Area 51 Area 51 Forum Index FAQ Search Memberlist Usergroups Profile Register Log in to check your private messages Log in

Bookmark this site!
Your thoughts. . .

 
Post new topic   Reply to topic    Area 51 Forum Index -> Help Me!!
View previous topic :: View next topic  
Author Message
aalpha
Nicest Guy In The Universe/Site Admin
Nicest Guy In The Universe/Site Admin


Joined: 17 Oct 2005
Posts: 8399
Location: Where ever you need me I'll be there. Whatever you need done I'll do it. Made in the USA.

PostPosted: Sun Mar 27, 2011 4:51 am    Post subject: Your thoughts. . . Reply with quote

OK, I've scanned every bit of my PC that can be scanned and got rid of several trojans and bou-coodles of malware stuffs and my google searches in firefox are still getting redirected to shitass search pages and or Google itself

I did a restore point too. still no luck.


Your thoughts. . . .
_________________



Back to top
View user's profile Send private message MSN Messenger
stalker
Forum Champion


Joined: 08 Jan 2009
Posts: 1618
Location: UK

PostPosted: Sun Mar 27, 2011 11:22 am    Post subject: Reply with quote

try running firefox with no add-ins, if still happens must be something external to the browser,
check nothing added to your hosts file and the DNS is still pointing to the correct servers.

if still bad, then you must still have some malware, probably something root-kit ish to not be picked up by a scan.. - do an off-line virus scan, booted from a CD or memory stick etc.. (you can download live-cds to do scans from many anti-virus vendors for free, or if you have nod32 that can create a bootable USB stick to do an off-line scan)..
Back to top
View user's profile Send private message
aalpha
Nicest Guy In The Universe/Site Admin
Nicest Guy In The Universe/Site Admin


Joined: 17 Oct 2005
Posts: 8399
Location: Where ever you need me I'll be there. Whatever you need done I'll do it. Made in the USA.

PostPosted: Sun Mar 27, 2011 7:34 pm    Post subject: Reply with quote

***Never mind, I went with the edited host file and it failed. Back to the scanning. . . .OK, what failed was I still get redirected, the browser works if I copy the link location and paste it into the URL bar but if I click the link - off to some shitass site I don't want. I've also now discovered if firefox sits idle for a bit it automatically opens a new tab with a shitass site in it.

I found the host file and it does appear suspicious. I renamed the host file so I could delete the odd looking stuff but when I tried to "create" a new host file without the questionable stuff, Notepad saved it as Text Document whereas the original, even with the new name (zhosts) and others you see in the screen shot are all describes as "File"

what do you think of the content of my original hosts file





Here's the directory list with my editing. Will the host file as a text document work with just the top two lines and nothing else?



_________________



Back to top
View user's profile Send private message MSN Messenger
stalker
Forum Champion


Joined: 08 Jan 2009
Posts: 1618
Location: UK

PostPosted: Sun Mar 27, 2011 8:08 pm    Post subject: Reply with quote

the entries in your hostfile are probably OK, they point to 127.0.0.1 so probably a piece of anti-malware software put them there (you would only need worry if they were legitimate sites that you wanted to go to).

Sounds like you still have some nasty malware on your system for sure.

Is it just firefox affected, or do the nasty re-directs happen in IE or Chrome too?
Back to top
View user's profile Send private message
aalpha
Nicest Guy In The Universe/Site Admin
Nicest Guy In The Universe/Site Admin


Joined: 17 Oct 2005
Posts: 8399
Location: Where ever you need me I'll be there. Whatever you need done I'll do it. Made in the USA.

PostPosted: Mon Mar 28, 2011 3:17 am    Post subject: Reply with quote

Yeah, the redirects are in IE too, don't have chrome.

Have you ever heard of AVS4YOU. It's a software suite of utilities for converting/editing music, video, creating disks, registry cleaners just a whole host of stuff.

I downloaded a couple of the video/music utilities and thought they may be at the root of everything. They're gone now but the problem is still here.

In fact I just went to their site in another window, not tab, to be sure about the url, a few seconds back into this window and my post gets interrupted by FireFox opening a new tab to some sort of bookmarks site featuring, wait for it, ASV4YOU stuffs.

My Vipre antivirus didn't seem to like AVS4YOU much either. Vipre is suppose to run in the background and use so little resources you don't know it's there.

I know it's there now because for 2 the least little activity will make it use 65-99% of my CPU.

It's late now - I'll look into more stuff tomorrow. I need to go back and see if Vipre is any good at removing malware or what. It's suppose to be darn good at finding rootkits and viruses - que sera sera.
_________________



Back to top
View user's profile Send private message MSN Messenger
stalker
Forum Champion


Joined: 08 Jan 2009
Posts: 1618
Location: UK

PostPosted: Mon Mar 28, 2011 8:03 am    Post subject: Reply with quote

the free microsoft anti-virus I've found to be particularly good at getting rid of malware - worth installing that and giving it a full scan:

http://www.microsoft.com/security_essentials/

..From what I can see from a quick google, AVS4YOU is probably not the cause..
Back to top
View user's profile Send private message
aalpha
Nicest Guy In The Universe/Site Admin
Nicest Guy In The Universe/Site Admin


Joined: 17 Oct 2005
Posts: 8399
Location: Where ever you need me I'll be there. Whatever you need done I'll do it. Made in the USA.

PostPosted: Mon Mar 28, 2011 3:09 pm    Post subject: Reply with quote

Yeah, all I found was good stuff about AVS4YOU. I'll do the scanner you linked to and see how it goes.

Is it not in the genetic code of the good guys to write some sort of code that would identify which exact site a virus or malware code was precisely contracted?

If I had hacker/cracker skills I'd see if I couldn't ferret out some of these sources and try changing their voltage settings from afar and give them sparks to eat.

I know, some sites are prob hijacked as hosts but dogs don't ask to be infected with rabies but we have to put them down when they do. I'm just saying. . . . .
_________________



Back to top
View user's profile Send private message MSN Messenger
aalpha
Nicest Guy In The Universe/Site Admin
Nicest Guy In The Universe/Site Admin


Joined: 17 Oct 2005
Posts: 8399
Location: Where ever you need me I'll be there. Whatever you need done I'll do it. Made in the USA.

PostPosted: Wed Mar 30, 2011 1:11 am    Post subject: Reply with quote

So far so good. (taps head to knock on wood)

I had to buy a malware detection utility - this one lets you submit a report if the intrusion persists wherein they write an approach tailored for what you need. Not sure how that all works but after two reports I'm able to click the links in a search results page and not get redirected.

Don't know where that bugger came from - hope it's really really gone.

Thanks for your input Stalker. Very Happy
_________________



Back to top
View user's profile Send private message MSN Messenger
Display posts from previous:   
Post new topic   Reply to topic    Area 51 Forum Index -> Help Me!! All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2002 phpBB Group
Effex-Media Web Resources
Design by SkaidonDesigns | Distributed by Olate
 
Create your own free forum now!
Terms of Service Purchase Ad Removal Forum Archive Report Abuse