Help Needed - Unintended web page display

Status
Not open for further replies.
F

firozl

Hi,

I am experiencing a typical problem of unwanted pages being displayed when I click links from google search or enter url. It doesn't happen everytime but happens noticeable time.
Yesterday night I typed url www.uscis.gov and some porn site got opened, today morning I typed www.google.com and page not found opened and when I refreshed google.com page opened with search criteria as www.google.com and when I clicked www.google.com link from the search result, the page not found opened. I clicked the back button and it went to some redirect page.
Sometimes when I do a search in google and click the first cople of links, I need to click 3-4 times the same link to open the intended page because for the first 3 times it opens some other redirect page.

Please help and let me whether my system is infected with virus or spywares or what ?
I have Windows defender, spybot and etrust antivirus.

Thanks
Firoz
 
Hello and welcome to Techspot.

Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

If after reading the above, you wish to clean your system, do the following.

Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.

Also, let me know the results of the AVG Antirootkit scan.

Regards Howard :wave: :wave:

This thread is for the use of firozl only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Hi,

I followed the steps and attached are the logs for:
- Hijackthis
- ComboFix
- AVG Antispyware

AVG Antirootkit scan didnot find anything.

Let me know your views from the logs.

Thanks for the help
Firoz

I did a fresh scan of Trend Micro online, after AVG Anti spyware scan, and it finds TROJ_ZLOB.CVK. Even after taking an action to clean, the trojan is still present in the next scan. Please let me know how to remove this.

Thanks
Firoz

FREELOADER_SMITFRAUD and RAP_GENERIC were the Grayware/spywares detected by online TrendMicro scan in addition to TROJ_ZLOB.cvk.

Should I remove both the grayware/spywares ?
 
Don`t remove anything that Trend says yet. Instead, attach the Trend log to your next reply.

Delete all files in AVG Antispyware quarantine.

Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

Post a fresh HJT log as well as the C:\fixwareout\report.txt and the Trend scanner log.

Regards Howard :)

This thread is for the use of firozl only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Please find he logs of FixwareOut and hijackThis. Since TrendMicro scan was online so I don't have log. Please let me know how should I take the log for online scan.

Thanks Howard for all the help.
Firoz
 
Please visit this link http://virusscan.jotti.org/
* Click the Browse... button
* Navigate to the following file C:\Program Files\Rediff Bol\RediffMessenger.exe
* Click Open
* Please let me know the results.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O16 - DPF: {205E7068-6D03-4566-AD06-A146B592FBA5} (Loader Class v2) - http://qualitycenter/qcbin/Spider80.ocx

O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} (Oracle JInitiator 1.1.8.16) - http://yen.vertexinc.com:8022/jinitiator/oajinit.exe

O16 - DPF: {D87BE747-157C-49BD-A392-A68B75A54947} (HotTeleClient Control) - http://www.hottelephone.com/HotTeleClient.CAB

Fix all 017 entries. <These are your hijacker.

Click on the fix checked button.

Close HJT and reboot your computer.

Locate and delete the following bold files and/or directories(if there).

C:\windows\ALCMTR.EXE

Post a fresh HJT log and let me know the results of the Jotti scan.

Regards Howard :)

This thread is for the use of firozl only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Thanks for the help.

After running HJT and deleting specified 04, 09, 016 and 017 entries I restarted the system and didn't found any C:\windows\ALCMTR.EXE but there was C:\windows\Almctr.exe file. I didnot delte it.

Please find below results of Jotti scan:
Scan taken on 09 Apr 2007 21:05:37 (GMT)
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing

Please find attached fresh HJT logs.

Thanks
Firoz
 
Your HJT log is now clean.

Turn off system restore.(XP/ME only) See how HERE.

Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard :)

This thread is for the use of firozl only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Status
Not open for further replies.

Similar threads

Shawn Knight
Google fully discontinues cache links in Search
Replies
9
Views
520
Tinderbox
Tinderbox
midian182
Google's AI-powered search can recommend malicious sites, including scams and malware
Replies
6
Views
138
James Ryan
J
A
New study confirms the obvious, search results are only getting worse
2
Replies
25
Views
473
hahahanoobs
hahahanoobs

Latest posts

Back