Don't like the snow? You can make a bookmark with the following text instead of a url: javascript:snowStorm.toggleSnow(). Clicking it will toggle the snow on and off.
Our new Indie Games subforum is now open for business in G&T. Go and check it out, you might land a code for a free game. If you're developing an indie game and want to post about it, follow these directions. If you don't, he'll break your legs! Hahaha! Seriously though.
Our rules have been updated and given their own forum. Go and look at them! They are nice, and there may be new ones that you didn't know about! Hooray for rules! Hooray for The System! Hooray for Conforming!

Malware messing with my browsin'!

Stranger DangerStranger Danger Registered User regular
edited May 2011 in Help / Advice Forum
After a visit to mobafire gave me a goose-ton of malware and spyware, I ran a deep cleaning with my limited knowledge of computers. I managed to get rid of everything but a browser redirector. It keeps changing my google searches and opening new tabs to random sites like stopzilla and b00kmarks. Try as I might, I can't seem to chase this bastard down.

I have run scans with Spybot, Ad-aware, and Malwarebytes but have come up clean. I have also cleaned my registry with ccleaner and re-installed firefox.
Spoiler:


Please help?

Stranger Danger on

Posts

  • ThanatosThanatos Registered User regular
    edited May 2011
    It's probably from a proxy server.

    Open up IE, go into the connection settings, and turn off your proxy server.

    Note: I didn't actually look at your log. Also, I'd tell you exactly how to do it, but my home computer runs XP; sorry.

  • Great ScottGreat Scott Registered User regular
    edited May 2011
    Stranger Danger, try checking your Hosts file - it's possible that there isn't any malware installed (any more), but the text file has aliases for common websites redirecting your machine, causing it to ignore DNS.

    Check the contents of the (plain text) Hosts file located in C:\Windows\System32\Drivers\Etc

    If there are any strange entries you can remove them. Also, the file isn't needed for Windows to function - you could simply delete it. Note that this is a system protected file, so you might need to be in administrative mode to change it. It might be simpler to rename the file to HOSTS.OLD so it won't be read.

    I'm unique. Just like everyone else.
  • deadonthestreetdeadonthestreet Registered User regular
    edited May 2011
    Network and Sharing Center->Internet Options->Advanced->Restore Advanced Settings and Reset.

    This will basically reset every internet setting that isn't tied to Firefox back to Windows default and solves a ton of issues.

  • Stranger DangerStranger Danger Registered User regular
    edited May 2011
    I should mention that I always use firefox and never IE
    It's probably from a proxy server.

    Open up IE, go into the connection settings, and turn off your proxy server.

    Note: I didn't actually look at your log. Also, I'd tell you exactly how to do it, but my home computer runs XP; sorry.

    I don't think I have a proxy server. I tried going into IE but didn't see an option for that in the connection settings.
    Stranger Danger, try checking your Hosts file - it's possible that there isn't any malware installed (any more), but the text file has aliases for common websites redirecting your machine, causing it to ignore DNS.

    Check the contents of the (plain text) Hosts file located in C:\Windows\System32\Drivers\Etc

    If there are any strange entries you can remove them. Also, the file isn't needed for Windows to function - you could simply delete it. Note that this is a system protected file, so you might need to be in administrative mode to change it. It might be simpler to rename the file to HOSTS.OLD so it won't be read.

    I changed the file name but it did not fix it.
    Network and Sharing Center->Internet Options->Advanced->Restore Advanced Settings and Reset.

    This will basically reset every internet setting that isn't tied to Firefox back to Windows default and solves a ton of issues.

    I tried this but it did not fix the problem, sadly.

  • Great ScottGreat Scott Registered User regular
    edited May 2011
    By process of elimination, this seems to be some sort of issue with Firefox itself.

    I would first double-check to make sure that other browsers aren't affected. Once you're sure the problem is Firefox-specific, save all your bookmarks and other Firefox settings.

    After that, uninstall Firefox and then remove any remaining folders (both in Program Files/Program Files (x86) and C:\Users\<username>\AppData\Roaming).

    Reinstall Firefox and restore your bookmarks.

    I say this because something similar infected my Opera browser and the only solution was a complete re-install.

    I'm unique. Just like everyone else.
  • Stranger DangerStranger Danger Registered User regular
    edited May 2011
    After some experimentation, it appears to be effecting IE as well as Firefox.

    I ran Trend's Rootkit Buster. Here's the logs:
    Spoiler:

  • Great ScottGreat Scott Registered User regular
    edited May 2011
    This is a long shot here but you're getting redirected and it's not a system problem (as far as we can tell).

    Maybe try checking and/or changing your DNS servers? Go to Network and Sharing Center, Change Adapter Settings (from the left bar), right-click Local Area Connection, choose Properties. Select "Internet Protocol Version 4" and click the Properties button.

    Check that your DNS servers listed make sense (they possibly shouldn't be set at all, depending on your DHCP settings).

    If you aren't sure, try selecting the radio button "Use the following DNS server addresses" and putting in Google's servers (which are 8.8.4.4 and 8.8.8.8).

    Note: this will mean that Google knows all the site lookups your PC is doing. Of course, this is probably preferable to your ISP knowing where you are going...

    I'm unique. Just like everyone else.
  • Hahnsoo1Hahnsoo1 Registered User regular
    edited May 2011
    What is this file in your Hijack This log? Do you recognize it?:

    C:\Users\Matt\Local Settings\Apps\F.lux\flux.exe

    EDIT: The reason it looks suspicious to me is because it's running out of your Local Settings\Apps\ directory.

    Steam ID: Hahnsoo, Steam Name currently: Hahnsopolis | PSN: Hahnsoo | Monster Hunter Tri: Hahnsoo, E8HJCA
  • Stranger DangerStranger Danger Registered User regular
    edited May 2011
    This is a long shot here but you're getting redirected and it's not a system problem (as far as we can tell).

    Maybe try checking and/or changing your DNS servers? Go to Network and Sharing Center, Change Adapter Settings (from the left bar), right-click Local Area Connection, choose Properties. Select "Internet Protocol Version 4" and click the Properties button.

    Check that your DNS servers listed make sense (they possibly shouldn't be set at all, depending on your DHCP settings).

    If you aren't sure, try selecting the radio button "Use the following DNS server addresses" and putting in Google's servers (which are 8.8.4.4 and 8.8.8.8).

    Tried out your advice, but I'm still getting redirected.
    What is this file in your Hijack This log? Do you recognize it?:

    C:\Users\Matt\Local Settings\Apps\F.lux\flux.exe

    EDIT: The reason it looks suspicious to me is because it's running out of your Local Settings\Apps\ directory.

    It's a familiar program, one that's been on my machine for years and caused no problems.

  • Stranger DangerStranger Danger Registered User regular
    edited May 2011
    Problem solved! It was a nasty rootkit called TDL4 or ambrosia or something like that. After going through a dozen different programs I finally managed to remove it.

    I'd like to thank everyone who contributed to this thread.

    Feel free to lock this one mods!

This discussion has been closed.