Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

browser (not google) redirect

Started by ghosttomost , Sep 30 2010 03:58 PM

Please log in to reply

#1
ghosttomost

Posted 30 September 2010 - 03:58 PM

New Member

Member
4 posts

Hi there, a couple weeks ago my browser (firefox) began acting strange. It started with the google redirect, then certain pages wouldn't load, and finally most links and bookmarks are just redirected instantly. I was able to remove the google redirect using the instruction guide in the self-help section of this site, but the other problems have persisted. I am using chrome now, and some of the problems are starting to carry over here. I tried downloading MBAM but either the link in the stickied thread is dead or the malware affecting my browsers won't let me load that site. Any help would be appreciated.
Thanks

#2
Cold Titanium

Posted 30 September 2010 - 04:42 PM

Trusted Helper

Malware Removal
1,735 posts

Hello ghosttomost and welcome to G2G!

My name is Cold Titanium

, and I will be assisting you with your problem. I am still in training, so all my replies need to be checked by an expert first. So there may be a slight delay in between replies.

Please follow all of my instructions without skipping anything. Also, please refrain from experimenting around whilst I am helping you. At times some of the things I tell you to do may seem unnecessary and frustrating, but just stick to it and we'll get through

Note: Please save these instructions in a file or print them out, as the internet may not be available while we are fixing the system.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Let's get some logs:

Step #1

Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top make sure it is set to Standard Output.
Ensure the Use SafeList is selected for Extra Registry
Under the Custom Scans/Fixes box at the bottom, paste in the following

msconfig
safebootminimal
safebootnetwork
activex
netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
Click the Run Scan button. Do not change any settings unless otherwise told to do so.
When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Step #2

Download GMER to your desktop
Right-Click and extract it to the desktop
Double-Click gmer.exe
If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
- IAT/EAT
- Drives/Partition other than Systemdrive (typically C:\)
- Show All (don't miss this one)
Then click the Scan button & wait for it to finish. (Please be patient as it can take some time to complete)

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

After it finishes scanning

Click on the [Save..] button, and in the File name area, type in "ark.txt"
Save it to your desktop

Post ark.txt in your next reply

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I'd like to see OTL.txt and ark.txt in your next reply...

#3
ghosttomost

Posted 30 September 2010 - 05:50 PM

New Member

Topic Starter
Member
4 posts

Thanks, I was unable to complete the GMER scan (it blue screen'd and shut down my computer).
Here is my OTL info though:

Spoiler

And the extras:

Spoiler

Hopefully that is enough information!

#4
Cold Titanium

Posted 02 October 2010 - 08:29 AM

Trusted Helper

Malware Removal
1,735 posts

Are any of your other computers getting redirected?

Step #1

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.81,93.188.161.221
SafeBootMin: klmdb.sys - Driver
SafeBootNet: klmdb.sys - Driver

:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Step #2

Posted Image

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Step #3

Posted Image

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. NOT supported for use in 9x or ME

Upgrading Java :

Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 21 .
Click the JDK 6 Update 21 (JDK or JRE) "Download JRE" button.
Select your Platform, Register (if you want) and check the box that says: "I agree to the Java SE Runtime Environment 6u21 with JavaFX License Agreement.".
Click on Continue.
Click on the link to download Windows Offline Installation ( jre-6u21-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java version.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u21-windows-i586.exe and select "Run as an Administrator.")

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Step #4

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:

Close any open programs
Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.

3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.

Once the update is complete, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
- Spyware, adware, dialers, and other riskware
- Archives
- E-mail databases
Click on My Computer under the green Scan bar to the left to start the scan.
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
Click View report... at the bottom.
Click the Save report... button.
Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I'd like to see OTL.txt, and the MBAM and Kaspersky logs in your next post

Also tell me if you are still getting redirected.

#5
ghosttomost

Posted 02 October 2010 - 05:47 PM

New Member

Topic Starter
Member
4 posts

Hmm, I was only able to complete step #1. The MBAM link still doesn't work as per the first post, and I can follow the links on the java website until it gets to the .exe where the page doesn't seem to exist. I tried running Kaspersky a couple times on firefox (after I temporarily disabled my avast antivirus real time shields) but every time it couldn't complete. Here's what it says:

Spoiler

I don't seem to be having any other internet problems so I'm not sure why it keeps saying I'm not connected.

Here's the OTL text:

Spoiler

The redirects are just as bad in Chrome and Firefox now. Also, many website get stuck at a loading page, something to do with google-analytics.com

#6
Cold Titanium

Posted 03 October 2010 - 01:12 PM

Trusted Helper

Malware Removal
1,735 posts

Are you using a router? Is it wireless or wired?

Do this step and then try the MBAM, Java, and Kaspersky steps again. Also, tell me if you still get redirects...

Step #1

Unplug the Ethernet cable from the router(if wired).
Located somewhere on the router, you will see a small reset button, please press and hold that for 30 seconds.
Unplug the power from the router for about 30 seconds
Now plug the power and Ethernet back in and login to the router to change the settings back to the way you had them(if you had anything custom set up).
Also, you should set a different password for logging in to the router. Some people leave this password set to default. This may be the reason your router may be infected.

#7
ghosttomost

Posted 03 October 2010 - 04:01 PM

New Member

Topic Starter
Member
4 posts

Definitely not a router problem, reset my router just last week and I haven't heard any complaints from users of the other computers!

I've actually been snooping around, and finally found a mirror download of MBAM from a website that my browser wasn't mysteriously unable to connect to. It found six infected files:

Spoiler

I haven't had any redirects since (and I can now connect with the actual MBAM website!), but I'm not convinced that everything is back to normal.
I'll post an update as soon as I find out!