TechSpot

Redirects and Framer.S

By rhysjoe
Nov 13, 2008
  1. I am getting redirects on a number of sites and avg is also saying that i have a HTML/Framer.S virus.Have run Spybot S&D and Malwarebytes but am still getting the same problems.The redirects are with both Firefox and IE7.
     
  2. rf6647

    rf6647 TS Maniac Posts: 829

    Welcome to TS. Having said that -This is perplexing.

    This is an unknown - often associated with LOP hacks. Can causes your symptoms.
    212.158.249.5………blacklisted by only 3 lists

    What info do you have about these IPs?
    83.146.21.6 Bulldog, Cable and Wireless Access Ltd
    212.158.249.5, Bulldog Communications Ltd., London

    MBAB & SAS posted & clean. Is there a recent history of infections reported by these tools?

    Assessment - Fix-Check the O17 findings.
     
  3. rhysjoe

    rhysjoe TS Rookie Topic Starter

    Bulldog was my old ISP.HAven't been with them now for nearly 6 months.Should i just delete this ?
     
  4. rf6647

    rf6647 TS Maniac Posts: 829

    Yes, that was my meaning.

    Run HJT, apply checks against O17 entries. Click Fix.

    Restart the computer,

    Re-run HJT. Post back results.

    Monitor for improvements. (hope)


    P.S. I am usually cryptic when I use my 'express' notation. I am a lazy person.
     
  5. rhysjoe

    rhysjoe TS Rookie Topic Starter

    Ok i have done that here is my new HJT log.Posted the wrong log earlier that one is nearly 4 months old.:eek:
     
  6. rf6647

    rf6647 TS Maniac Posts: 829

    The logs are clear. Resume happy computing.

    I infer that the O17 findings were present & corrected with HJT.

    They were the most likely cause of the symptoms. Report if problems persist.

    Two cautions.
    SweetIM is regarded as QUESTIONABLE. User judgement.

    AVG & ZA (your protections) should be sufficient. One post reports that AVG caught a threat (macromed\Flash).
    Source is unknown. Downloaded program files are always risky.
    Be cautious. Especially when offered udates to working programs or plugins.

    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - hxxps://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
     
  7. rhysjoe

    rhysjoe TS Rookie Topic Starter

    Thanks for your reply.Computer runs better now.Applied all ticks to O16 & O17 entries.Also removed sweetim entries and deleted it from the system.

    Thank you for your help!!:D
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...