TechSpot

Firefox redirector from antimalware doctor

By JillH
Aug 22, 2010
  1. I got rid of the antimalware doctor, and combofix replaced a corrupted disk.sys but STILL have the browser redirector. When I use CCleaner to get rid of temp files I can browse for a length of time without a problem but it always comes back. Please help.
    Here's all my log files.
     

    Attached Files:

  2. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    Welcome aboard [​IMG]

    Never run Combofix on your own.

    I don't see any AV program running on your computer.

    Download and install ONE of these:
    - Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
    - Avira free antivirus: http://www.free-av.com/en/download/1/avira_antivir_personal__free_antivirus.html
    After installation, run full scan.
    Report on any findings.

    When done...

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.
     
  3. JillH

    JillH TS Rookie Topic Starter

    Thanks for the quick response. I was disconnected from the Internet and had just uninstalled Avast before going back to AVG when I ran the utilities. I've never been without antivirus and last night's scan showed no virus.
    Here is the MBR log.
     

    Attached Files:

  4. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    I apologize for a huge delay.
    Somehow, email notification missed me :)

    Can you post fresh Combofix log?
     
  5. JillH

    JillH TS Rookie Topic Starter

    new combofix log

    No problem, Broni. Here's a new combofix log.
     

    Attached Files:

  6. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    Combofix looks clean.

    Still redirecting?
    If so, can you check, if IE experiences redirection as well?

    Download OTL to your Desktop.

    * Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    * Under the Custom Scan box paste this in:



    netsvcs
    drivers32 /all
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\system32\*.wt
    %systemroot%\system32\*.ruy
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\system32\spool\prtprocs\w32x86\*.tmp
    %systemroot%\*. /mp /s
    /md5start
    /md5stop
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\user32.dll /md5
    %systemroot%\system32\ws2_32.dll /md5
    %systemroot%\system32\ws2help.dll /md5
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs



    * Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  7. JillH

    JillH TS Rookie Topic Starter

    Hi Broni,

    It doesn't appear that IE is redirecting, just Firefox. The log files are too many characters for me to paste so I'm sending them as file attachments.
     

    Attached Files:

  8. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    Please download GooredFix from one of the locations below and save it to your Desktop
    Download Mirror #1
    Download Mirror #2
    • Ensure all Firefox windows are closed.
    • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
    • When prompted to run the scan, click Yes.
    • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).
     
  9. JillH

    JillH TS Rookie Topic Starter

    GooredFix keeps crashing. I tried it in Safe Mode, downloaded another copy of it, and ran it from different folders. As soon as it gets to a folder with AVIs it crashes. Any other suggestions?
     
  10. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    Close Firefox. Go Start>All Programs>Mozilla Firefox, click on Mozilla Firefox (safe mode). Redirected?
     
  11. JillH

    JillH TS Rookie Topic Starter

    Nope, no redirection in Firefox safe mode.
     
  12. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    That means, some of your addons is causing this issue.

    I suspect Zynga Toolbar.
    See, if it's listed in Add\Remove, or/and Firefox>Tools>Add-ons.
    If it's there, uninstall it.
    If not, let me know.
     
  13. JillH

    JillH TS Rookie Topic Starter

    Good try but I had the redirector weeks before the toolbar.
     
  14. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    OK. You'll have to investigate then.

    Start Firefox normally.
    Disable ALL add-ons.
    Restart FF.
    No redirection?
    If so, re-enable 1 add-on.
    Restart FF.
    No redirection?
    Enable next add-on....and so on until you find the culprit.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...