We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
Firefox redirecting
Lotus-eater
Posts: 10,789 Forumite
in Techie Stuff
I had a problem a couple of weeks ago, when I had Thinkpoint and Malwaredoctor 2, both at the same time, I followed instructions I found on the web and managed to get rid of both, I think.
But it's never been really right, new tabs popping up on Firefox, about the same as this.
http://www.softwaretipsandtricks.com/forum/windows-7/47923-virus-forwarding-different-websites-thinkpoint.html going to the same "going-to-n"
Now I have about the same as this
http://www.bleepingcomputer.com/forums/topic359455.html
where almost all google searches are being redirected to cr0zybaner.com, then on from there.
I'm also still getting popups from the same place, but just randomly, Firefox is also acting very strange, with misdirects and just not opening some pages.
Atm, I have Adaware, Emisoft Anti Malware and Malwarebytes, which I have almost constantly updated and been using, sometimes one of them finds something, but it doesn't seem to sort it. Or it does for a bit then comes back again.
I'm running avast antivirus and this sometimes blocks a popup page, but not always.
I'm not surfing anything dodgy that would explain it, I'm at a bit of a loss tbh and need some help.
But it's never been really right, new tabs popping up on Firefox, about the same as this.
http://www.softwaretipsandtricks.com/forum/windows-7/47923-virus-forwarding-different-websites-thinkpoint.html going to the same "going-to-n"
Now I have about the same as this
http://www.bleepingcomputer.com/forums/topic359455.html
where almost all google searches are being redirected to cr0zybaner.com, then on from there.
I'm also still getting popups from the same place, but just randomly, Firefox is also acting very strange, with misdirects and just not opening some pages.
Atm, I have Adaware, Emisoft Anti Malware and Malwarebytes, which I have almost constantly updated and been using, sometimes one of them finds something, but it doesn't seem to sort it. Or it does for a bit then comes back again.
I'm running avast antivirus and this sometimes blocks a popup page, but not always.
I'm not surfing anything dodgy that would explain it, I'm at a bit of a loss tbh and need some help.
Freedom is not worth having if it does not include the freedom to make mistakes.
0
Comments
-
Give Hitman Pro a try
Hold down the left CTRL-key when you start Hitman Pro and all non-essential processes are terminated, including the malware process.0 -
Please open malwarebytes, goto LOGS and post the WHOLE of the last log
reboot
Download HIJACK THIS (Make sure you click 'DOWNLOAD LATEST VERSION')
http://www.filehippo.com/download_hijackthis/
Click MAIN MENU then DO A SYSTEM SCAN AND SAVE A LOGFILE(Takes seconds) then post the log so we can see whats running
(do NOT do anything else with Hijack but scan and post the FULL log)
If you get a message that you cant write to the hosts file then Press the SHIFT key, and whilst holding it RIGHT CLICK and select RUN AS (admin):idea:0 -
Right OK, thanks, I'll be working on that.Please open malwarebytes, goto LOGS and post the WHOLE of the last log
reboot
Download HIJACK THIS (Make sure you click 'DOWNLOAD LATEST VERSION')
http://www.filehippo.com/download_hijackthis/
Click MAIN MENU then DO A SYSTEM SCAN AND SAVE A LOGFILE(Takes seconds) then post the log so we can see whats running
(do NOT do anything else with Hijack but scan and post the FULL log)
If you get a message that you cant write to the hosts file then Press the SHIFT key, and whilst holding it RIGHT CLICK and select RUN AS (admin)Freedom is not worth having if it does not include the freedom to make mistakes.0 -
Here it is.
I've just run a full scan of Malwarebytes and it found no problems, nothing on the log.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:39:45, on 11/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17091)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Emsisoft Anti-Malware\a2service.exe
C:\Program Files\Emsisoft Anti-Malware\a2guard.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\mshta.exe
C:\WINDOWS\system32\mshta.exe
C:\WINDOWS\system32\mshta.exe
C:\WINDOWS\system32\mshta.exe
C:\WINDOWS\system32\mshta.exe
C:\WINDOWS\system32\mshta.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\mshta.exe
C:\WINDOWS\system32\mshta.exe
C:\WINDOWS\system32\mshta.exe
C:\WINDOWS\system32\mshta.exe
C:\WINDOWS\system32\mshta.exe
C:\WINDOWS\system32\mshta.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\WINDOWS\system32\mshta.exe
C:\WINDOWS\system32\mshta.exe
C:\WINDOWS\system32\mshta.exe
C:\WINDOWS\system32\mshta.exe
C:\WINDOWS\system32\mshta.exe
C:\WINDOWS\system32\mshta.exe
C:\WINDOWS\system32\mshta.exe
C:\WINDOWS\system32\mshta.exe
C:\WINDOWS\system32\mshta.exe
C:\WINDOWS\system32\mshta.exe
C:\WINDOWS\system32\mshta.exe
C:\WINDOWS\system32\mshta.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ycomp/defaults/sp/*http://uk.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://en.uk.acer.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: MHURLSearchHook Class - {1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} - C:\Program Files\Family Toolbar\tbhelper.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MHTBPos00 - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program Files\Family Toolbar\tbcore3.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Family Toolbar - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Family Toolbar\tbcore3.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [a-squared] "C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2guard.exe" /d=60
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Emsisoft Anti-Malware 5.0 - Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\Emsisoft Anti-Malware\a2service.exe
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: eLock Service (eLockService) - - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: getPlus(R) Helper - Unknown owner - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
--
End of file - 8567 bytesFreedom is not worth having if it does not include the freedom to make mistakes.0 -
(sighs)
Please post me the DATABASE VERSION of the last malwarebytes scan you ran:idea:0 -
Your securitys a bit of a mess
AVAST 5 is fine
id uninstall ASQUARED (Its conflicting with avast), ADAWARE (Its conflicting and useless) and Sunbelt Firewall (Its full of holes making it less secure than windows own firewall)
If you must use a 3rd party firewall then COMODO is top of the list:idea:0 -
I'll post the log.(sighs)
Please post me the DATABASE VERSION of the last malwarebytes scan you ran
Malwarebytes' Anti-Malware 1.46
https://www.malwarebytes.org
Database version: 5094
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
11/11/2010 12:05:25
mbam-log-2010-11-11 (12-05-25).txt
Scan type: Full scan (C:\|D:\|)
Objects scanned: 215244
Time elapsed: 1 hour(s), 4 minute(s), 17 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)Freedom is not worth having if it does not include the freedom to make mistakes.0 -
Right I've uninstalled those 3, I installed sunbelt as it was advised here a long time ago, as Asquared was.........and adaware because malwarebytes just wasn't dealing with malware doctor.Your securitys a bit of a mess
AVAST 5 is fine
id uninstall ASQUARED (Its conflicting with avast), ADAWARE (Its conflicting and useless) and Sunbelt Firewall (Its full of holes making it less secure than windows own firewall)
If you must use a 3rd party firewall then COMODO is top of the listFreedom is not worth having if it does not include the freedom to make mistakes.0 -
I've just tried this and it worked a treat, I ran a scan and it picked up a rootkit virus, searched on google and downloaded a program from kaspersky to remove it.Give Hitman Pro a try
Hold down the left CTRL-key when you start Hitman Pro and all non-essential processes are terminated, including the malware process.
Fingers crossed it seems totally back to normal.
Thankyou all. I hope that's it now.
So atm I only have malwarebytes as an anti malware program, I'm going to leave on hitman and it's going to run every time I start up I think.
Is that enough protection?Freedom is not worth having if it does not include the freedom to make mistakes.0 -
HITMAN will cease working after 30 days If I recall:idea:0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 350.1K Banking & Borrowing
- 252.7K Reduce Debt & Boost Income
- 453.1K Spending & Discounts
- 243K Work, Benefits & Business
- 597.4K Mortgages, Homes & Bills
- 176.5K Life & Family
- 256K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards