We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
Shopodo Shopping Browser Hijacker
Truegho
Posts: 838 Forumite
in Techie Stuff
My Firefox browser keeps getting redirected to a shopping site called Shopodo each time I type in a search in Google. Have tried to eliminate by using AntiMalware Byte, Spybot and Ad Aware, but still no joy. Have even deleted the cookies I think are responsible (should I have deleted ALL cookies?), but i still can't eradicate this accursed Shopodo screen.
Can anybody help me?
Can anybody help me?
0
Comments
-
Coupled with your other topic, at a guess you have the TDSS rootkit.
Download this and save it to your desktop.
http://public.avast.com/~gmerek/aswMBR.exe
When you've downloaded it...- Double click aswMBR.exe to run it (XP), or right click & choose "Run as Administrator" (Vista, Win7)
Click No to the prompt to download Avast! virus definitions.- Click the Scan button.
- When the scan reports "Scan finished successfully", click Save log & save the log to your desktop.
- Click OK when prompted. aswMBR.txt & MBR.dat will be appear on your desktop.
- Click EXIT.
- Copy & paste the contents of aswMBR.txt here.
0 -
I am now in the process of downloading the Avast link you recommended. It is taking ages to complete.Coupled with your other topic, at a guess you have the TDSS rootkit.
Download this and save it to your desktop.
http://public.avast.com/~gmerek/aswMBR.exe
When you've downloaded it...- Double click aswMBR.exe to run it (XP), or right click & choose "Run as Administrator" (Vista, Win7)
Click No to the prompt to download Avast! virus definitions.- Click the Scan button.
- When the scan reports "Scan finished successfully", click Save log & save the log to your desktop.
- Click OK when prompted. aswMBR.txt & MBR.dat will be appear on your desktop.
- Click EXIT.
- Copy & paste the contents of aswMBR.txt here.
0 -
The download or the scan? Do you have Avast installed? If so it'll do a scan with quick scan with Avast's definitions too.0
-
I'll be offline for a few hours from now. I'll be back around 5 tonight unless someone else is able help you based on the log output in the meantime. Depending on what's returned it may be that Kaspersky's TDSSKiller is required to fix it.0
-
It's finally finished downloading the virus definitions and is now scanning.
This Shopodo browser hijacker is a right pain the backside. Don't know many scans I have done with my spyware to try and get rid of it!The download or the scan? Do you have Avast installed? If so it'll do a scan with quick scan with Avast's definitions too.0 -
It's finally finished downloading the virus definitions and is now scanning.
I did say:Click No to the prompt to download Avast! virus definitions
But as I said, if Avast is installed it'll offer you the option to run a quick AV scan. You can cancel this by choosing (none...) from the drop down box - Have to dash!0 -
Coupled with your other topic, at a guess you have the TDSS rootkit.
Download this and save it to your desktop.
http://public.avast.com/~gmerek/aswMBR.exe
When you've downloaded it...- Double click aswMBR.exe to run it (XP), or right click & choose "Run as Administrator" (Vista, Win7)
Click No to the prompt to download Avast! virus definitions.- Click the Scan button.
- When the scan reports "Scan finished successfully", click Save log & save the log to your desktop.
- Click OK when prompted. aswMBR.txt & MBR.dat will be appear on your desktop.
- Click EXIT.
- Copy & paste the contents of aswMBR.txt here.
Right, here's the log:
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-10-14 12:55:24
12:55:24.419 OS Version: Windows x64 6.1.7600
12:55:24.419 Number of processors: 2 586 0x170A
12:55:24.419 ComputerName: HOME UserName: Alan
12:55:26.541 Initialize success
13:14:10.930 AVAST engine defs: 11101400
13:19:32.409 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
13:19:32.409 Disk 0 Vendor: Hitachi_ PB3O Size: 305245MB BusType: 3
13:19:32.424 Disk 0 MBR read successfully
13:19:32.424 Disk 0 MBR scan
13:19:32.440 Disk 0 Windows 7 default MBR code
13:19:32.440 Service scanning
13:19:39.039 Modules scanning
13:19:39.039 Disk 0 trace - called modules:
13:19:39.070 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
13:19:39.070 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003225790]
13:19:39.085 3 CLASSPNP.SYS[fffff88001a7a43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80024e3050]
13:19:39.850 AVAST engine scan C:\Windows
13:19:42.112 AVAST engine scan C:\Windows\system32
13:19:51.097 File: C:\Windows\system32\consrv.dll **INFECTED** Win32:Malware-gen
13:21:24.386 AVAST engine scan C:\Windows\system32\drivers
13:21:32.700 AVAST engine scan C:\Users\Alan
13:21:38.129 File: C:\Users\Alan\AppData\Local\FLVService\lib\FLVSrvLib.dll **INFECTED** Win32:Ramnit-H
13:21:39.206 File: C:\Users\Alan\AppData\Local\Google\Google AdWords Editor\adwords_editor.exe **INFECTED** Win32:Ramnit-H
13:21:40.984 File: C:\Users\Alan\AppData\Local\Google\Google AdWords Editor\components\ape.dll **INFECTED** Win32:Ramnit-H
13:21:41.405 File: C:\Users\Alan\AppData\Local\Google\Google AdWords Editor\libeay32.dll **INFECTED** Win32:Ramnit-H
13:21:41.468 File: C:\Users\Alan\AppData\Local\Google\Google AdWords Editor\libssl32.dll **INFECTED** Win32:Ramnit-H
13:21:42.294 File: C:\Users\Alan\AppData\Local\Google\Google AdWords Editor\xulrunner\AccessibleMarshal.dll **INFECTED** Win32:Ramnit-H
13:21:47.583 File: C:\Users\Alan\AppData\Local\Google\Google AdWords Editor\xulrunner\crashreporter.exe **INFECTED** Win32:Ramnit-H
13:21:48.550 File: C:\Users\Alan\AppData\Local\Google\Google AdWords Editor\xulrunner\freebl3.dll **INFECTED** Win32:Ramnit-H
13:21:48.706 File: C:\Users\Alan\AppData\Local\Google\Google AdWords Editor\xulrunner\IA2Marshal.dll **INFECTED** Win32:Ramnit-H
13:21:48.847 File: C:\Users\Alan\AppData\Local\Google\Google AdWords Editor\xulrunner\js3250.dll **INFECTED** Win32:Ramnit-H
13:21:48.971 File: C:\Users\Alan\AppData\Local\Google\Google AdWords Editor\xulrunner\mangle.exe **INFECTED** Win32:PrefPoly [Cryp]
13:21:49.408 File: C:\Users\Alan\AppData\Local\Google\Google AdWords Editor\xulrunner\mozctl.dll **INFECTED** Win32:Ramnit-H
13:21:49.486 File: C:\Users\Alan\AppData\Local\Google\Google AdWords Editor\xulrunner\mozctlx.dll **INFECTED** Win32:Ramnit-H
13:21:49.720 File: C:\Users\Alan\AppData\Local\Google\Google AdWords Editor\xulrunner\nspr4.dll **INFECTED** Win32:Ramnit-H
13:21:49.876 File: C:\Users\Alan\AppData\Local\Google\Google AdWords Editor\xulrunner\nss3.dll **INFECTED** Win32:Ramnit-H
13:21:50.001 File: C:\Users\Alan\AppData\Local\Google\Google AdWords Editor\xulrunner\nssckbi.dll **INFECTED** Win32:Ramnit-H
13:21:50.095 File: C:\Users\Alan\AppData\Local\Google\Google AdWords Editor\xulrunner\nssdbm3.dll **INFECTED** Win32:Ramnit-H
13:21:50.188 File: C:\Users\Alan\AppData\Local\Google\Google AdWords Editor\xulrunner\nssutil3.dll **INFECTED** Win32:Ramnit-H
13:21:50.313 File: C:\Users\Alan\AppData\Local\Google\Google AdWords Editor\xulrunner\plc4.dll **INFECTED** Win32:Ramnit-H
13:21:50.407 File: C:\Users\Alan\AppData\Local\Google\Google AdWords Editor\xulrunner\plds4.dll **INFECTED** Win32:Ramnit-H
13:21:50.547 File: C:\Users\Alan\AppData\Local\Google\Google AdWords Editor\xulrunner\plugins\npnul32.dll **INFECTED** Win32:Ramnit-H
13:21:52.123 File: C:\Users\Alan\AppData\Local\Google\Google AdWords Editor\xulrunner\shlibsign.exe **INFECTED** Win32:PrefPoly [Cryp]
13:21:52.216 File: C:\Users\Alan\AppData\Local\Google\Google AdWords Editor\xulrunner\smime3.dll **INFECTED** Win32:Ramnit-G
13:21:52.341 File: C:\Users\Alan\AppData\Local\Google\Google AdWords Editor\xulrunner\softokn3.dll **INFECTED** Win32:Ramnit-H
13:21:52.497 File: C:\Users\Alan\AppData\Local\Google\Google AdWords Editor\xulrunner\sqlite3.dll **INFECTED** Win32:Ramnit-H
13:21:52.669 File: C:\Users\Alan\AppData\Local\Google\Google AdWords Editor\xulrunner\ssl3.dll **INFECTED** Win32:Ramnit-H
13:21:53.277 File: C:\Users\Alan\AppData\Local\Google\Google AdWords Editor\xulrunner\ssltunnel.exe **INFECTED** Win32:Ramnit-H
13:21:53.355 File: C:\Users\Alan\AppData\Local\Google\Google AdWords Editor\xulrunner\xpcom.dll **INFECTED** Win32:Ramnit-H
13:21:53.449 File: C:\Users\Alan\AppData\Local\Google\Google AdWords Editor\xulrunner\xpcshell.exe **INFECTED** Win32:Ramnit-H
13:21:54.057 File: C:\Users\Alan\AppData\Local\Google\Google AdWords Editor\xulrunner\xpidl.exe **INFECTED** Win32:Ramnit-H
13:21:54.135 File: C:\Users\Alan\AppData\Local\Google\Google AdWords Editor\xulrunner\xpt_dump.exe **INFECTED** Win32:Ramnit-H
13:21:54.728 File: C:\Users\Alan\AppData\Local\Google\Google AdWords Editor\xulrunner\xpt_link.exe **INFECTED** Win32:Ramnit-H
13:21:54.837 File: C:\Users\Alan\AppData\Local\Google\Google AdWords Editor\xulrunner\xulrunner-stub.exe **INFECTED** Win32:Ramnit-H
13:21:55.461 File: C:\Users\Alan\AppData\Local\Google\Google AdWords Editor\xulrunner\xulrunner.exe **INFECTED** Win32:Ramnit-H
13:22:58.641 File: C:\Users\Alan\AppData\Local\Yahoo!\BrowserPlus\Corelets\FileAccess\1.0.11\FileAccess.dll **INFECTED** Win32:Ramnit-H
13:22:58.859 File: C:\Users\Alan\AppData\Local\Yahoo!\BrowserPlus\Corelets\Notify\2.0.16\BPAlertCenter.dll **INFECTED** Win32:Ramnit-H
13:22:58.969 File: C:\Users\Alan\AppData\Local\Yahoo!\BrowserPlus\Corelets\Notify\2.0.16\Notify.dll **INFECTED** Win32:Ramnit-H
13:22:59.499 File: C:\Users\Alan\AppData\Local\Yahoo!\BrowserPlus\Corelets\Uploader\3.2.12\Uploader.dll **INFECTED** Win32:Ramnit-H
13:23:19.061 File: C:\Users\Alan\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5926269f-n\jmc.dll **INFECTED** Win32:Ramnit-H
13:23:19.186 File: C:\Users\Alan\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5926269f-n\msvcp71.dll **INFECTED** Win32:Ramnit-H
13:23:19.311 File: C:\Users\Alan\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5926269f-n\msvcr71.dll **INFECTED** Win32:Ramnit-G
13:23:19.498 File: C:\Users\Alan\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-768e42a2-n\decora-d3d.dll **INFECTED** Win32:Ramnit-H
13:23:19.592 File: C:\Users\Alan\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-768e42a2-n\decora-sse.dll **INFECTED** Win32:Ramnit-H
13:23:20.169 File: C:\Users\Alan\AppData\Roaming\5032\components\AcroFF5.dll **INFECTED** Win32:Ramnit-H
13:23:20.263 File: C:\Users\Alan\AppData\Roaming\5032\components\AcroFF6.dll **INFECTED** Win32:Ramnit-H
13:23:20.372 File: C:\Users\Alan\AppData\Roaming\5032\components\AcroFF7.dll **INFECTED** Win32:Ramnit-H
13:23:31.541 File: C:\Users\Alan\AppData\Roaming\Microsoft\Installer\{01C09D67-BE24-43C6-9C4A-060394517B09}\nn2app.exe1_3889B1E86C824EC6911F272573FA4B07.exe **INFECTED** Win32:PrefPoly [Cryp]
13:23:31.604 File: C:\Users\Alan\AppData\Roaming\Microsoft\Installer\{01C09D67-BE24-43C6-9C4A-060394517B09}\nn2app.exe_7A4D7D74802B47F386292775DC533917.exe **INFECTED** Win32:PrefPoly [Cryp]
13:23:47.688 File: C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\54tlgw77.default\extensions\engine@conduit.com\components\FFExternalAlert.dll **INFECTED** Win32:Ramnit-G
13:23:47.750 File: C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\54tlgw77.default\extensions\engine@conduit.com\components\RadioWMPCore.dll **INFECTED** Win32:Ramnit-G
13:23:48.468 File: C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\54tlgw77.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\FFExternalAlert.dll **INFECTED** Win32:Ramnit-G
13:23:48.546 File: C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\54tlgw77.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCore.dll **INFECTED** Win32:Ramnit-G
13:23:50.293 File: C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\54tlgw77.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff4.dll **INFECTED** Win32:Ramnit-G
13:27:05.309 File: C:\Users\Alan\Desktop\WRITING STUFF\newnovelist.cnt.exe **INFECTED** Win32:PrefPoly [Cryp]
13:27:42.062 AVAST engine scan C:\ProgramData
13:34:02.173 File: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll **INFECTED** Win32:Ramnit-H
13:34:02.438 File: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll **INFECTED** Win32:Ramnit-H
13:34:02.516 File: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll **INFECTED** Win32:Ramnit-G
13:34:02.656 File: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll **INFECTED** Win32:Ramnit-H
13:34:02.734 File: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll **INFECTED** Win32:Ramnit-H
13:34:02.797 File: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll **INFECTED** Win32:Ramnit-H
13:34:02.859 File: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll **INFECTED** Win32:Ramnit-H
13:34:10.269 Scan finished successfully
13:39:46.374 Disk 0 MBR has been saved successfully to "C:\Users\Alan\Desktop\MBR.dat"
13:39:46.389 The log file has been saved successfully to "C:\Users\Alan\Desktop\aswMBR.txt"
So, how do I get rid this nuisance spyware Shopodo then?0 -
reinstall windows.!!
> . !!!! ----> .0 -
Agreed.
reinstall windows.
You have a rootkit (ZeroAccess) & a file infector (Win32/Ramnit).
http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3aWin64%2fSirefef.B
http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Win32/RamnitWin32/Ramnit is a family of multi-component malware that infects Windows executable files, Microsoft Office files and HTML files. Win32/Ramnit spreads to removable drives, steals sensitive information such as saved FTP credentials and browser cookies. The malware may also open a backdoor to await instructions from a remote attacker.
The quickest and best way to deal with this is to backup your personal data (photo's, music etc) and then format & reinstall.0 -
Oh noooo! I HATE having to reformat my disc.
Is there no way I can reinstall Windows without having to format my laptop drive?Agreed.
You have a rootkit (ZeroAccess) & a file infector (Win32/Ramnit).
http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3aWin64%2fSirefef.B
http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Win32/Ramnit
The quickest and best way to deal with this is to backup your personal data (photo's, music etc) and then format & reinstall.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 349.8K Banking & Borrowing
- 252.6K Reduce Debt & Boost Income
- 453K Spending & Discounts
- 242.7K Work, Benefits & Business
- 619.5K Mortgages, Homes & Bills
- 176.3K Life & Family
- 255.6K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 15.1K Coronavirus Support Boards