TechSpot

page not found leads to "semi-porn" pages

By starrkiller
Jun 29, 2007
  1. the problem i have is that whenever i try to go to a page that does not exists, instead of the regular "page not found" message, i get redirected to semi-porn pages like www . daplaces . com.
    it happens on firefox and in internet explorer. is it a known virus? i have all of the antivirus u guys recomend, and i run them all periodicaly, and they are uptdated.

    need a hijackthis log file? or is it a known problem?
     
  2. starrkiller

    starrkiller TS Rookie Topic Starter Posts: 44

    my logfile
     
  3. twite

    twite TechSpot Paladin Posts: 937

    It would probably be best to remove that link.

    There is no reason to post it, as it probably has some kind of malware embedded in it.
     
  4. kitty500cat

    kitty500cat TS Evangelist Posts: 2,154   +6

    I can't see anything particularly nasty in your HJT log, but you could be infected with a rootkit, which would hide the infection.

    As twite said, you should remove the link. We don't want anybody else getting infected.

    Very important: Before deciding whether to clean or reformat your system, read this thread and decide what you want to do.

    If you decide to clean your system after reading the above thread, do the following.

    Go and read the Viruses/spyware/malware, preliminary removal instructions. Follow all the instructions exactly.

    Post fresh HJT, ComboFix, and AVG Antispyware logs as attachments into this thread, only after doing the above. Also post here the results of the AVG Antirootkit scan.

    Regards :)

    This thread is for the use of starrkiller only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and the Web forum.
     
  5. tomrca

    tomrca TS Rookie Posts: 1,000

    your lopg looks clean but you check to see if yoou can identify the ip Nos in the log. it is probably wise to do a scan for adware with adaware se and avg antispyware. or go TO THIS LOCATION and do a full cleanup, using fixes combo and vundu
     
  6. starrkiller

    starrkiller TS Rookie Topic Starter Posts: 44

    i did that, forgot to post the logfiles
    here they go. i didnt save the avg antispyware log, will do so and send it to u
     
  7. momok

    momok TS Rookie Posts: 2,265

    Hi,

    Please post the requested logfiles and we'll be able to help you better. (ComboFix, AVG Antispyware, HijackThis v2)


    Regards,
    Your friendly momok =)

    This thread is for the use of starrkiller only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  8. starrkiller

    starrkiller TS Rookie Topic Starter Posts: 44

    i didnt touch my comp all weekend, so here they go now.
     
  9. jobeard

    jobeard TS Ambassador Posts: 9,330   +622

    oops; we're all chasing a redharring here.

    ANYTIME a webserver fails to find the requested page and begins the internal
    processing to create the "Error 404, Page Not Found" result, you are at the mercy
    of the webmaster. The are those that customize the 404 error page and
    substitute some site specific results, or as in this case, randomize a url to
    someone's site who PAYS to have there content presented.

    This really stinks, but many ISPs will sell this to advertizers.

    There's NOTHING wrong with your system what-so-ever :)
     
  10. starrkiller

    starrkiller TS Rookie Topic Starter Posts: 44

    nice to know my system is in good health.

    the strange thing about this problem is that i get internet access trough a network, and other people on that network get the usual "error 404, page not found", only i get redirected to other pages.
     
  11. jobeard

    jobeard TS Ambassador Posts: 9,330   +622

    The network per say is not the issue, but the specific webserver you were attempting
    to contact. If 'neighbor joe' accesses the same url that you do and he gets the
    404 Page Not Found but you get the redirection, then my explanation is NOT applicable! :confused:
     
  12. starrkiller

    starrkiller TS Rookie Topic Starter Posts: 44

    u are right, i just did a test, going to www.asdfghjkl.com and we all get redirected to the same page.

    so now i know the problem, and it is a small one, but i would like to get rid of it. do u know of any application that might avoid the redirection?

    thanks again for all your help, the work u guys do, and for free, is amazing.

    ps: just nitpicking, but "per say" is "per se" a latin expression.
     
  13. jobeard

    jobeard TS Ambassador Posts: 9,330   +622

    >ps: just nitpicking, but "per say" is "per se" a latin expression.

    sheeez! no coffee in the house -- gota get to the market! :)
     
  14. momok

    momok TS Rookie Posts: 2,265

    Hi,

    You have still not posted your HijackThis log.

    Download the attached "Combofix-Do.txt" (from my attachment) and save it to the same folder as Combofix.
    Drag the Combofix-Do.txt that you downloaded earlier over on to Combofix.exe and release.

    This will ask Combofix to execute the instructions within my file. Let Combofix run normally and do its job. Attach the resultant log in your reply.

    Thereafter, please post a fresh HJT log from normal mode as an attachment into this thread.

    Regards,
    Your friendly momok =)

    This thread is for the use of starrkiller only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  15. starrkiller

    starrkiller TS Rookie Topic Starter Posts: 44

    here they go,

    just found this thread- http://www.techspot.com/vb/topic65150.html where someone had the same problem and solved it with "fixwareout". where can i get the program, and is it safe?

    Edited by Moderator: No need for a double post if there are no replies between your current post and the last post, unless bumping the thread. In that case, please wait at least 24 hours before doing so. Otherwise, simply use the "Edit post" button instead.
     
  16. momok

    momok TS Rookie Posts: 2,265

    Hi,

    I wouldn't recommend you follow what the user in that post did. He did not even complete the cleaning instructions. Often times, infections have other files hidden away and can't just be cleaned with a simple program.

    On the brighter side, your logs are looking clean now. Do you still face any re-direct problems?


    Regards,
    Your friendly momok =)

    This thread is for the use of starrkiller only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  17. starrkiller

    starrkiller TS Rookie Topic Starter Posts: 44

    i still have the redirect problem, but i am trying to ignore it since it is not malicious.

    thanks again for all your help
     
  18. momok

    momok TS Rookie Posts: 2,265

    Hi,

    Let's do a more thorough check on your folders. Browse through the following folders and let me know their contents, and whether you used them, what you use them for and if you were responsible for their creation.

    C:\Program Files\MegaSpoof
    C:\Program Files\CCP

    Also, please download this file HERE.
    Open it, and extract the Hosts file into this folder:

    C:\WINDOWS\SYSTEM32\DRIVERS\ETC

    Note: it goes into the ETC folder, not a folder of its own in the ETC folder.
    When prompted to replace your hosts file, click Yes.

    Let me know if you still face redirects after the hosts file replacement.


    Regards,
    Your friendly momok =)

    This thread is for the use of starrkiller only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  19. starrkiller

    starrkiller TS Rookie Topic Starter Posts: 44

    megaspoof is a empty folder, from a pron program, i erased it (i had the redirect problem long before the program was on my comp)
    ccp is the folder of a game "EVE online"
    i had already replaced the "host" file last week. i replaced it again by yours, but i think it is the same file.

    can i had sites to the host file? now i get redirected to "http:// guide.opendns.com/", can i had its url to the file? like this "127.0.0.1 guide.opendns.com"

    edit: i was seeing my blog now, and guessing why the hit counters weren't working, and i discovered they where blocked by the host file. the entries have [IE-SpyAd] after them. does that mean that they are only bad for Internet explorer?
    i mean, i like to see the stats, and if its just some light spyware, i dont mind much, i just want to be sure nothing really bad can come from those sites.
     
  20. jobeard

    jobeard TS Ambassador Posts: 9,330   +622

    ANYTHING in the host file will be denied.

    If you think you want to trust one or more of them, just edit the file and remove it.
     
  21. momok

    momok TS Rookie Posts: 2,265

    Hi,

    Are you still getting the redirects?

    Regards,
    You friendly momok =)
     
  22. starrkiller

    starrkiller TS Rookie Topic Starter Posts: 44

    i am not getting them anymore, but that is because i added the page i got redirected to lately to the host file.
    when that page changes i guess i will be redirected again.
    then i will had that page to the host file and so on.
    do u think knowing those adresses could be usefull for the guy that compiles the host file? i could send them to him.
     
  23. momok

    momok TS Rookie Posts: 2,265

    Hi,

    I do not personally know him, and their site does not include any contact for such purposes. Perhaps you could try contacting the webmaster through the link right at the bottom of this page HERe.

    Quite frankly your problem bewilders me a little since your logs look clean.

    I'd like you to download the Autoruns programme from HERE. When the programme runs, click options and make sure the "Hide Microsoft Entries" is ticked. Click the file menu and select refresh. Click the save icon and save the Autoruns log to wherever you want.

    Attach the Autoruns log here.

    Also, download and run the Blacklight programme. follow all the instructions carefully.

    Let me know the results of the scan.


    Regards,
    Your friendly momok =)

    This thread is for the use of starrkiller only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  24. tomrca

    tomrca TS Rookie Posts: 1,000

    C:\Program Files\Steam\Steam.exe. i have found that it usually operates like this, c:\programme\valve\steam\ .could there be a bug in that? (its for gamers with an im installed)
     
  25. momok

    momok TS Rookie Posts: 2,265

    Hi,

    Actually both paths are applicable. Even if there was a bug, it wouldn't explain the redirects, unless it was a trojan/virus/worm masquerading as a legit program. If so, it would be the first time I've seen anything like that though. In any case, just to be on the safe side,

    starrkiller:

    Please visit this link http://virusscan.jotti.org/

    Click the Browse... button and navigate to the following file:

    C:\Program Files\Steam\Steam.exe
    Click Open.


    Regards,
    Your friendly momok =)

    This thread is for the use of starrkiller only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...