Help Needed - Unintended web page display

By firozl
Apr 8, 2007
Topic Status:
Not open for further replies.
  1. Hi,

    I am experiencing a typical problem of unwanted pages being displayed when I click links from google search or enter url. It doesn't happen everytime but happens noticeable time.
    Yesterday night I typed url www.uscis.gov and some porn site got opened, today morning I typed www.google.com and page not found opened and when I refreshed google.com page opened with search criteria as www.google.com and when I clicked www.google.com link from the search result, the page not found opened. I clicked the back button and it went to some redirect page.
    Sometimes when I do a search in google and click the first cople of links, I need to click 3-4 times the same link to open the intended page because for the first 3 times it opens some other redirect page.

    Please help and let me whether my system is infected with virus or spywares or what ?
    I have Windows defender, spybot and etrust antivirus.

    Thanks
    Firoz
  2. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +19

    Hello and welcome to Techspot.

    Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

    If after reading the above, you wish to clean your system, do the following.

    Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

    Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.

    Also, let me know the results of the AVG Antirootkit scan.

    Regards Howard :wave: :wave:

    This thread is for the use of firozl only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  3. firozl

    firozl Newcomer, in training Topic Starter

    Hi,

    I followed the steps and attached are the logs for:
    - Hijackthis
    - ComboFix
    - AVG Antispyware

    AVG Antirootkit scan didnot find anything.

    Let me know your views from the logs.

    Thanks for the help
    Firoz

    I did a fresh scan of Trend Micro online, after AVG Anti spyware scan, and it finds TROJ_ZLOB.CVK. Even after taking an action to clean, the trojan is still present in the next scan. Please let me know how to remove this.

    Thanks
    Firoz

    FREELOADER_SMITFRAUD and RAP_GENERIC were the Grayware/spywares detected by online TrendMicro scan in addition to TROJ_ZLOB.cvk.

    Should I remove both the grayware/spywares ?
  4. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +19

    Don`t remove anything that Trend says yet. Instead, attach the Trend log to your next reply.

    Delete all files in AVG Antispyware quarantine.

    Please download FixWareout from one of these sites:
    http://downloads.subratam.org/Fixwareout.exe
    http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe

    Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
    The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

    Post a fresh HJT log as well as the C:\fixwareout\report.txt and the Trend scanner log.

    Regards Howard :)

    This thread is for the use of firozl only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  5. firozl

    firozl Newcomer, in training Topic Starter

    Please find he logs of FixwareOut and hijackThis. Since TrendMicro scan was online so I don't have log. Please let me know how should I take the log for online scan.

    Thanks Howard for all the help.
    Firoz
  6. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +19

    Please visit this link http://virusscan.jotti.org/
    * Click the Browse... button
    * Navigate to the following file C:\Program Files\Rediff Bol\RediffMessenger.exe
    * Click Open
    * Please let me know the results.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

    O16 - DPF: {205E7068-6D03-4566-AD06-A146B592FBA5} (Loader Class v2) - http://qualitycenter/qcbin/Spider80.ocx

    O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} (Oracle JInitiator 1.1.8.16) - http://yen.vertexinc.com:8022/jinitiator/oajinit.exe

    O16 - DPF: {D87BE747-157C-49BD-A392-A68B75A54947} (HotTeleClient Control) - http://www.hottelephone.com/HotTeleClient.CAB

    Fix all 017 entries. <These are your hijacker.

    Click on the fix checked button.

    Close HJT and reboot your computer.

    Locate and delete the following bold files and/or directories(if there).

    C:\windows\ALCMTR.EXE

    Post a fresh HJT log and let me know the results of the Jotti scan.

    Regards Howard :)

    This thread is for the use of firozl only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  7. firozl

    firozl Newcomer, in training Topic Starter

    Thanks for the help.

    After running HJT and deleting specified 04, 09, 016 and 017 entries I restarted the system and didn't found any C:\windows\ALCMTR.EXE but there was C:\windows\Almctr.exe file. I didnot delte it.

    Please find below results of Jotti scan:
    Scan taken on 09 Apr 2007 21:05:37 (GMT)
    AntiVir Found nothing
    ArcaVir Found nothing
    Avast Found nothing
    AVG Antivirus Found nothing
    BitDefender Found nothing
    ClamAV Found nothing
    Dr.Web Found nothing
    F-Prot Antivirus Found nothing
    F-Secure Anti-Virus Found nothing
    Fortinet Found nothing
    Kaspersky Anti-Virus Found nothing
    NOD32 Found nothing
    Norman Virus Control Found nothing
    Panda Antivirus Found nothing
    Rising Antivirus Found nothing
    VirusBuster Found nothing
    VBA32 Found nothing

    Please find attached fresh HJT logs.

    Thanks
    Firoz
  8. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +19

    Your HJT log is now clean.

    Turn off system restore.(XP/ME only) See how HERE.

    Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.

    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of firozl only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  9. firozl

    firozl Newcomer, in training Topic Starter

    Thank you very much for all the help. Really appreciate that.

    Thanks
    Firoz
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.