Hi Greyknight,
I have disable the add-ons for the IE and I have run the ATF cleaner and the problem still exit.
1. Some webpages address will either have a logo of a little guy or a letter G.
2. Some webpages will redirect me to another site.
I have disable the add-ons for the IE and I have run the ATF cleaner and the problem still exit.
1. Some webpages address will either have a logo of a little guy or a letter G.
2. Some webpages will redirect me to another site.
#21
Posted 27 December 2008 - 01:28 PM
greyknight17
-
- Visiting Consultant
-
- 16,560 posts
Malware Expert
Right click on this link http://www.mvps.org/.../DelDomains.inf and choose Save As. Save it to your desktop. Right click on that file and choose Install. It will run immediately (you won't be able to see anything happen). You may delete it afterwards. NOTE: This script will delete any sites you may have added to the Trusted Sites. So if you want them back, you have to add them back to the Trusted Sites again.
Download Hoster at http://www.greyknigh.../spy/Hoster.exe and run it. Click on Restore Original Hosts button and press OK. If you used a custom HOSTS file, you will need to restore the file back.
Then go to C:\Windows\Inf\ and right click on ie (or ie.inf) and choose Install to repair Internet Explorer.
Restart the computer and see if you still have that problem.
Download Hoster at http://www.greyknigh.../spy/Hoster.exe and run it. Click on Restore Original Hosts button and press OK. If you used a custom HOSTS file, you will need to restore the file back.
Then go to C:\Windows\Inf\ and right click on ie (or ie.inf) and choose Install to repair Internet Explorer.
Restart the computer and see if you still have that problem.
#22
Posted 27 December 2008 - 07:09 PM
kochiu77
- Topic Starter
-
- Member
-
- 29 posts
Member
Hi Greyknight,
After I click ie.inf then a window called Files Needed open. Please kindly advise. Thanks.
The file 'IEXPLORE.EXE' on Windows XP Home Edition Service Pack 3D is needed.
Type the path where the file is located and then click OK.
Copy files from:
After I click ie.inf then a window called Files Needed open. Please kindly advise. Thanks.
The file 'IEXPLORE.EXE' on Windows XP Home Edition Service Pack 3D is needed.
Type the path where the file is located and then click OK.
Copy files from:
#23
Posted 27 December 2008 - 08:03 PM
greyknight17
-
- Visiting Consultant
-
- 16,560 posts
Malware Expert
You will need to create a new Windows CD slipstreamed with SP3. This will come in handy in the future, so it's not for a one-time use only. See here on how to create this CD. Once you finish creating it, right click on that ie.inf file again and choose Install. Insert the CD after that and choose to browse to the CD to locate the file.
#24
Posted 27 December 2008 - 08:18 PM
kochiu77
- Topic Starter
-
- Member
-
- 29 posts
Member
Hi Greyknight,
Thanks. I will go buy a CD later.
Thanks. I will go buy a CD later.
#25
Posted 28 December 2008 - 08:46 AM
kochiu77
- Topic Starter
-
- Member
-
- 29 posts
Member
Hi Greyknight,
It has copy some files over from the CD but at the end it said the installation failed.
What did I do wrong?
It has copy some files over from the CD but at the end it said the installation failed.
What did I do wrong?
#27
Posted 29 December 2008 - 10:06 AM
kochiu77
- Topic Starter
-
- Member
-
- 29 posts
Member
Hi Greyknight,
I have just read the instruction on repairing the IE.
Can I still able to retrieve my email from OUTLOOK EXPRESS? Thank you.
I have just read the instruction on repairing the IE.
Can I still able to retrieve my email from OUTLOOK EXPRESS? Thank you.
#28
Posted 29 December 2008 - 07:19 PM
greyknight17
-
- Visiting Consultant
-
- 16,560 posts
Malware Expert
Why? Do you have problems retrieving them? I hope you made a backup of those emails...
#29
Posted 30 December 2008 - 12:00 AM
kochiu77
- Topic Starter
-
- Member
-
- 29 posts
Member
Hi Greyknight,
I have follow every step for repairing the IE7 but at the end after rebot the IE then the redirect webpage appear again.
Please kindly advise. Thank you.
I have follow every step for repairing the IE7 but at the end after rebot the IE then the redirect webpage appear again.
Please kindly advise. Thank you.
#30
Posted 31 December 2008 - 05:27 PM
kochiu77
- Topic Starter
-
- Member
-
- 29 posts
Member
Hi Greyknight,
Happy New Year. I just ran PANDA active scan and found 5 malwares, please kindly take a look. Thank you.
;*******************************************************************************
*********************************************************************************
*******************
ANALYSIS: 2009-01-01 06:11:10
PROTECTIONS: 1
MALWARE: 5
SUSPECTS: 0
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
Windows Defender 1.1.4205.0 No No
;===============================================================================
=================================================================================
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
00366244 Application/NirCmd.A HackTools No 0 No No C:\Documents and Settings\Michael\Desktop\Flash_Disinfector.exe[C:\Documents and Settings\Michael\Desktop\Flash_Disinfector.exe][nircmd.exe]
00366244 Application/NirCmd.A HackTools No 0 No No C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP10\A0002432.exe[C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP10\A0002432.exe][nircmd.exe]
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP5\A0000560.EXE
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP1\A0000004.exe
01262593 Application/NirCmd.A HackTools No 0 No No C:\Downloads\ComboFix.exe[C:\Downloads\ComboFix.exe][nircmd.cfexe]
01262593 Application/NirCmd.A HackTools No 0 No No C:\Downloads\ComboFix.exe[C:\Downloads\ComboFix.exe][nircmd.exe]
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP5\A0000540.sys
04437511 Generic Trojan Virus/Trojan No 0 Yes No C:\Documents and Settings\Michael\Desktop\ComboFix.exe
;===============================================================================
=================================================================================
===================
SUSPECTS
Sent Location h
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================
VULNERABILITIES
Id Severity Description h
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================
Happy New Year. I just ran PANDA active scan and found 5 malwares, please kindly take a look. Thank you.
;*******************************************************************************
*********************************************************************************
*******************
ANALYSIS: 2009-01-01 06:11:10
PROTECTIONS: 1
MALWARE: 5
SUSPECTS: 0
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
Windows Defender 1.1.4205.0 No No
;===============================================================================
=================================================================================
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
00366244 Application/NirCmd.A HackTools No 0 No No C:\Documents and Settings\Michael\Desktop\Flash_Disinfector.exe[C:\Documents and Settings\Michael\Desktop\Flash_Disinfector.exe][nircmd.exe]
00366244 Application/NirCmd.A HackTools No 0 No No C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP10\A0002432.exe[C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP10\A0002432.exe][nircmd.exe]
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP5\A0000560.EXE
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP1\A0000004.exe
01262593 Application/NirCmd.A HackTools No 0 No No C:\Downloads\ComboFix.exe[C:\Downloads\ComboFix.exe][nircmd.cfexe]
01262593 Application/NirCmd.A HackTools No 0 No No C:\Downloads\ComboFix.exe[C:\Downloads\ComboFix.exe][nircmd.exe]
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP5\A0000540.sys
04437511 Generic Trojan Virus/Trojan No 0 Yes No C:\Documents and Settings\Michael\Desktop\ComboFix.exe
;===============================================================================
=================================================================================
===================
SUSPECTS
Sent Location h
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================
VULNERABILITIES
Id Severity Description h
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
