TechSpot

Browser Search Results re-direct links

By rwgreen1173
Dec 22, 2008
  1. Winows XP SP2
    I think I have a bad one here...
    I search in Internet Explorer 6 or 7 and get a list of results.
    Then I hover over the links and I see go.google something... but when I click on the link it get re-directed to something like

    So I am booting with only the absolute essential processes..
    Also I started findind and deleting some malaware in my windows/system32 directory..
    and my local files and application data directories.. but nothing is fixing the browser problem..

    Additionally, when I type in a browser some useful sites are blocked all together. And sites to download some virus fighting software are blocked too. Finally some virus software can't even launch.. For instance Malwarebytes will not run... SpyBot will not run. ... SuperAntispy will not install...

    The only way I could even install Malware was to rename the setup file..
    So all I have is HiJackThis log..

    I did run CCCLeaner...
    I had to rename hijack this to find some files...
    I tried deleting those file with killbox...


    Can anyone help me?
     
  2. rwgreen1173

    rwgreen1173 TS Rookie Topic Starter

    I guess I am doing something wrong... in my post.. ? I have tried many many things... any one have any advice?
     
  3. raybay

    raybay TS Evangelist Posts: 7,241   +9

    You should run MalwareBytes, SuperAntiSpyware, Windows Defender, Avira Antivirus or Avast, and your other security in both regular mode and SAFE MODE... or use a good paid program such as Spy Sweeper or Spyware Doctor, and Kaspersky. Run full scans.
    Some bad infestations can be removed, but immediately hide in memory, and become reinstalled when you reboot. This is why it can be helpful to scan, then immediately shutdown, and cold boot to SAFE MODE, then scan everything again, removing or quarantine anything found. Then immediately scan them again. Then run Windows disk install in "repair" mode.
    I do not see the infestation.
    I see that you are running a Dell with Adaware, Spybot, Online Armor, Spyware Doctor, Super AntiSpyware, MalwareBytes, CCleaner, and Killbox.
    I would remove Spybot. It does nothing useful and TeaTimer causes many new problems.
    Then tell us what errors, or what infestations are being found.
    It may be that you simply need to do a clean install with your Dell restore disks.
     
  4. rwgreen1173

    rwgreen1173 TS Rookie Topic Starter

    I can't run MalwareBytes, SuperAntiSpyware or SpySweeper in normal or safe mode. I ran Avira.
    It keep hiding my folder options settings, so I have been adding the registery key manually. Also keep getting boot problems..
    have uninstalled spybot... Should I allow windows to to startup normally with all the process I have blocked?
    Also many websites are blocked...
     
  5. raybay

    raybay TS Evangelist Posts: 7,241   +9

    The problem does not seem to be one of infestations, but they way you use security.
    Any chance you can do a new install and start over. It would be perhaps the simplest way to get things back to normal.
    Most users do just fine with normal windows, nothing blocked, then something like you have: Adaware, Windows Defender, MalwareBytes, SuperAntiSpyware, Avira Antiviurs, and CCleaner. or any other set such as SpySweeper Plus Kaspersky.
    We have three shops with hundreds of active users. Are you going someplace online too dangerouse for these simple approaches?
    I would not block Windows anything. You end up with everything out of kelter, and then images, animations, and normal processes get blocked.
    Have you really been damaged by some previous event or invasion?
     
  6. raybay

    raybay TS Evangelist Posts: 7,241   +9

    Also, I would not use PC Tools in addition to the above... just one or the other. The PC Tools Firewall may be part of your problem.
     
  7. rwgreen1173

    rwgreen1173 TS Rookie Topic Starter

    I installed all this stuff to try and get rid of the initial problem. I have uninstalled SPyBot and ran AntiVir in both normal and safe mode.. It found a few virus and I quantined and re-ran...and it found it again.. and then I deleted it...
    (TR/Crypt.XPACK.Gen)
    Attached is my hj file.
     
  8. rwgreen1173

    rwgreen1173 TS Rookie Topic Starter

    This is my AVSSCAN. I think this keeps coming back even after running in safe mode.
     
  9. raybay

    raybay TS Evangelist Posts: 7,241   +9

    Wow! So you have these three infestations:
    "TR/Crypt.XPACK.Gen Trojan
    CFaprok.exe.exe
    TR/Agentbypass.2885687K Trojan"

    Try this. It usually works:

    Too bad. Avira Antivirus will usually remove that set of three that you have:

    TR/Crypt.XPACK.Gen Trojan
    CFaprok.exe.exe
    TR/Agentbypass.2885687K Trojan


    Try this. Use a different browser. Not Internet Explorer or Firefox. Download Google Chrome, Safari, or Opera, and use them until the problem is resolved.

    Then disable, temporarily, System Restore... or even remove all the system restore files you have previously save.

    Update your Avira Antivir definitions, as well as superantispy and MalwareBytes


    Now, run your system scans, while cleaning and deleting all TR/Crypt.XPACK.Gen Trojan, CFaprok.exe.exe, and TR/Agentbypass.2885687K Trojan.
    Delete or Modify any values added to the registry.
    Navigate to the subkey and delete the values.

    Plug in your favorite USB flash drive.

    Run: http://housecall.trendmicro.com/ and permit it to fix whatever it finds.

    Delete all IE temp files or search for, and download, ATF temp files cleaner to run another complete cleaning.

    Restart your computer.

    You should now be able to remove TR/Crypt.XPACK.Gen.

    Now use ComboFix. Search for, and download the latest version.

    Run from here :C:\Documents and Settings\owner\Desktop\ComboFix.exe
    (if not familiar with ComboFix.exe, do a Gurgle search and read up.)

    You will find that you have: * Created a new restore point


    Now run Antivir, MalWareBytes, and SuperAntiSpyware, and a downloaded scan of Spyware Doctor. The Spyware Doctor scan will not repair the issue unless you pay, but it will tell you if there is anything remaining.

    If successful, as I suspect, they will find nothing.

    If still a problem, do a Gurgle search for each of those three infestations: TR/Crypt.XPACK.Gen Trojan
    CFaprok.exe.exe
    TR/Agentbypass.2885687K Trojan
    and try again with the recommended tools you find listed.


    Once it is repeatedly clean in your scans, run a new System Restore

    Good luck. Let us know what happens
     
  10. rwgreen1173

    rwgreen1173 TS Rookie Topic Starter

    0. I have been using K-Melon... also tried Firefox and still can not access some websites.
    Also, I am running Online Armor..
    Also, have renamed Hijack this to ensure that it coud run
    1. Disabled System Restore and removed restore points.
    2. Updated Avira AntiVir and Ran Scan Again.
    3. - Can not Run Malware or AuperAntispy.. In normal or safe mode (Even after renaming executable)
    4. AntiVir - Deleted TR/Crypt.Xpack.Gen (It keeps deleting c:Arkxx.tmp and then re-creating)
    5. Could not find any registery values to delete (Manually ?)
    6. Plugged in USB Drive... then what?
    7. Could not access this site http://housecall.trendmicro.com/
    8. Used ATF to delete all
    9. Used CCCleaner Again to Delete all IE temp files.
    10. Used KillBox to delte ARK files on reboot
    11. I re-ran Avira - Just found some in Recycle and KillBox (So I manually deleted)
    12. Tried to run ComboFix and I just got the hour glass.. Even tried renaming and nothing.

    Attached are me new AVSScan and Hijacklog
     
  11. raybay

    raybay TS Evangelist Posts: 7,241   +9

    This is amazing. Could there also be something wrong with your hardware... How much memory do you have? How old is the hard drive and what size, as well as how much free space? If you have 17% or less free space, that could be encouraging the problem - SATA or PATA-EIDE?. What is the brand and model of motherboard ? And who is your Internet provider?
    I would not waste more time unless you just want to learn from the battles you have been waging.
    Do your downloads include a lot of images or is it free music sites... do any other friends have the problems you describe on your machine.

    We would start fresh with a new hard drive and see how things install.

    We can see why you would be frustrated, because you don't even have normal infestations.

    We would first like to see a report of your HiJack This scan... using the very latest "HiJack This" download.

    Renaming is not a good option.

    It doesn't appear that you have followed our suggestions? Are you not able to perform those downloads? If not, download to another clean machine and bring them across on a USB drive or CD.

    We do this stuff all day long with heavily infested machines without the problems that continue to happen on your unit. Is it possible that you have removed parts of Windows that are needed?

    One download to try if you can get it on another machine is a simple Registry Editor... Reg Clean... available on www.majorgeeks.com... called RegCleaner. It is found under the Registry heading. This will enable you to remove software in the registry that you find suspect. It is free, and helps in understanding the setup... It will not cure the problem, but will give you tools to start doing that.
     
  12. rwgreen1173

    rwgreen1173 TS Rookie Topic Starter

    I think I did it... jeeze.. this was like a 5 day ordeal.

    I think the problem was some of the process or something I had blocked in my system startup.. but I finally ran everything and well, everything seems alot better. I didn't want to launch IE yet though.. until I got a clean bill of health from you guys...

    Can someone take a quick look at these log files and let me know if I am all clean?
     
  13. raybay

    raybay TS Evangelist Posts: 7,241   +9

    You still show some worrisom stuff in MalwareBytes and SuperAntispyware.
    Can you again try to run those two from a cold SAFE MODE boot. If they are gone there on the re-test, you may finally be ok.
    But I would still download and run the Spyware Doctor Free Scan... It will not remove anything, but it is very good at reporting if anything is still there...
     
  14. rwgreen1173

    rwgreen1173 TS Rookie Topic Starter

    ReRan malware and SuperSpy in Both safe and than normal mode, attached logs.. also ran another hijack and attached...
     
  15. raybay

    raybay TS Evangelist Posts: 7,241   +9

    You are looking good, now.
    Are the problems you described gone?
    Have you run your windows install disk in Repair mode to patch any damage?
    If you are still having troubles, your only sensible choice is a clean, fresh install... hopefully to a new drive so you can save you files and documents for importing later.
     
  16. rwgreen1173

    rwgreen1173 TS Rookie Topic Starter

    No the problems seem to be gone...
    I didn't run windows repair.. I dont see any issues... so probably will not..

    I think I will just keep the Antivar and Online Armor running and that's it... Does that make sense?

    Also I think I am pretty much done with IE.. :) and make sure I keep JRE up to date I think I was ignoring those alerts.. and might have been the issue.
     
  17. raybay

    raybay TS Evangelist Posts: 7,241   +9

    Antivir and Online Armor are excellent. But you need at least two antispyware programs as well... One of them would best be Spyware Doctor or SpySweeper with the problems you have already had.

    But MalwareBytes and SuperAntispyware are the two best free ones for the investations you have had.

    See the latest Matousec ratings at: http://www.matousec.com/projects/firewall-challenge/results.php
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...